If you “burned” a Windows 10 or Server edition ISO onto a thumb drive (for example using Rufus or the Microsoft media creation tool), or if you just have an install.wim on a network share that you want to refresh with a monthly cumulative update, here’s a quick way to do it.
In this scenario I am using a thumb drive containing Windows Server 2016 (1607) mounted on drive D:\.
1. Use your favorite browse and head to https://www.catalog.update.microsoft.com
2. Type the YYYY-MM and an OS version keyword into the search box, for example “2018-07 Windows 10 1709.”
3. Find the cumulative update for the processor architecture you need, and hit Download.
4. The Download box will pop open, click the link to start the download.
5. Open up Powershell as an administrator.
6. Take a look at the indexes stored in the install.wim. Server 2016 and Windows 10 1709, for example, have several. Which one do you want to update?
Get-WindowsImage -imagepath D:\sources\install.wim
Notice the 4 indexes. I want to update index 2, ‘Windows Server 2016 SERVERSTANDARD.’
7. Extract the version you’re updating to a new WIM file:
Export-WindowsImage -SourceImagePath D:\Sources\install.wim -SourceName "Windows Server 2016 SERVERSTANDARD" -DestinationImagePath C:\2016STD\install.wim
NOTE: You can technically skip this step and move on to mounting the image directly from the source media. In the next step, you’d have to specify the desired index value to mount. Changes will only apply to that index. I recommend doing the export because it preserves the original WIM.
8. Mount the image to a local folder. Wait a bit for this to finish.
Mount-WindowsImage -ImagePath C:\2016STD\install.wim -Index 1 -Path C:\Mount -Optimize
9. Add the cumulative update package. Change the name of the .MSU to match yours. When you get to the ‘Windows10’ part of the path, hit tab to resolve the $env:userprofile path and the full name of the .MSU file, rather than typing it. Or just rename the file.
WATCH OUT for prerequisites, like the May 2018 servicing stack update for Server 2016. This bit me when I originally prepared this blog post. See my follow up post for more. If you miss a prerequisite, the cumulative update will not be added, even if it looks like it completed. Be suspicious if the progress bar goes to 100% very quickly.
Add-WindowsPackage -PackagePath "$env:userprofile\downloads\windows10.0-kb4346877-x64_374c04ab4fce5134b8c95faab72be4e527c86824.msu" -Path C:\Mount
BONUS! If you want to add the .NET Framework 3.x to the image, run this command while it’s mounted:
Add-WindowsPackage -PackagePath D:\sources\sxs\microsoft-windows-netfx3-ondemand-package.cab -Path C:\Mount
Also, it’s probably obvious that you can add any other packages you want using the same commands
11. Save the image and dismount it.
Dismount-WindowsImage -path C:\Mount -Save
12. If you want to preserve the original install.wim with all of the original indexes, rename the original or make a copy of it somewhere.
13. Copy the updated install.wim back to the source, either your network folder or thumb drive. You’re done!
After you install an OS from your image, run WINVER to verify the build number.
Epilogue: Cleanup the Image
Before dismounting, note that you can “seal” the updates into the WIM file by running some additional commands through DISM directly. The above PowerShell makes use of the DISM module, but the developers did not add the clean-image commands as described in my previous blog post. Once you do this, you cannot remove any of the injected updates, but the WIM file will become as small as possible.
Dism /Image:"C:\Mount" /Cleanup-Image /StartComponentCleanup /ResetBase