Windows 10 Image Maintenance & Cleanup

Note – If you are viewing this page on a mobile device some embedded code may not display, switch your mobile browser to desktop mode. 

Since the release of the cumulative update model, managing Windows updates has become a much simpler process. Updates are typically released broadly to enterprise devices monthly after they have gone through a targeted testing phase. In addition to updating exiting machines, it is just as important to maintain the Windows 10 image file (also known as .WIM) so freshly built machines have the latest updates as soon as they are deployed. Before Windows 10 it was common for companies to utilise a ‘build and capture’ process to create a ‘gold’ reference image containing customisations, applications, middleware and updates. While this scenario is still supported with Windows 10 (and required in some cases, usually due to troublesome applications) it is no longer the preferred method.

Typically, Windows WIM files are updated within ConfigMgr via the ‘Schedule Updates’ wizard. Using this method will ensure the WIM has the latest applicable updates. There are a couple of downsides of using this process.

  1. Windows 10 (from version 1709) WIM files now have all Windows 10 SKU’s included. Each update must ‘apply’ against each index, this causes the schedule updates process to take a significant amount of time (example below).1
  2. The schedule updates wizard performs no clean-up operations on the serviced image. The lack of clean-up combined with the multi indexed WIM will bloat the size of the WIM. After a few months of servicing this way, its not uncommon for the image to be triple its original size.

The downloaded Windows 10 media from Microsoft (via the Volume Licensing Service Centre) will come as an ISO. This ISO contains Windows 10 setup binaries, including the install.wim file (within sources directory). The setup binaries (including the install.wim) are used during in-place upgrades. Traditional OS deployment (bare-metal/replace) only relies on the install.wim. ConfigMgr references these two methods separately within the console.

OS Deployment Images are found within:

\Software Library\Overview\Operating Systems\Operating System Images

Upgrade packages are found within:

\Software Library\Overview\Operating Systems\Operating System Upgrade Packages


The process outlined below will ensure that the WIM is serviced correctly with monthly updates, all while keeping the size as small as possible. Some steps in the process should be repeated monthly after the business has accepted that months updates into circulation (broad deployment).

In the steps below, you will:

  • Download the Windows 10 Media
  • Create a folder structure for the master WIM, in-place and bare-metal scenarios for each month
  • Export the Enterprise WIM from the install.wim (the stock install.wim contains all SKU’s)
  • Mount the Enterprise WIM and update it with monthly updates (May 2018 in this example)
  • Clean up the image (removing unnecessary files)
  • Import the in-place and bare-metal files to ConfigMgr.

At the end of the process image sizes will vary month to month. Results from May 2018 are listed below.

Stage Size
Orignial (unmodified) install.wim 3.9GB
Patched May 2018 install.wim (enterprise only index) 4.6GB
Patched and cleaned image 3.7GB

In summary, the final patched image size for May 2018 turns out smaller than the stock Windows 10 image downloaded from the VLSC.

Download Media

Log in to the Volume Licensing Service Centre and download the latest media for Windows 10. This example will refer to Windows 10 1803 released in March 2018 (Mar18).

Create Directories

Create a folder structure.


  • March18-Master: Contains the downloaded and extracted Windows 10 media. The install.wim in the sources folder will have its enterprise index exported.
  • May18-BareMetal: Contains the patched and cleaned up install.wim for May 2018.
  • May18InPlace: Contains the Windows setup binaries (copied from March18-Master) and a copy of the patched, cleaned up wim. This file will be identical to the one in the *-BareMetal folder.
  • Offline: Blank folder to store the mounted image.

 Export the Enterprise Image

Launch the Deployment and Imaging Tools Environment on your ConfigMgr server.


This tool is included within the Windows ADK and includes an up to date version of DISM. As always you should be using the latest version of DISM to match the OS version you are servicing.

Export the Windows 10 Enterprise image from the install.wim within the March18-Master\sources folder. The Windows 10 enterprise image is located at Index 3.

Dism /Export-Image /SourceImageFile:"E:\Source\OS\Windows10\EN 1803\March18-Master\sources\install.wim" /SourceIndex:3 /DestinationImageFile:"E:\Source\OS\Windows10\EN 1803\install.wim

view raw


hosted with ❤ by GitHub


You can verify that you have the correct index by using the following command.

Dism /Get-ImageInfo /ImageFile:"E:\Source\OS\Windows10\EN 1803\install.wim

view raw


hosted with ❤ by GitHub

Once verified make a copy of of the exported install.wim and replace it with the multi-index wim in the March18-Master\Sources folder. This exported enterprise WIM will be referenced each month by the rest of the process.  The WIM in the March18-Master folder will not be referenced again in this process.

Mount the Image

Mount the Enterprise WIM. You will notice the command is now referencing index:1 as this is now the only index available. The image will be mounted to the previously created Offline folder.

Dism /Mount-Image /ImageFile:"E:\Source\OS\Windows10\EN 1803\install.wim" /Index:1 /MountDir:"E:\Source\OS\Windows10\EN 1803\offline" /Optimize

view raw


hosted with ❤ by GitHub


Prepare Updates

Updates are now ready to be added to the offline (mounted) image. The update binaries can either be downloaded from the Windows Update catalog online directly or downloaded via ConfigMgr. The updates applied to the image will also be deployed (or should have been already) to existing workstations therefore its more practical to get these updates from your ConfigMgr update deployment package.

