Friday, February 22, 2008

Offline Microsoft Updates

Now many years ago I used to like WSUS. That is was when I ran it on a server separate from my Small Business server. When Microsoft incorporated WSUS into SBS2003R2 that's when my relationship with WSUS turned sour. Personally I found WSUS on SBS caused all sorts of problems from failing to update correctly to downloading content that was not requested and finally being impossible to uninstall once it is on the system. So, bottom line, I no longer install WSUS on SBS2003R2. Typically, we use Shavlik to apply updates to all our networks for so many reasons which I am not going to go into here (maybe a later post if enough people out there ask me).
Problem was, when we get a new machine in that needs to be run up, typically, it is missing heaps (last count 94 for XP Pro) of updates. So we'd get the PC working, connect to the Internet and then do all the updates, reboot do 'em again and so on and so on until the system is fully patched. Also, when you go out to new client and check their machines, typically updates haven't been done for a long, long while and the only solution is to fire up Windows Update and download from the Internet. This can be a really painful experience, especially if they have lots of out of date machines and a slow Internet connection. Sigh.
That is now a thing of the past since I have discovered Heise Security DIY service pack. simply download the latest version of the software (which is a whole swag of clever scripts), expand into a directory on a machine and then run the update program. when run you'll be asked what downloads you desire :
Select your desired Windows Updates

also select you Office updates

ensure you have the option selected to create an ISO image and hit the Start button. The program will then go off and download all the selected updates (even service packs if you selected that). It will obviously take a while the first time it runs as it has to download a lot of updates for all packages selected.
Once the download process is complete it will create a separate ISO image for all the products you selected like so :

Here you can see I have Office 2003, office 2007, Office 2000, Office XP, Windows 2003 Server, Windows XP and more! Burn the ISO's to media and now you have your own offline update library.
Now simply pop the CD/DVD into a machine which you want to update and run the installer program (which auto launches as well). Simply select the desired options :

and press the Start button. The installer will firstly determine what updates need to be apply and then start applying and rebooting automatically if you selected that option. So now you can walk away from the machine while it continues to do all its updates - MAGIC.
I tried this out on a new original XP Home system OEM installation without Service Pack 1. I popped the Windows XP DVD into the drive, selected the reboot option (it gives you a warning that this may not work all the time) and pressed Start. The installer dutifully installed Windows XP Service Pack 2, rebooted, installed more updates, rebooted and so on till completion. At the end of the process I have a full patches XP System that I only had to attend once and didn't have to expose to the Internet before it was updated.
Best of all with this offline updater is the fact that when you run it again it downloads any new updates that Microsoft has brought out and adds it to a new ISO image it creates. So, I'll be running this after every patch Tuesday to create a new set of offline update CD's that are going to save me HOURS and HOURS both in house and on client sites.