Well, even Microsoft now believes that installing hundreds of individual updates is a bit much, so instead of releasing a much deserved SP2 for Windows 7, they released a "Convenience Rollup Update" which should install about 200 or more updates in one. I'm not sure about the number of updates this is supposed to cover, but I heard that after installing this rollup (and its prerequisite) WU doesn't offer that many updates. This rollup update is also available for Server 2008 R2 SP1. Don't forget that you'll need to install/integrate that "update to Windows Update" as well (can be done from WU itself in the case of making updated images via VM and sysprep). I don't think it will help much with install.wim size in the case of offline integration or sysprep'd images, as I've tried to just install WU-only updates (which are far fewer than getting ALL updates as I normally do -- the latter running into the 500's of updates) and the .wim size didn't really go down any. But I bet this rollup will install a lot faster than installing individual updates even with an automated script, though I haven't tried it yet. The Hotfix Share has KB3125574 download links in their x86 and x64 threads.
I was trying this out in a VM (to sysprep and capture later) and it seems the prerequisite update KB3020369 can give problems. Some people get stuck in "Stage 3 of 3" during the update process, while others have the indefinite "Searching for updates on this computer" when they try to run it. I had the latter and let it run for over 10 minutes, and then couldn't even cancel it. So I logged off and logged back in, then ran it again and it installed right away. So there is something about that update that tends to get stuck at first, but it's possible to install it. After that I installed platform update KB2670838, after which I installed the rollup KB3125574. The latter only took a few minutes (before reboot), so much better than loose updates installed via script. I think the best update order is this: 1. KB3020369 / Prerequisite 2. KB2670838 / Platform Update 3. KB3125574 / Convenience Rollup 4. IE11 (normally requires prerequisite update of its own, now covered by 3125574) 5. Run WU (or figure out which updates are needed for offline integration) If you're using sysprep and VM (rather than offline integration) you could install the offline-only updates KB2603229 and KB3046269.
After installing this Rollup Update, its prerequisites, and IE11 and its prereqs and updates, I was showing under 60 updates in WU. "Important" updates were around 25 and likewise for "Optional". Under Optional updates, they were still offering about 6 of the Win10 upgrade/telemetry type updates. Keep in mind that KB3125574 itself contains some telemetry updates, namely kb's: 3068708, 3075249, 3080149. I think it's just going to have to become customary to remove CEIP and telemetry related features and/or updates via NTLite or something, if you really want to be safe. The rollup update definitely helps cut the time it takes to create an updated image, that much is true. Updates WU offered after installing the Rollup update KB3125574, its prereqs, and IE11. (Installed KB3156417* manually as well.) [*KB3156417 is the first of the new type of nonsecurity patches after the post-2016-rollup (3125574) update.] WU offered the following updates: ::Important:: KB2900986 (activex killbits ) KB2446710 (.net 3.5.1) KB2478662 (.net 3.5.1) KB2894844 (.net 3.5.1) KB2667402 KB2676562 KB2698365 KB2813347 KB2862330 KB2984972 KB3004375 KB3031432 KB3059317 KB3123479 KB3145739 KB3150220 KB3153171 KB3153199 KB3155178 KB3156013 KB3156016 KB3156017 KB3156019 KB3138612 KB3153731 KB976932 ^^ about 110mb to download ^^ Note that several other updates get offered under *Important*, like Malicious Software Removal Tool, Defender definition update, the WAT update (KB971033). These updates I always set to "hide" and I don't install them. ::Optional:: KB2685811 (Kernel-Mode Driver Framework v1.11) KB2685813 (User-Mode Driver Framework v1.11) KB2545698 (text in some fonts blurred in IE) KB2547666 (cannot delete long URLs from the browsing history in IE) * KB2574819 (Remote Desktop Protocol (RDP) 8.0 update) * KB2592687 (Remote Desktop Protocol (RDP) 8.0 update) KB2729094 (An update for the Segoe UI symbol font) KB2732059 (You cannot open an .oxps file) KB2750841 (An IPv6 readiness update) KB2761217 (add the Calibri Light and Calibri Light Italic fonts) KB2773072 (Update changes the game rating systems) * KB2830477 (Update for RemoteApp and Desktop Connections feature) KB2834140 ("0x00000050" Stop error after you install update 2670838) KB2919469 (Canada country code is incorrect) * KB2952664 ***(Win10 -- Compatibility