Last Updated on April 7, 2012 by Dave Farquhar
Normally, after you install any version of Windows, you have a ton of patching to do. And that patching takes as long, or longer, than the installation takes, while leaving the system vulnerable to exploits in the meantime. Slipstreaming your hotfixes into your installation media sidesteps those issues, and reduces fragmentation. You get a faster performing system, you get the system up and running a lot sooner, and you save a lot of unnecessary writes to your SSD.
So I wholeheartedly recommend slipstreaming.
Slipstreaming SP1 into Windows 7 media isn’t officially supported, so I suggest you start by downloading a Windows 7 SP1 ISO image.
Then, go grab the MSU for Internet Explorer 9. After all, if you’re going to have IE installed, it might as well be IE9, since IE8 isn’t going to be supported forever. Download the appropriate version from one of the links below.
Save (or move or copy) the IE9 MSU and all the downloaded updates into a directory named patches. Be sure to copy the IE9 file into the directory first, so that it will get processed before the IE9 updates do.
Hopefully you have one Windows 7 system already running to do the rest of the work with. If you want to slipstream 64-bit Windows, you’ll need a 64-bit system. If you don’t have one, do a crash build using the installation media you have. Don’t bother updating it, installing any more drivers than you absolutely need, or activating it. Install to an old hard drive if you’re trying to save SSD writes.
Now extract the file sources\install.win out of the Windows 7 SP1 ISO you downloaded using your favorite extraction tool (I like 7-Zip because it’s free; if you prefer WinRAR, that works too).
Copy your patches directory and install.wim into a directory on an NTFS volume. Open an administrative command prompt, change to that directory, and run the following command:
dism.exe /get-wiminfo /wimfile:install.wim
Note the index number of the version of Windows you’re going to be installing.
Copy and paste the following six lines into a file named update.bat. Change the number in line 2 in boldface to match the index number you got from running dism.
MD %~dp0WIN7
Dism.exe /Mount-Wim /WimFile:%~dp0install.wim /Index:2 /MountDir:%~dp0WIN7
Dism.exe /image:%~dp0WIN7 /Add-Package /PackagePath:"%~dp0patches"
Dism.exe /image:%~dp0WIN7 /Get-Packages | more
pause
Dism.exe /Unmount-Wim /MountDir:%~dp0WIN7 /commit
Now run update.bat and sit back and wait. How long it takes will depend on the speed of your CPU and your disk and how many updates there are.
Finally, format a USB thumb drive and copy all the Windows 7 files over from your ISO image except for install.wim. Then copy over your patched install.wim. Now you can use that USB drive to make pristine, pre-patched Windows 7 builds.
And the good news is, any time you need to update, all you have to do is copy the additional patches into the patches directory and run update.bat again. Update.bat will skip any previously installed or superseded updates. Then you can just copy the re-patched install.wim into place.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
You can download all msu files (post SP1) using Windows Updates Downloader (http://www.windowsupdatesdownloader.com/) and an update list linked to at this forum: (http://www.msfn.org/board/topic/139877-post-sp1-updates-for-windows-7-updated-27042011/). Unless you meant there’s no MS provided way to easily download msu files.
Thanks for that tip. I updated the post accordingly.