Install ConfigMgr 2012 SP1 CU1 for clients during OSD
In this blog post I’ll cover the necessary steps in order to have your OS deployment process incorporate the newly released ConfigMgr 2012 SP1 CU1 update. As with the CU1 update, new packages for upgrading the client is being created by the installation wizard. If you’d like more information about deploying those packages to your already managed systems, see this blog post.
- Create a Hotfixes folder and share it
- Copy the CU1 contents the Hotfixes folder
- Modify your Task Sequence
Create a Hotfixes folder and share it
The purpose of this shared folder is to use it during your OS deployment phase in the Setup windows and ConfigMgr step. If you’re familiar with the folder structure of the network share\\siteserver\SMS_<site_code>, you know that there’s a folder called hotfix. I’m not a fan of changing the permissions for this share, since we’d need to give Domain Computers Change permissions to the share and NTFS Modify permissions in order to utilize the CU1 patch during OS deployment. So instead I’ve chosen to create a separate folder. In my environment I’ve created E:\Hotfixes.
1. Determine a good place to create your folder. I’ve chosen E:\Hotfixes.
2. Right click on the folder and choose Properties.
3. Go to the Sharing tab and click on Advanced Sharing.
4. Enable sharing by checking Share this folder.
5. Click on Permissions.
6. Change so that Everyone has Full Control, Change and Read permissions. Click OK until you get back to the Hotfixes Properties window.
7. Go to the Security tab and click on Advanced. Click on Change Permissions.
8. Click Add and type Domain Computers in the Select User, Computer, Service Account, or Group window. Click OK.
9. Make sure Apply to refers to This folder, subfolders and files. Check the following permissions:
Traverse folder / execute file
List folder / read data
Read extended attributes
Create files / write data
Create folders / append data
Write extended attributes
10. Click OK until you’ll get back to the Hotfixes Properties windows. Click Close.
If you’re really concerned about the security of your network shares, you could give the least amount of permissions by testing what works and not. The error you’ll receive during the installation phase of the client isMSI Error 1635. The client.msi.log will show Unable to create a temp copy of patch. When I tested to install this patch during my OS deployment, I found that it would not work if I only gave Domain Computers the Read permissions.
Copy the CU1 contents the Hotfixes folder
1. Browse to C:\Program Files\Microsoft Configuration Manager\hotfix.
2. Copy the folder called KB2817245.
3. Browse to E:\Hotfixes and paste the copied folder.
The Hotfixes share is now prepared for using during OS deployment.
Modify your Task Sequence
1. Navigate to Software Library, Operating Systems and then Task Sequences.
2. Locate your Task Sequence used in your deployment process, right click and click Edit.
3. Go down and select the Setup windows and ConfigMgr step.
4. In the Installation properties field, append your current configuration with the following:
5. Click OK.
That’s it! If you’d like to verify that the patch actually got installed when the OS deployment has finished, go to the Control Panel and open Configuration Manager. The version displayed under the General tab should be 5.00.7804.1202.
Principal Consultant and Enterprise Mobility MVP since 2016. Nickolaj has been in the IT industry for the past 10 years specializing in Enterprise Mobility and Security, Windows devices and deployments including automation. Currently working for TrueSec as a Principal Consultant. Awarded as PowerShell Hero in 2015 by the community for his script and tools contributions. Creator of ConfigMgr Prerequisites Tool, ConfigMgr OSD FrontEnd, ConfigMgr WebService to name a few. Frequent speaker at conferences and user groups.