Manage Learn to apply best practices and optimize your operations.

Free WSUS utility offers on-the-fly patch management for Windows

A new app improves on the process of automated Windows updates – without the need for a WSUS server.

Imagine you have an office with five PCs, all running off a single shared DSL line. You want to patch all of your...

systems without downloading the same files repeatedly or being at the whim of each system's flakiness.

"Darn it, why did the download fail on this machine but not that one?"

The long-term solution is to set up a WSUS server, but what about the short-term? Or what if there just isn't the budget for a WSUS server at all?

Programmer Torsten Wittrock addressed this problem by creating WSUS Offline Update, a WSUS application that automates the process of obtaining all the updates necessary for a selected Microsoft OS or Office product, and places the collected updates on a USB stick or in a .ISO image. This can be used to update any other machine whether it's connected to the network or not.

What's new with WSUS?

In this Q&A interview, Microsoft managers Ward Ralston and Josue Fontanez provide insights into the latest updates and plans for the free Windows Server Update Services patch management tool.

Upon launching WSUS Offline Update, you'll be greeted by a menu from which you can choose updates for the various editions of Windows 2000, XP, Server 2003, Vista, and Server 2008, plus Windows 7 and Server 2008 R2, both 32- and 64-bit where applicable. You can also download updates for Microsoft Office XP, Office 2003 and Office 2007. When creating .ISO images from these downloads, they can be per-product-and-language or per-language with 32- and 64-bit versions for a given product in the same .ISO.

The WSUS Offline Update application also offers a .NET Framework 3.5 SP1 download to whatever .ISO you're creating. You can specify a WSUS proxy server if you want to obtain downloads from that instead of Microsoft's own servers. (This is useful if you have WSUS servers in your organization but the computers you're updating are not connected to the network.) Finally, you can elect to have all downloads verified against hash signatures—a good idea, since a single mislaid byte can cause an entire package installation to fail.

Click start and the program will download and verify each package. When it's finished, a log will be generated in the /log folder for the program and the .ISOs will be built from the downloaded packages and stored in the program's /iso subdirectory. The downloaded packages themselves can be found in subfolders of the /client folder—for example, Office 2007's downloads are in the /o2k7 subdirectory. Windows 7 downloads are in /w61-x86 or /w61-x64, since Windows 7's internal revision number is 6.1 for backwards compatibility.

WSUS Offline update's biggest drawback is the documentation; there's barely any to begin with. Fortunately, most of the program's prompts are self-explanatory, and none of the packages it downloads are actually installed anywhere, so you can experiment with it at no real risk to your system.

Figure 1. WSUS Offline Update 6.5 - Generator (click to enlarge)
WSUS Offline Update 6.5 - Generator

Serdar Yegulalp has been writing about computers and information technology for more than 15 years for a variety of publications, including InformationWeek and Windows Magazine.

Dig Deeper on Windows Server troubleshooting