It does appear to be very messy. Every time I deal with "newer" versions of Windows I'm reminded why I don't use them. (An old Win 9x diehard here.. and XP is still my daily driver. And I thought building slipstreamed versions of Windows 9x by hand was difficult...)
I dont see any mention of nvme drivers in post no1, only garlin's suggestion, hmm.
It is relevant to your situation and for anyone esle building a final w7 image.
"Preview version?" I saw that terminology used and wondered what that was supposed to mean, especially since 9602 is much smaller in size and I thought "there's no way everything that's in the larger package is in the smaller one..."
So, if I understand correctly: KB4539601 supersedes both KB4534310 and KB4539602 and neither of the latter will show up on WU if the former is used?
Preview in this context means "next month's rollup, previewed one month early". This allows orgs to perform QA testing before they commit to updating. The idea is the preview rolls over and becomes the next monthly release -- barring any nasty bug reports. While the functionality is the same, the actual bits will vary slightly due to repackaging.
9601 is preview of Feb, which supersedes 4310 (Jan). 9602 is mostly the wallpaper fix (29MB vs 9601's 314MB).
I've been sending my builds to WU to check for updates mainly just for investigative purposes. While it's nice to show everything "satisfied," I never allow any of my machines to "auto update" and probably would never even send them to WU, preferring to hand pick, download, and install such things manually.
Given that all that remains now for 7 is ESU, and from what I read those cannot be "integrated" anyway, I'm inclined to be more concerned with avoiding redundancy rather than satisfying WU...
Just shove them all in and let ntlite sort them out. If i cant report bug or request a new removal, nuhi hasnt stopped support for w7 yet and if this is any indicator he did semi recently add limited support for vista.
You should be doing that anyway as w7 is EOL, add all required nets and c++'s, Enable/Disable Features as required. Do a final capture when ESU's end next year.
To explain this better... 9601 is equivalent to 4310 & 9602 bundled.
The monthly and monthly preview are released simultaneously. They created 9602 to backport fixes to 4310.
To explain this better... 9601 is equivalent to 4310 & 9602 bundled.
The monthly and monthly preview are released simultaneously. They created 9602 to backport fixes to 4310.
OK, went back and started from scratch again using my optionals + your EoL List (note a couple of minor changes).
KB917607 - Windows Help 32-bit Compatibility Update
KB943790 - File Management API Extensions For BitLocker
KB958559 - Windows Virtual PC
KB958830 - Remote Server Administration Tools
KB969168 - Microsoft Agent
KB970985 - Remote Administration Tools For Windows Media Services
KB974150 - Windows NTBackup Utility
KB974405 - Windows Identity Foundation
KB974674 - Windows NTBackup Restore Utility
KB975541 - AD LDS Feature
KB981390 - Windows Server Update Services Best Practices Analyzer
KB981392 - Application Server Best Practices Analyzer
KB2386667 - Application Server Best Practices Analyzer Rules Revision
KB2462137 - AD MMC & ADAC Country Update
KB2539513 - Repadmin Indefinate Query
KB2574819 - Support for Datagram Transport Layer Security (DTLS)
KB2589154 - AD MMC RODC Update
KB2592687 - Remote Desktop Protocol (RDP) 8.0
KB2647644 - AD Certificate Use Issuer Update
KB2666914 - DirectAccess Connectivity Assistant 2.0
KB2790338 - AD FS Update Rollup 3
KB2790621 - Windows Server Essentials Connector
KB2830477 - Remote Desktop Connection (RDC) 8.1 client
KB2891638 - Work Folders For Windows
KB2959936 - Embedded Lockdown Manager Feature Set Update
KB2984972 - Remote Desktop Protocol (RDP) 7.1 update
KB3012660 - Unable to install Security Update KB2853587
KB3020388 - Security update for Remote Desktop Connection 8.1
KB3075220 - Security Update for RDP 7.1
KB3075226 - Security update for RDP 8.1
KB3138612 - Windows Update Agent
So it looks like everything has been successfully handled WU-wise except .NET 4.8, Edge (if I decide to fool with it), and KB2603229 which also can't be integrated normally.
Time to collect anything else update-wise that can be integrated without special handling...
Anything I should know about these.. anything superseded?
KB2818604 - AMD Microcode Update
KB3064209 - Intel Microcode Update
KB4072650 - Hyper-V Integration Components Update
Saw KB2864202 (Security Update for KMDF v1.11) mentioned in regard to the backported USB3 driver; is this superseded or already part of another rollup?
Time to look through all the other things WSUS Offline downloaded...
*Update on one of the things I mentioned earlier. With regard to making integrated updates "non Uninstall-able" - I believe it should be possible to do this based on using the information in this blog post in reverse to modify the update manifests. Would be a nice touch to add to "Custom clean update backup" if it's not too hard to implement. nuhi "The XML attribute permanency="permanent" quotes an update as not uninstallable, while a missing attribute or an XML attribut value permanency="removable" quotes an update as uninstallable."
3552 is a weird fellow. You can't integrate it; but NTLite has special handling and silently moves 3552 to be executed as the final command in Post-Setup.