Locate your updates applicable to the month you are servicing. The following updates were downloaded for May 2018.

Note – It is important to consider the Windows 10 servicing stack updates. In some cases servicing stack updates must be applied before attempting to install a cumulative update.  This post by David Segura outlines servicing stack updates (SSU). Have a read of David’s post and apply the SSU with the below process.


The updates were downloaded to the deployment package located on the site server.


Inject the Updates

Updates can now be injected into the offline image. The following commands show examples of adding a single update or multiple updates. You can also verify the updates have applied successfully.

Dism /Add-Package /Image:"E:\Source\OS\Windows10\EN 1803\offline" /PackagePath="E:\Source\Updates\Windows 10 1803\937c715f-a49e-4480-8b0c-e8f417e15164\"

view raw


hosted with ❤ by GitHub


Dism /Add-Package /Image:"E:\Source\OS\Windows10\EN 1803\offline" /PackagePath="E:\Source\Updates\Windows 10 1803\af8d9d4c-a4e9-4435-b08e-9f93d8d2b2b0\" /PackagePath="E:\Source\Updates\Windows 10 1803\df72c532-6259-4c38-9dba-0d952760b50c\"

view raw


hosted with ❤ by GitHub


Dism /Image:"E:\Source\OS\Windows10\EN 1803\Offline" /Get-Packages /Format:Table

view raw


hosted with ❤ by GitHub


Clean Up Image

It is now time to clean up the image. Using the /ResetBase switch with the /StartComponentCleanup parameter of DISM.exe removes unnecessary files from the component store. The clean up operation will take some time to complete.

Dism /Image:"E:\Source\OS\Windows10\EN 1803\offline" /Cleanup-Image /StartComponentCleanup /ResetBase

view raw


hosted with ❤ by GitHub


Unmount the Image

Unmount the image. The process will unmount the image from the Offline folder.

Dism /Unmount-Image /MountDir:"E:\Source\OS\Windows10\EN 1803\offline" /Commit

view raw


hosted with ❤ by GitHub


Export the Image

Export the image into either the May18-BareMetal folder. Once exported this file should be copied to the May18-InPlace\sources folder and replace the install.wim within this folder. When you modify an image, DISM stores additional resource files that increase the overall size of the image. Exporting the image will remove unnecessary resource files.

Dism /Export-Image /SourceImageFile:"E:\Source\OS\Windows10\EN 1803\install.wim" /SourceIndex:1 /DestinationImageFile:"E:\Source\OS\Windows10\EN 1803\May18-BareMetal\install.wim"

view raw


hosted with ❤ by GitHub


Delete the old image

Delete the image from the root of the ‘EN 1803’ folder.

del "E:\Source\OS\Windows10\EN 1803\install.wim"

view raw


hosted with ❤ by GitHub


Import into ConfigMgr

Import the serviced in-place and bare-metal images into ConfigMgr.

Import the bare-metal image.


Name the image with a reference to the patch date.



Import the Operating System Upgrade Package.


Additional Information

After deploying the new serviced image, run the ‘get-hotfix’ PowerShell command to verify updates have applied as expected.

For information on DISM commands available please see the following link.

The process outlined above should be repeated each month after that months updates are accepted into broad deployment. Create the folders to match the month you are servicing and import and distribute in ConfigMgr. After importing make sure you modify your task sequences for bare-metal and in-place to use the new images.


My friend Steve Jones over on the WinAdmins Slack has put together a script to automate some of the process.

If you aren’t a member of our Slack, you really should be, there are thousands of like minded individuals hanging out from all over the world, you may even see some of our friendly MVP’s pop in once in a while. . Head over to to join.Once you have your invite head to the channel –





8 thoughts on “Windows 10 Image Maintenance & Cleanup

  1. Very nice. I was able to trim a couple hundred MB off the WIM size, as indicated. More importantly, I trimmed 6 minutes (27%) off my deployment time, because I’m no longer injecting the latest cumulative at deployment time.


    1. I should say that I’m doing build and capture, not deploying CUs to endpoints. I’m not that crazy.


      1. I can’t seem to reply to your comment, Dan, but oh well… I wouldn’t say that I *need* to capture anything. That’s what led me to this blog. B&C is one of those things that’s been in place a long time, it’s automated (MDT + WDS + Hyper-V + PowerShell), and it doesn’t cause any work for anyone but one person (me), and that’s very little work. So, it gets very little attention. Now, since I’m the me that has to do this work, I always look at better ways. Since our Windows 7 image is basically dead, it’s a good time for a process review.


  2. Dan. First and foremost, great article, thank you. Have a question about importing the Operating System Image into SCCM. I have recently injected the September 17, 2018—KB4464217 CU into my 1709 wim. The OS Build version is 16299.666, after importing my newly updated wim into SCCM, the OS version is 10.0.16299.431. This is the build version for May 2018 CU, should it not represent the build version of the CU one injects?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s