update for upgrading)*** KB2970228 (support the new currency symbol for the Russian ruble) KB3006137 (changes currency symbol of Lithuania from litas (Lt) to euro (€)) * KB3021917 ***(Win10 --Update to Windows 7 SP1 for performance improvements)*** * KB3035583 ***(Win10 -- Update installs 'Get Windows 10' app)*** * KB3068708 ***(Win10 -- Update for customer experience and diagnostic telemetry)*** * KB3080149 ***(Win10 -- Update for customer experience and diagnostic telemetry)*** KB3102429 (support Azerbaijani Manat and Georgian Lari currency symbols) KB3118401 (Update for Universal C Runtime) * KB3123862 ***(Win10 -- Updated capabilities to upgrade)*** KB3139923 (MSI repair doesn't work when MSI source is installed on HTTP share) KB3140245 (Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP) The updates with a * in front of them should be avoided (unless you want the Win10 upgrade or use RDP). If you install KB2574819, KB2592687, or 2830477 (RDP updates) it triggers more RDP updates to be offered under *Important* and/or *Optional* updates. So better not install those RDP and RemoteApp updates at all unless needed -- hide those and then WU shouldn't offer any more. If you install all RDP updates you may end up having to install around 8 different RDP updates through multiple WU runs and reboots so unless you use RDP better hide those updates in WU. Note that some versions of .NET Framework 4.5 or 4.6 may get offered under Optional updates as well. Since I normally use installer repacks to install these I also hide those updates. ^^ around 60mb to download ^^ After you've installed these (and hid the ones you don't want to install) Windows will list only around 60 installed updates. Kind of nice to see when in the past I've had 575 updates.
Oh yeah, Win7 Pro x64 install.wim about 800mb smaller in size than my monstrous "most-updated-image-ever-approach" images from before. With this new Rollup update as a basis I think I'm going to change my strategy and just make "shut-up-WU-as-much-and-as-quickly-as-possible" images from now on. In the past, when I tried to make WU-only updated images (no scripts, only run WU in VM) the install.wim's were still over 4gb. Now on the image I just captured, with VC Runtimes and .NET Framework 4.6.1 installed on it, the fully updated install.wim is only 3.35gb. I just ran NTLite on the install.wim, only to remove some WinSxS duplicates and Update backups (sealing updates) and sure enough, it looks like the new Rollup update pretty much achieves the same result already, as the 3.35gb image only got reduced to 3.24gb (normally those procedures take off 500-800mb off an image). So there is not much use to sealing the updates with NTLite at this stage because doing that will will not allow you to uninstall those updates in the future. So it looks like MS did a pretty good job on this and it will make updated Win7 images a little more viable for the years to come.
Thanks for sharing all this information and your results, I really haven't use a Win 7 PC in many years, so I've not needed to make myself a OS mod, only about 3 people have requested I update a Win 7, but I know the value Win 7 has and if Win 10 went pear shaped for my own use I'd be straight back to needing a mod of it again, the way I see it is this is the only way I can keep Microsoft on the straight and narrow path and not force them to act by continuing to use/support Win 10 even though I don't have a need for it's features) - I am very happy with Win 7's feature set and none of Win 10 gets in my way (except Windows Defender and Runtime Broker which I disable as much of these as I can), there is no way I would bother modding Win 10 as it's constantly changing and by turning anything off I am 100% sure it would break - unlike Win 7 which is made to function/update without being a complete install, Win 10 constantly turns things back on after a MS update, drives me batty when I can't disable the Security warnings, but if I were to abandon Win 10, I wouldn't be able to have a say in what needs improving/fixing and to me that is more important than it not getting in my way like win xp and 7 can as there will be a day Win 7 will not cut it and I don't want to limit progress by being stuck in the past unable to evolve myself.
I do appreciate people pummeling Microsoft about Windows 8-10. This way, I can continue to use a good Windows version (7) until they finally come around and make Windows good to use again, and I really won't have missed anything One thing that will suck is if/when I want to build a new PC and use those m2 drives and Win7 can't see them and doing hoops to get over that. But otherwise I will probably run Win7 until 2020 or later
