Microsoft has released a second version of the Offline Virtual Machine Servicing Tool. This tool allows you to apply security patches to virtual machines that are not running. This new version adds support for:
- Virtual Machine Manager 2008
- Windows Server 2008
- ConfigMgr 2007 SP1
- ConfigMgr 2007 R2
- WSUS 3.0 SP1
This solution allows you to secure your templates in you libraries or powered off-virtual machines. This mitigates the risks associated with:
Deploying templates that are likely otherwise out of date and insecure. It takes a lot of time to manually deploy a template machine, update it and convert it back to a template again. This solution automates the process.
- Some machines that are virtualised don’t get powered up very often. This means that they are a risk to power up on the network if they have missed security updates. Offline servicing allows you to automatically resolve this issue.
This product works with VMM 2007 (for Virtual Server only) and VMM 2008. You can download it from here.
I talked about using this to work with sysprepped images. I’ve done some reading and this does not appear to be one of the scenarios where the offline servicing tool works. How does it work? It moves an offline machine from the library to a host. The updates are applied and then the machine is shut down before being returned to the library. It is clear that this is only to be used on VM’s that are rarely occasionally powered up and are kept in the library when not deployed.