The WSUS Offline Update Tool, or as some call it WSUSOffline, is a free utility to Download updates on an Internet-connected computer, which bundles all necessary updates and provides a way to install them. that package via usb device or CD/DVD.
Condition
First you need to ensure the following conditions:
- Preferably a computer running Windows 7 SP1 or Windows Server 2008 R2 or later. I will use a Windows Server 2012 R2 virtual machine as an example.
- A separate Windows PC with Internet access to download updates.
Download and set up Windows Offline WSUS updates
To update Windows for computers without Internet connection using WSUS we do the following
1. Open a web browser and go to the WSUS Offline download page here.
2. Click Version to download the latest version.
WSUS Offline Update comes in two separate versions; “Most recent version” and “ESR version“. “Most recent version” includes all modern Microsoft products. If you have an older operating system such as Windows 7 SP1 or Windows Server 2008 R2, you must download the “ESR version”.
3. After downloading, extract the ZIP file, find and run the file named UpdaterGenerator.exe. This application file will help you customize the updates.
Below is the interface of the WSUS software. In the next part we will use this software to update windows.
Create an Offline update package for Windows
Assume you have a non-Internet Windows Server 2012 R2 machine that needs all the Visual C++ Runtime libraries, the .NET Framework version, and the latest security updates.
Not only for Windows Server 2012 R2, but the steps in this section are applicable to all versions of Windows and Microsoft Office.
Your first task is to create an Offline update package. This update package can be created as an ISO image or stored on a USB drive. In this tutorial, I will create the update package as an ISO file.
ISOs are easier to work with and can be integrated into Windows Server 2012.
1. First, uncheck all Windows 10 updates if you don’t update Windows 10. Failure to do so will cause WSUS Offline Update to download more things than you need, dramatically increasing download times and ISO creation time.
2. Since the tutorial will update the Windows Server 2012 R2 machine, click the Legacy Windows tab. In this tab, select the operating system you want and the architecture. In this case, choose x64 Global (multilingual update).
And finally, select the additional updates you want to download, such as the C++ Runtime Library and Frameworks .NET, and select “security-only updates” instead of “quality rollups”. Quality rollups are bundled updates. Security-only updates install faster and are usually smaller in size.
If you have an internal WSUS server with approved updates and do not want to download updates from the Internet, click the WSUS button.
Once selected, click Start to begin the build process. WSUSOffline will open a command prompt window when you do so and will begin downloading the necessary updates and creating the ISO file. Be sure to keep this window open at all times. This step takes a few minutes to complete.
If you have selected multiple options and different operating systems, this process may take several hours.
Once the updates have finished downloading and WSUS Offline Update has created the ISO image, you’ll see the following prompt:
3. To view the log file for the entire activity, click Yes. Otherwise, click No.
You have successfully created the first Offline update ISO file containing the updates you selected for Windows Server 2012 R2.
4. Now, open the folder where you started WSUSOffline and notice two folders named iso and client. These folders contain the updates that the tool has just downloaded. The Client folder contains all updates stored directly into the folder, while the iso folder contains the ISO, which has zipped all updates.
Inside the iso folder, you will see an ISO file named wsusoffline-w63-x64.iso.
If you want to use USB to transfer the update package to a computer without Internet, you can also directly transfer the contents of the client folder to USB.
Use the Offline update package
You now have an ISO file containing all the necessary updates on your local computer. It’s time to Update the contents of that ISO file to the Offline computer.
As you can see below, a Windows Server 2012 R2 machine hasn’t been updated yet.
Last installed Update status will not change after running Offline update using WSUS. This is because these fields get information from registry keys that are only updated when using WSUS or Microsoft Update. They do not update when individual updates are installed.
To install Offline updates via ISO file:
1. Copy the ISO to an Offline computer using a virtualized DVD drive in VMware or Hyper-V or using a USB stick.
2. Next, find the ISO, right click on it and select Mount.
3. Now, go to the DVD drive that Windows created for the ISO file and run the UpdateInstaller.exe application.
4. Select any other additional updates you want to install and select your required options. For this tutorial, choose Update C++ Runtime Libraries, Update Root Certificates, and Install Management Framework 5.1
When finished, click Start to begin the installation process.
If WSUSOffline detects that any of these updates have been installed, it will ignore them.
If your Offline computer is too old, updating may require multiple reboots. To have the system restart the tool and repeat the process, select Automatic reboot and recall. This option will temporarily disable User Account Control (UAC).
After you click Start, WSUSOffline will open cmd and provide status messages during the update. Don’t close this window!
5. After the updates have been installed, restart your computer. WSUS Offline Update will prompt you to restart your computer to complete the process.
6. If you did not select Automatic reboot and recall before starting the update, continue to restart the computer and repeat steps 4-6 until WSUS Offline Update detects that there are no more updates available.
You have successfully updated your Offline computer.
Conclude
WSUS Offline Update is a tool every sysadmin should have. This tool saves a lot of time updating computers without Internet by automating most of the process.
