Master Images – Patch or Die


The headline might seem a bit dramatic, but it’s true. Failing to patch and upgrade your Master Image(s) could in a worst case scenario take down your entire organization.

I’ve written quite some blog post lately covering Intune, but in a RDSH environment (independent of vendor) there’s currently no support. All my customers are using my Automation Framework, but there’s scenarios where it’s not plausible to completely reinstall the Master Image(s). For example, the customer have Prod / Dev / Test images and the line of business (LoB) vendor remotes in to configure and test a new version of their software.

After 23 years in this industry there’s two products I cannot live without, PatchMyPC (SCCM / Intune) and PDQ Deploy. In this post I’m going to show you how to automatically patch and upgrade your Citrix Master Image(s) using PDQ Deploy, but again this process applies to whatever vendor product running on a Non-Persistent RDSH environment.


I have a huge repository of install scripts on my Github leveraging the Evergreen PowerShell module for silent installations. When using these script you don’t need to check Include Entire Directory because the script itself will run and download the required software automatically. The check box is only required when you have an already downloaded EXE, MSI or an XML file used by Office 365.

PDQ Deploy has a Package Library, but it’s rather basic IMHO.

Below is an example of a Package for Multi Session Patching using Nested Packages and my Evergreen scripts as the source. Nested Packages means we are pointing to an existing Package, and you can make changes to all of the packages without breaking anything in the Master. PDQ Deploy allow for scheduling, so by running this on a weekly basis you’ll make sure your system is patched and up to date.


From time to time you’ll want to upgrade the RDSH vendors agent version. In this example we’re going to use Citrix VDA and WEM.

The steps are pointing to a nested package of each component that we want to upgrade. The secret sauce here is the VDA cleanup utility with Success code of 0,1 on Step 2 / 4 and Success code of 0 on step 6.

Step 8 is pointing to a nested package using VDAServerSetup_2112.exe instead of the ISO. The reason is quite simple, when you select Include Entire Directory whatever version folder in that location will be copied locally on the target. You can find the update install script here.

That’s it. It’s very easy and it works every time.


Automation Framework Community Edition

The fastest way to build your lab environment.

Virtual Expo

Friday 25th of March 2022

Leave a Comment