This part is controversial, because some people claimed the microcode updates broke their systems. And additionally, the updates were limited to a subset of later CPU models. The better solution would be upgrading your microcode thru BIOS updates.
Plus W7 was going away soon, and MS wanted to use this feature gap as a W10 upgrade "carrot".
Saw KB2864202 (Security Update for KMDF v1.11) mentioned in regard to the backported USB3 driver; is this superseded or already part of another rollup?
*Update on one of the things I mentioned earlier. With regard to making integrated updates "non Uninstall-able" - I believe it should be possible to do this based on using the information in this blog post in reverse to modify the update manifests. Would be a nice touch to add to "Custom clean update backup" if it's not too hard to implement.
KMDF v1.11 is an optional driver framework. What some folks do is shoehorn W8 drivers into W7, using KMDF.
Works for some people, depends on the driver.
3552 is a weird fellow. You can't integrate it; but NTLite has special handling and silently moves 3552 to be executed as the final command in Post-Setup.
This part is controversial, because some people claimed the microcode updates broke their systems. And additionally, the updates were limited to a subset of later CPU models. The better solution would be upgrading your microcode thru BIOS updates.
Plus W7 was going away soon, and MS wanted to use this feature gap as a W10 upgrade "carrot".
I'm not sure what exactly a microcode update does anyway, but AFAIK one would have to have proper BIOS support for their CPU to begin with, regardless of what Windows does.
Probably not very important unless there's some issue on certain CPUs when not having it, such as high usage, overheating, etc etc.
Is this what MS actually used to "block" newer CPUs from WU or is that hidden somewhere else?
KMDF v1.11 is an optional driver framework. What some folks do is shoehorn W8 drivers into W7, using KMDF.
Works for some people, depends on the driver.
Ah yes, backporting fun. Been there with older WDM-framework drivers on the older Windows.
Just how reliable is that particular bit of information provided by the Update Catalog?
Because...
A very long list of updates that WSUS Offline Update downloaded for Windows 7 when I ran it have no information in that field... seemingly indicating they are not superseded. I checked the whole list, collecting the .MSU packages to go along with the .CABs downloaded by WSUS, and marking those that did show as being replaced. As one gets higher in KB numbers, many of them appear to be "rollups" - and I assume most of these are indeed properly superseded by the next month's rollup (and the final one) even though the Update Catalog does not report this. But there are still several updates in the KB2xxxxxx and KB 3xxxxxx range that leave one to wonder...
Not sure what to do next other than try to dig up info on these... In the old days one could just crack open an update with WinRAR or 7-Zip, check the versions of the updated files against those installed, read the .INF file that controlled the update, and know what was going on and whether or not the files were actually newer than the ones you have... now it's not so simple.
I guess it depends on what one considers "useful." This is a cosmetic issue, so not "useful" as in "changes anything that matters" - but it would be a nice "polished touch."
Our knollybods can confirm or deny this, cpu microcode updates are microcode updates only. WU blocking on certain cpu's is in an update or in multiple updates and just get skipped if the blocker is already installed. WU uses .msu but cab file updates are handled by dism and you can installed cab files that would be blocked if they were msu files.
Ran WUMT on a VM install of my "Pass 2" ISO; WUMT "succeeded with errors" and offers KB4519108, KB4579503 (ESU prep package), and 3x MSRT versions.
KB4519108 is a rollup also downloaded by WSUS Offline update (which I assume is superseded); more below on WSUS files.
KB4519108 - DST changes in Windows for Norfolk Island and Fiji Island: October 2019 (optional)
KB4579503 - Keep only if you're considering the abbodi ESU
MSRT is re-released every month with an updated malware signature definition. Don't bother including it in your image, WU will always provide the latest (well until Jan 2023).
I'm not sure what exactly a microcode update does anyway, but AFAIK one would have to have proper BIOS support for their CPU to begin with, regardless of what Windows does.
This was MS' knee-jerk attempt at Meltdown/Spectre mitigation while waiting for Intel/OEM's to catch up. It was very early ("something is better than nothing") and didn't age well. If you want to disable their microcode update (for performance reasons on older CPUs):
A very long list of updates that WSUS Offline Update downloaded for Windows 7 when I ran it have no information in that field... seemingly indicating they are not superseded. I checked the whole list, collecting the .MSU packages to go along with the .CABs downloaded by WSUS, and marking those that did show as being replaced. As one gets higher in KB numbers, many of them appear to be "rollups" - and I assume most of these are indeed properly superseded by the next month's rollup (and the final one) even though the Update Catalog does not report this. But there are still several updates in the KB2xxxxxx and KB 3xxxxxx range that leave one to wonder...
WU purged all KB's classified as hotfixes when W7 was EOL'ed. Some fixes rolled over into the CU, but the majority were never explained as superseded or not. Most up-to-date users have never complained about the missing KB's (except for NVME).
There's a crap load of historical knowledge which hasn't aged well, especially in the last two years before EOL. People moved on to W10 by then, and lost interest. Best answer is testing your build.
And I've not even attempted yet to examine all of the files WSUS Offline Update downloaded for Windows 7 when I ran it, or how they fit (or don't fit) into the context of what I've already done
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
.
