I’ve been revisiting my MDT process as I wanted to try and use Windows Update to get drivers during deployment - by itself this is not a problem, I can just remove the
WSUSServer=http://wsus:8530 configuration from the CustomSettings.ini.
However as the device is added to the domain, Group Policy will configure the device to use the local WSUS for updates, this is desired as I still want to use WSUS for future updates, but I want to use Windows Update during deployment. I’ve a few options here:
Move Domain Join to later in the Task Sequence, after Windows Update
I could have done this, however some of the custom scripts might need the domain and it seems like a huge change in the process which could possibly cause more problems.
Always ensure that the computer account is created in an OU without the WSUS GPO enabled on it, or for existing accounts ensure the account is moved or deleted
This is a small task but it has time consuming repercussions if not done or forgotten about. The move could be scripted or something similar, but again it’s a time consuming task for a quick configuration change.
This is what I settled on, at least for now: In the Task Sequence, just before the Windows Update items, delete the registry keys that configure the device to use the local WSUS. Without these it will check Windows Update for updates and drivers. I wrote a short .bat script to delete the registry keys.
In the Task Sequence I created two items:
You should set “Continue on error” on the items, at least the second one as otherwise the Task Sequence will fail due to the script failing to remove the registry entries that may no longer exist. I’ve only tested this on a couple of newer devices, they both had a lot of drivers missing and required a few reboots during the update/driver installation process, but it appeared to work. I apologise for the hastily thrown together post, but hopefully this might help someone else.