You have Windows 7 images that are rebuilt quarterly and sported to System Center 2012
Configuration Manager.
The Microsoft Deployment Toolkit (MDT) 2012 is integrated with Configuration Manager.
You need to reduce the network security risks when the images are deployed by using Operating
System Deployment (OSD).
What should you do? (Choose all that Apply.)
A.
After the Apply Operating System Image task sequence step, add a step to install software
updates offline.
B.
Before the Apply Operating System image task sequence step, add a step to install Deployment
Imaging Servicing and Management (DISM).
C.
After the installation of the final Application, add an Install Software Updates task sequence step.
D.
After the Apply Operating System Image task sequence step, add a Run Command line step that
runs wuauclt.exe /detectnow
E.
Before the Apply Operating System image task sequence step, add a step to install the Windows
Automated Installation Kit (Windows AIK).
Explanation:
http://blogs.technet.com/b/inside_osd/archive/2011/04/18/configuration-manager-2012-offlineservicing-foroperating-system-images.aspx
Configuration Manager 2012: Offline Servicing for Operating System Images
In Configuration Manager 2012 there is a new feature for applying updates to operating system
images while they are in the Configuration Manager library. This means any operating system image
you see in the Operating Systems > Operating Systems Images node from the Software Library
wunderbar can be updated with Component Based Servicing (CBS) updates. By updating an image in
the Software Library instead of performing a new build and capture of the operating system image
you will gain a few distinct advantages. You will be able to reduce the risk of vulnerabilities during
operating system deployments and reduce the overall operating system deployment to the end user.
You will also reduce the administrative effort to maintain your operating system images.
The feature is applicable for Component Based Servicing (CBS) updates and for the following
operating systems:
Microsoft Windows Vista SP2 and later
Microsoft Windows Server 2008 SP2 and later
Microsoft Windows 7 RTM
Microsoft Windows 2008 R2
http://technet.microsoft.com/en-us/library/hh846237.aspx
Task Sequence Steps in Configuration ManagerThe following task sequence steps can be added to a System Center 2012 Configuration Manager
task sequence:
Install Software Updates
Use the Install Software Updates task sequence step to install software updates on the destination
computer. The destination computer is not evaluated for applicable software updates until this task
sequence step runs. At that time, the destination computer is evaluated for software updates like
any other Configuration Manager-managed client. In particular, this step installs only the software
updates that are targeted to collections of which the computer is currently a member.
This task sequence step runs only in a standard operating system. It does not run in Windows PE.
Further information:
http://technet.microsoft.com/en-us/library/hh824821.aspx
Deployment Image Servicing and Management (DISM) Technical Reference
Deployment Image Servicing and Management (DISM) is a command-line tool that is used to mount
and service Windows® images before deployment. You can use DISM image management
commands to mount, and get information about, Windows image (.wim) files or virtual hard disks
(VHD) and to capture, split, and otherwise manage .wim files.
wuauclt.exe /detectnow
The detectnow switch will force a relatively immediate query to the WSUS server to see if there are
any updates that are needed. If there are, the yellow shield will appear in the system tray. This is
usually pretty quick, within 20-30 seconds.
http://technet.microsoft.com/en-us/library/cc748933%28v=ws.10%29.aspx
Windows Automated Installation Kit (Windows AIK)
The Windows Automated Installation Kit (Windows AIK) is designed to help original equipment
manufacturers
(OEMs), system builders, and corporate IT professionals deploy Windows onto new hardware. The
Windows
AIK is a set of deployment tools supporting the latest release of Windows.
AC or AD?
Agree, depends if wsus is setup with SCCM, ACD… C better than D but if not set D works fine. If it is security during image it is only A .