The Offline Servicing for custom Windows images feature in Configuration Manager 2012 allows you to install Software Updates offline, like described in an earlier blog. From the Configuration Manager 2012 there is no option to remove installed the software update. But there is a way, let’s see if it the right way;)

If we go back to the future we always could use tools like DISM or Imagex to change captured WIM images. Now that imagex has been replaced by DISM, let’s have a look how this works and if it is the right way to do this. The Software Updates are installed via the Offline Servicing feature in Configuration Manager 2012, but under the hood Configuration Manager is using DISM to modify the image. When looking at a logfile at the Site Server after an offline servicing process is finished you see in the DISM.log what changes are made to the custom WIM image. You can find the log file at the following location; c:windowslogsdism .

So if the DISM tool is used, then we must be able to remove Software Updates from the WIM image without rebuilding the image. Let’s see how and if this works. For this blog I installed Security Update KB2705219 with the offline servicing feature like shown in the figure below.

Installed Software Updates via Offline Servicing

The process to remove the software update from the WIM image will have the following steps:

  1. Mount the WIM image
  2. Gather the name of the software update (package)
  3. Remove the software update
  4. Un-mount and commit the WIM image.

Mounting the image is easy and done with a command like this;

dism.exe /mount-wim:d:PackagesourceOSDWIMwin7x64.wim /index:1 /mountdir:d:wim-image

After mounting time image you can get a list with software updates installed in the image by executing the following command:

Dism.exe /image:d:wim-image /get-package

Get a list of installed updates via DISM

Update visible via DISM.exe

In the figure above you see that the Software Update is listed as follows: Package_for_KB2705219~31bf3856ad364e35~amd64~~

Looking at the figure you see that the update is marked as an Install Pending state. If you are installing a software update in an offline image with offline servicing, the package state is “install pending” because of pending online actions. In other words, the software update will normally be installed when the image is booted.

Next step would be to remove the Software Update package by executing the following command;

Dism.exe /image:d:wim-image /remove-package /packagename:Package_for_KB2705219~31bf3856ad364e35~amd64~~

Dismount and commit the WIM image

After a while the update is removed and you can commit and unmounts the WIM image. Next you should update the distribution points and test the changed image.

When looking at the Configuration Manager 2012 console you will notice that the Software Update is still listed when looking at the installed updates on the object of the updated custom image. This is probably because this information is gathered from the database and not from the image itself. Adding another update to the image will rebuild the list, the installed or not required update is just added.

My conclusion is that is you want to be able to see the truly installed software updates you should be use the old, by the offline servicing feature, backuped WIM image or run a new Build and Capture task sequence to create a brand new image without the software update.

In a develop- and test environment you can use the DISM option to quickly test the image without the software update. In production environments I will use the build and capture option as long as you are not able to remove the Software Update from the WIM image.

So what do you think? Is an option to be able to remove an update from a custom WIM image a welcome future feature, or is rebuilding the image the best way?