Good Evening,
As I’m coming closer to creating my own customized installation image of Win7 (x64, SP1), there are still question marks in my head regarding which windows updates are the most essential/important/base updates I should integrate into my customized image. First of all, these are the drivers I want to integrate with DISM:
- canonkong’s/PatrickK’s modified USB 3.0 drivers for Z390 chipsets
- Microsoft NVMe hotfixes/generic drivers for NVMe-SSDs
- perhaps also iGPU drivers for Coffee Lake-CPUs
- uefiseven in order to achieve a pure UEFI install of Win7
This time, I also want to integrate the most important/essential updates for Win7. These are the ones, that come to my mind:
[UPDATED! 23/10/2020:]
[I <b>*do not*</b> intend to integrate the "Windows 7 Convenience Rollup" (the so-called "Win7 SP2"), because it likely contains a lot of nagware/spyware/other unwanted updates cloaked between the useful/necessary ones…]
- Platform Update for Windows 7 (KB2670838)
- Security Update for Windows 7 (KB2758857)
- Update for Microsoft Windows (KB4019990)
- Windows Management Framework 5.1 (KB3191566) (requires .NET Framework 4.5.2 to be installed/integrated first!) [You better skip this one/install it AFTER successfully installing W7 and then .NET FW 4.5.2 !]
- Update for Clean Manager for Windows 7 (KB2852386)
- SHA-2 code signing update for Windows 7 (KB4474419)
- Security Stack Update for Windows 7 (March 2019) (KB4490628*)
- Security Stack Update for Windows 7 (December 2019) (KB4531786*) [UPDATE: likely obsolete, because it DOES have the March 2019 SSU KB4490628 as a prerequisite - so, go straight for KB4536952!]
- Security Stack Update for Windows 7 (January 2020) (KB4536952*) (install AFTER KB4490628 !)
All the updates in this list, but in particular the latter 4 WUs (KB4474419 and downwards) need to be installed exactly in the same order as shown in the list!
* = This/These SSU(s) are either a prerequisite for the SHA-2 code signing update (KB4474419) or KB4474419 itself is the prerequisite for these SSU - though, it is very likely that the latter is the case! (KB4474419 comes first) Try out either install order until you find the order that works…
Anything else, that isn’t on my mind yet? (only the most important/essential ones, please!)
And in which order should the above-mentioned WUs get integrated? Or does it not matter when servicing an offline image intended only for windows installation?
Thanks,
AZ
I’m afraid you are wrong on this one, AZ
attempting to install the KB4531786 update without first installing the older KB4490628 update results in a weird error message and will abort (aka. fail to install) because KB4531786 is SHA-2 signed only - I tested this myself on a bunch of old Win7 PCs.
the KB4490628 update is still a necessary update as it is NOT superseded/replaced by the newer servicing stack updates
I’m afraid you are wrong on this one, AZ
attempting to install the KB4531786 update without first installing the older KB4490628 update results in a weird error message and will abort (aka. fail to install) because KB4531786 is SHA-2 signed only - I tested this myself on a bunch of old Win7 PCs.
the KB4490628 update is still a necessary update as it is NOT superseded/replaced by the newer servicing stack updates
You are very right - I figured that out myself before even noticing your reply, lol! (But Thanks anyway!
)I just updated and corrected the list in my starting post - among the corrections is also my mistake that you’ve pointed out
Edit: Of course, there are many more very important updates for Win7, but these ones (in my starting post) are the most important, I guess - unfortunately, it is not possible (or very difficult) to integrate .NET Framework packages into an offline Windows image, because only .msu and .cab files are eligible for offline integration
(correct me, if I’m wrong…)So far by my side - but anyone can feel free to supplement!
AZ
Simplix Pack is great for live installs, but for reinstalls I really prefer Integrate7.