Install Third Party Software Updates during TS Install Software Updates step
Currently (v1806 or later) Third Party Software Updates are not being installed during the Install Software Updates step in a Task Sequence.
Ideally third party software updates should be installed just like regular updates during the Task Sequence. A machine should be fully patched (secure and end-user ready) when it leaves the deployment bench.
Jay Gingras commented
Yes! Please add :)
Jeremiah Abbott commented
I would like to see a version of this as well. I imagine having additional options added onto the Install Software Updates Task Sequence Step's settings pane:
- A Check-Box to enable/disable 3rd Party Updates on the step; (sets the Local Publisher local policy/registry values)
- A box to browse to, and select your code signing certificate, or an option to use/generate a Self-Signed certificate as ConfigMgr is currently doing in version 1806+ on fully-provisioned systems.
Markus B commented
We don't need those updates during OSD, but' I've seen certificate trust errors within the "Install Updates" step lately.
It might be required to deploy the WSUS signing certificate during OSD befor Installing updates, as the PKI GPO will not be applied.