Dell factory install Microsoft operating systems

Dell factory install Microsoft operating systems

Purchasing a Dell server with the Dell factory install load comes with two main technical benefits: automatic OEM activation for Microsoft Operating systems on Dell servers, and up-to-date security and OS Patches (no need to download your own via Windows Update).

The paper below describes how Dell selects which security and OS patches to integrate into our factory install image and provides the full list of what OS patches are installed.

Dell improves security, reliability and performance by pre-installing Microsoft Windows Update Patches on factory installed Operating Systems for Dell Servers

By Thomas Cantwell and Sankari N

Background: Microsoft has a very impressive infrastructure for delivering operating system patches once a system has been deployed. But, at the time of deployment, a system is vulnerable, both to security risks, and also to hardware-related issues that are exposed by the operating system. Dell installs a number of Microsoft operating system patches on our server systems to ensure they leave the factory with critical operating system patches already installed.

What Dell Installs
  • Security Patches – each security patch that Microsoft deploys is reviewed by Dell OS experts and we generally only install security patches that could lead to an immediate vulnerability either in our factory, or in the customer’s environment prior to running Windows Update. This does mean patches that Microsoft may rate as "critical" are not installed, but the patches with the greatest vulnerability that do not require user intervention to exploit a server will be installed.
  • A security patch we ALWAYS install is the latest Cumulative Security Update for Internet Explorer so the web browser is as secure as possible when we ship the system from Dell.
  • Operating system patches – Microsoft releases many patches that are not critical for security (and might not be automatically downloaded to a system when Windows Update (WU) is invoked), but may indeed be very important for proper system operation.
  • Usually, these types of patches are associated with newly developed hardware, such as a new CPU, or we may reach new thresholds that had not previously been tested and expose OS anomalies.
    • One example is the Dell PowerEdge R910 that supports 1TB of memory – this amount of memory had not previously been available on X64-based servers.
    • Another example is new CPUs with more cores per CPU.
  • In addition, new OS features, such as Hyper-V, can also bring issues out that had not been seen in the initial OS release and require patches to function properly.
  • As Dell finds issues in development and patches become available, we install these in our factory image to ensure the best possible customer experience. In some cases, Dell has worked directly with Microsoft to develop and deploy new patches that fix issues discovered in development.
  • Dell also reviews all the patches released by Microsoft and makes a conscious decision of installing the features which might have direct customer benefit. Eg. Patches which enhance the performance of the systems.

Important Customer Information

First, since Dell selectively installs Microsoft patches, it is still imperative that customers run Windows Update prior to server deployment into a production environment to ensure complete coverage for all Microsoft patches.

Second, Dell updates factory software only every quarter (in some rare exceptions, a patch must be installed on an emergency basis, such as a zero-day exploit the exposes both customers and our factory) to keep the changes manageable for our customers. This means there will be more recent security patches we will not have factory-installed, so again, run Windows Update.

This document will be updated quarterly to include the latest set of patches we factory install.

What We Install – Dell Factory Patch List

Dell installs patches for all OSes (not just Microsoft), but for Windows server versions, we install patches for all OS’s we ship (since Windows Server 2003 is no longer shipping, I do not cover the patches we shipped with that OS):

1) Windows Server 2008 R2 SP1*
Note: Windows Server 2008 R2 will not be shipped from Dell from September, 2011.
*Dell also ships some specialized versions of OS (based on the above OS versions), such as SBS 2011– those also receive the patch set relevant to the underlying core OS.

Microsoft Security Patches – Dell Factory Installed
Microsoft KB article Microsoft OS Version(s) KB description
KB2563894 WS08 R2 SP1(ENT,STD,DC, WEB) Vulnerabilities in TCP/IP Stack Could Allow Denial of Service
KB2559049 WS08 R2 SP1(ENT,STD,DC, WEB) WS08 R2 SP1(ENT,STD,DC, WEB), SBS 2011
Table 1: Microsoft Security Patches – Dell Factory Installed

Microsoft OS Patches – Dell Factory Installed
Microsoft KB article Microsoft OS Version(s) KB description
KB2468345 WS08 R2 SP1 Computer intermittently performs poorly or stops responding when the Storport driver is used in Windows Server 2008 R2
KB2517329 WS08 R2 SP1 Performance decreases in Windows Server 2008 R2 when the Hyper-V role is installed on a computer that uses Intel Westmere or Sandy Bridge processors
KB2550978 WS08 R2 SP1 "0x0000007B" Stop error after you replace an identical iSCSI network adapter in Windows Server 2008 R2 SP1 or in Windows 7 SP1
KB2568088 WS08 R2 SP1 Virtual machine does not start on a computer that has an AMD CPU that supports the AVX feature and that is running Windows Server 2008 R2
Table 2: ​​​​​​​Microsoft OS Patches – Dell Factory Installed

Article ID: SLN310639

Last Date Modified: 08/14/2018 04:17 AM

Rate this article

Easy to understand
Was this article helpful?
Yes No
Send us feedback
Comments cannot contain these special characters: <>()\
Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.