When a Provisioning Services Target Device for Windows is booted from Provisioning Services (across the network), it is not possible to perform any software updates that affect the network stack, since the network stack changes will drop the connection to the vDisk.

The following provides a list of known network affecting software that periodically requires updating, this is not necessarily a complete list:

• Hypervisor Tools/NIC Drivers (e.g. VMware Tools, XenServer Tools, VirtIO, etc.)
• Provisioning Services Target Device Software for Windows - If the Provisioning Services Target Device Software for Windows is version 7.6.1 or newer, then reverse imaging is no longer needed to update the Provisioning Services Target Device Software. In this case, create a new maintenance version of your vDisk, boot it, and run the new Provisioning Services target device installer to do an in-place upgrade.
• Windows 10 SAC releases upgrades
• Antivirus application updates
• Firewall/Network security software 

To update network stack-affecting software, you must first convert (clone) the Provisioning Services vDisk to a traditional virtual machine local disk. The process to convert from vDisk to local disk is sometimes called Reverse Imaging. Once booted from local disk (without going through the network), you can do whatever you want with the NIC. In this state, it’s just a regular virtual machine and no longer connected to the Provisioning Services server.

After Provisioning Services target device software is uninstalled and the system is rebooted to local disk, proceed to upgrade hypervisor tools, NIC driver, Provisioning services target device software, Windows 10, or update antivirus definitions.

Instructions

Methods

With reverse imaging, the end goal is to boot from local disk instead of from the Provisioning Services vDisk across the network. There are several methods of reverse imaging, including the following:

• Boot a Target Device from the vDisk. Attach a new local disk to the Target Device. Run P2PVS.exe to copy the vDisk to local disk. Then boot from the local disk instead of from the network.
• vDisks are VHD/VHDX files. Some hypervisors (e.g. Hyper-V, XenServer can only boot VHDs) can directly boot VHD/VHDX files. In that case, copy the vDisk VHD/VHDX file to the local hypervisor’s storage, and configure a virtual machine to boot from the local VHD/VHDX instead of from the network.
• Windows 7 and newer can boot from VHD files. Build a Windows 7 or newer virtual machine, copy the vDisk VHD to the C: drive of the Windows 7 machine, and then configure bcdedit to boot from the VHD. Newer versions of Provisioning Services create VHDX files instead of VHD. For VHDX files, the bcdedit method requires Windows 8 or newer.

This table describes the above 3 reverse imaging-type methods and their uses in updating hypervisor-tools\NIC software.  Provisioning Services target device software must be uninstalled before updating NIC/hypervisor tools, Windows 10 upgrade, antivirus definition updates, and firewall\network security software.  All hypervisor tools and NIC installation software have a guard for detecting their respective NIC\VM type before allowing install to proceed.

Reverse imaging using P2PVS

For the purpose of reverse imaging, the terms private image mode and maintenance version are used interchangeably.
Before manually performing reverse imaging using P2PVS, consider the following:

1. Reverse imaging for legacy BIOS system is non-destructive and block-based.  Therefore, the local hard disk has to have the same partition table as those of the vDisk.
2. If the VM is not the master VM or has an uninitialized hard disk, use Disk Management from the Computer Management tool to create the partition table on the local hard disk to match those of the vDisk.
3. For UEFI systems, reverse imaging is a destructive process.  All the partitions on the local hard disk will be destroyed and re-created to match those of the vDisk.
4. Block-based imaging requires that the local hard disk has to bigger than or equal to the vDisk.

Reverse imaging

1. Boot the PVS target device into the vDisk using private\maintenance mode.

2. If the Provisioning Services target device installed in the system is 7.15 skip the new two steps and use the P2PVS.exe in the Provisioning Services target device installed directory (C:\Program Files\Citrix\Provisioning Services by default) to do reverse imaging.

3. Install PVS_UpgradeWizard.exe or PVS_UpgradeWizard_x64.exe from the Upgrade folder of the ISO image of the latest Provisioning Services release to get the latest P2PVS.exe.  The upgrade wizard can also be installed with the Provisioning Services meta-installer using the Target Device Installation > Install Upgrade Wizard option.  This is done because the upgrade wizard has the latest version of P2PVS.exe.

4. Run P2PVS.exe from the Provisioning Services Upgrade Wizard directory (by default, this directory is C:\Program Files\Citrix\Provisioning Services UpgradeWizard).

5. Click the From drop down menu and choose Provisioning Services vDisk and click Next.
   

6. In the partition screen, select the partitions that will be reverse imaged.  All system partitions, regardless of whether they have a drive letter or not, will be used in reverse imaging.  Click Next.
   

7. Click Convert on the last page to begin reverse imaging.
   

8. Both BIOS and UEFI systems follow the same reverse imaging sequence with P2PVS.

9. Un-install Provisioning Services target device software.

10. Set the system to boot from local disk instead of network.

Citrix Documentation - Upgrading vDisks by reverse imaging

Note : Applicable for all PVS versions

https://www.carlstalhood.com/pvs-update-vdisk/#reverseimagebcdedit