bjosoren's IT-Tech blog

IT-Tech blog about different tried and tested solutions based on vmware, microsoft, linux and more tips and tricks

VMware Horizon – MDT and WSUS

Release date: October 4th 2022

Welcome to my VMware Horizon series. I’ve previously shown how to use MS MDT to create VMware Horizon Golden Templates, Automate Template Creation & Maintenance. I also want to use MDT and WSUS to create updated and patched Horizon golden templates, but getting this to work wasn’t exactly self-explanatory. Therefore I have shown below the settings that get the job done in my Lab.

First of all, as my templates aren’t domain-joined, they wont get GPO settings from AD, and therefore wont know where and when to fetch updates and which updates to download/install. To remedy this I first create a group and an Auto-Approval rule.

Next, I define the WSUSServer setting in CustomSettings.ini. It is important that this port, 8530, is open to allow traffic from non-domain sources in the Windows Firewall on the WSUS Server.

As shown above, I will be using client-side targeting to update my templates using the auto-approve rule I defined in WSUS. Therefore, I define a task sequence variable as show below. I will also need to adjust the Windows Update script.

I add in the if-statement show below which creates the necessary registry settings.

If oEnvironment.Item("WSUSGroup") <> "" then
	oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup", oEnvironment.Item("WSUSGroup"), "REG_SZ"
	oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroupEnabled", 00000001, "REG_DWORD"
End if

In my earlier tests, I saw that updates from WSUS that required internet, was skipped and not installed. To remedy this, I had to add the registry setting below, using my task sequence.

REG ADD HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate /v DoNotConnectToWindowsUpdateInternetLocations /t REG_DWORD /d 100

With these settings applied, my VMware Horizon Templates are now patched from WSUS as part of the MDT Deployment process, nice and tidy.

VMware Horizon planning, deployment etc.

Official VMware Horizon 8 Documentation

Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: