Windows 10 has been out since 2015 and is now the most used Windows operating system. Windows 7 was the most used for several years but is no longer supported due to its decade long support cycle ending. That means there are no more security updates unless you are a business willing to pay a fee. Many Windows 7 users simply do not want to upgrade because the operating system is stable and does everything they want.
Despite its popularity, the last Windows 7 Service Pack 1 install DVD was released way back in 2011. If you install Windows from one of those discs, there are dozens of patches and hotfixes found when you check for updates. Rather belatedly, Microsoft tried to reduce this problem by releasing the Convenience Rollup update in April 2016 which includes 123 patches. But even that is not enough and it still leaves the system requiring dozens more patches to get fully up to date.
Instead of getting everything through Windows update, a quicker way is installing patches from an offline source such as a USB flash drive or hard drive. This is faster but still takes time. A better option is to integrate all the updates into the Windows media so they are installed as part of the original operating system. Windows XP has a popular tool called nLite to do this, Vista has its own version called vLite which doesn’t work too well with Windows 7 Service Pack 1.
Here we’ll show you how to integrate the Convenience Rollup Update and all the other required Windows 7 updates into a Windows 7 install disc. That includes Internet Explorer 11 and newer .NET Framework versions. This means minimal updates are required from the start and Windows doesn’t become bloated with hundreds of separate updates before you even start to use it. The process is quite easy once you’ve gone through it once or twice.
Downloading the Required Windows 7 Updates
The first thing you need is obviously a copy of all the Windows updates to integrate into the install media. For this purpose, we are using the Windows Updates Downloader (WUD) tool. Sadly the WUD Windows update lists have not been touched since 2015 and the project appears to be pretty much abandoned. However, with a custom third party update list it’s still one of the easiest programs to use for downloading updates and hotfixes from Microsoft.
1. Download Windows Updates Downloader (version 2.50) and install the program.
2. Download the following update list to match your 32-bit or 64-bit Windows 7 install media. The below update lists have been created by Raymond.cc and include required patches and hotfixes from Microsoft to the stated date.
Note that these update lists will be the final version as they include the last patches released by Microsoft before the end of support (any bugs or errors will be fixed). Optional update KB4493132 might be offered for download during an update check. This is the Windows 7 end of support popup nag which is not required. Just ignore or hide the update.
These lists do not contain all available Microsoft patches but those that will bring a standard system up to date in accordance with Windows Update. One exception is the definitions for Windows Defender. Double click the downloaded ULZ file to import the list to the WUD program.
Note: If you don’t get a popup saying the ULZ file has been imported, for some reason your system has not been correctly configured to recognize the .ULZ filetype. The .ULZ is actually a renamed ZIP file containing a .UL file which is an XML file. To manually import the update list, extract the .ULZ file with an archiver such as 7-Zip and copy the .UL file to the following location:
C:\Users\[username]\AppData\Local\Supremus Corporation\Windows Updates Downloader
When WUD is run the list should now be present in the drop down.
3. Open the WUD program, click Change to choose the download folder for the updates and make sure the Update List in the drop down is for Windows 7 SP1 x86 or x64. To get your Windows 7 up to date with patches and hotfixes download everything in all sections apart from Optional Software. Click Check all and uncheck Optional Updates if you don’t want anything from that section. The total download is around 1.7GB for 64-bit and 1GB for 32-bit.
Optional Software contains the Malicious Software Removal Tool and the latest .NET Framework with hotfixes. Expand the section to check what you want. They are not essential but fulfill the requirement inside Windows Update. Silverlight and Virtual PC are entirely optional and will not be required by most people. Click Download when you’ve selected the required files.
The list is split into a few categories so you can choose not to install patches containing telemetry or Remote Desktop etc. They can be manually hidden from inside Windows Update after checking for updates. If you want to install the 2016 Convenience Rollup update and just security patches, you can simply choose the required sections.
Integrate The Updates Into The Windows 7 Media
Now you have the updates ready, they can be integrated into the media. The developer of nLite and vLite has another tool called NTLite that does a similar thing but works on windows 7, 8.1 and 10. NTLite has a shareware version so not all options are available in the free version, but the needed integration functions can be used.
1. First and foremost you need a Windows 7 Service Pack 1 DVD or ISO image to hand. If you don’t have one you can download an official Windows 7 SP1 ISO which can be burned to DVD or written to USB later.
3. Download NTLite and install it (a portable mode is available during install). On the first launch select the free license and press OK
4. In the NTLite window click the Add button and browse to the folder you extracted/copied in step 2, click Select Folder. Windows 7 will then show in the Source list.
5. Select the operating system in the list you want to integrate the updates into and press Load. The program will extract the Install.WIM to the NTLite Temp folder. The operating system will show as Loaded with a green icon and a number of options will be available down the left side of the window. Click Updates in the Integrate section.
6. Click the arrow below the Add button and choose Folders and subfolders found packages, then browse to the folder you saved the downloaded updates to earlier and click Select Folder. After a few seconds, the list will be populated with all the updates to integrate. If you also downloaded some optional software an “Unreadable or unsupported file” error will pop up, just ignore it.
Alternatively, you can drag and drop individual folders onto the window or select them via the Add button. Don’t add the Optional software folder to avoid being shown the error. No matter how you add the updates, NTLite is smart enough to reorganize everything into the correct order for integration.
Note that if a couple of updates (KB3125574 and the current security rollup near the bottom) show in red, ignore it. This appears to be a small issue with NTLite as it asks for Service Pack 1 to be in the update list even though it’s already present on the install DVD (assuming you have an SP1 DVD/ISO).
If you don’t want to install the optional software of the Malicious Software Removal Tool, .NET Framework and Virtual XP etc, you can now begin the task of starting the integration process. If you do want to add them, go to the section on page 2 about adding optional extras. Then return here and continue with step 7. You can also integrate the updates first and add the extras later.
7. Click the Apply button, check the Create ISO box and choose the save location and file name for the ISO image file. Press the green Process button and wait for the integration to finish.
How long the whole thing takes depends a great deal on the speed of your system’s drives. A fast system with an SSD could finish in under an hour, a low spec desktop or laptop will take several hours longer.
Tip: The whole integration process can be sped up massively by using an SSD or even a RAM disk if you have 16GB+ of memory. NTLite defaults to the Windows Temp folder to store its files which is usually on the C drive. If not already, it would be a good idea to go to File > Settings and change the “Temporary directory” and especially the “Scratch directory” to a folder on an SSD or RAM disk. Put these folders on the fastest drive your system has with at least 10GB of free space.
With a check of Windows Update, you can see we only have a few updates left, Some of them can be removed by adding optional updates like .NET and the MSRT. That would leave us with only Windows Defender definitions. Do be aware that you still might have hardware drivers and any other updates which are region or language specific to download, but the vast majority are now already installed.
Special Note About the Final Windows Rollup Update
With the final January 2020 Rollup update (KB4534310), Microsoft has seen fit to show a nag screen on all consumer Windows 7 machines. This informs you about the end of support and recommends upgrading to Windows 10. You have to interact with this screen before continuing by pressing “Don’t remind me again”. That should stop the nag appearing anymore but as it’s Microsoft, you can never be sure.
Although it’s only a mouse click, if you don’t want to see this window after installing from an integrated install media, a few extra steps are required.
1. Download our EOSNotify_Del.bat file. During the Windows final setup phase, it will rename the EOSNotify.exe that installs to System32 and remove the two scheduled tasks that run the executable at certain trigger points.
2. After step 6 in the NTLite integration guide above, go to the Post-Setup window. Drag and drop the BAT file onto the window.
3. Continue with the integration process by moving onto step 7. The End of Support Notification executable is controlled with a registry value and the two tasks, the method we have chosen to use will remove the chance of the executable running, either by mistake or by design.
Read how to add the optional updates, how to update all Windows 7 editions in the image, hiding updates and fitting the media onto DVD on page 2.