NOTE: This KB will be kept up to date with patches known to require multiple restarts.
To address it we made several changes to our process.
- Each month we visit that KB to see if new ones show up.
- These OSD unfriendly patches were moved to a focused Software Update Group called 'OSD Excluded Updates'
- 'OSD Excluded Updates' are advertised to all systems and not the 'Unknown Computers' Collection used by Deployments.
- Inject these troublesome updates via DISM to quarterly WIM.
For obtaining the patches, the Microsoft Update Catalog is the best place as you just enter the KB and download .MSU files for the relevant Operating System, nothing to extract. It will download each update to a sub folder so if you use the above script you'll need to put all the relevant updates in the same folder, 'Windows 7 X86' for example.
While at the Update Catalog site, if you click on the update and select the 'Package Details' tab and it will tell you what that patch replaces or is replaced by it. Or check via ConfigMgr.. Basically, each of these troublesome patches will be replaced eventually by another one and you may not have to use DISM to inject it and instead let the SUP step(s) install it. I like to have the deployment to include everything vs letting production advertisements apply it after handing the asset to a user so we chose to inject it to our quarterly WIM.