In a recent post about ConfigMgr 2012 Application Installation Failures, I discussed applying the hotfix described in KB2522623 during a build and capture task sequence to resolve access denied error for untrusted clients for Install Application tasks.
As a follow-up, the brilliant, Quiet Shy Guy just IMed me and asked whether you could use offline servicing to add this hotfix to an image offline. I didn’t know for sure but assumed that you could. After some a very small amount of work, I confirmed that yes this update was a CBS based update and can easily be added to an image offline. Running DISM with the /Get-Packages option after I added the update to an offline image quickly verifies this:
For detailed information, running DISM with the /Get-PackageInfo option returns the following:
The logical follow-up question is should you add this update to an image offline? That definitely depends upon your image management model but if you are using the offline updates feature of 2012 for maintaining your images, then this absolutely makes sense to do.
Unfortunately, 2522623 isn’t available via the WU/MU catalog so you have to do this manually. You can’t use SCUP either to get this hotfix into ConfigMgr because WSUS doesn’t handle .MSU updates. Note that although you can indirectly import the update using SCUP by wrapping it in an EXE, this won’t allow it to be used by offline servicing in ConfigMgr 2012 so this doesn’t help for this scenario.
For those not familiar, offline servicing was introduced with Windows Vista and enables you to add packages like hotfixes to operating systems that are offline. For hotfixes, these must be Component-Based Servicing (CBS) enabled/capable hotfixes. Offline Servicing is described on TechNet: Service an Offline Image.
The exact steps to follow for adding a hotfix to an image offline are outlined in numerous places on the web including this post by Brandon Linton: How to Offline Patch a .WIM image using DISM.