During the time, the older operating systems receive more and more updates. We will see that best if we reinstall an older operating system and then try to apply all updates. Still widely used the Windows 7 with Service Pack 1 operating system is more than 5 years old. The Windows 8 or newer 8.1 are few years younger and still there is a large pile of the updates.
We can speed up the initial update process on few ways. We can install and use the WSUS server, manage installation images using the Microsoft SCCM, download all images on the disk or try to build our installation with slipstreamed updates in original installation.
The WSUS server or the SCCM server are more the corporate solutions. If you are the single user or the administrator in a small company, then you can use the last techniques. You can download all updates on the disk (preferably, the USB disk that you can update continuously) and install them with the utility program.
Alternatively, you can try to slipstream new security updates inside the installation disk and build your own updated installation disk. Then you can reinstall the computer with such disk and shorten the installation time dramatically. Even if the installation process can be bit longer, you do not need to download and install them later.
There is also the security side of this process. You will not expose the newly installed computer to the Internet. Without some anti-virus solution, the firewall and the security patches, your computer is very vulnerable to attacks. If you do not have other solution, you can install the Microsoft Security Essentials. This is good free anti-virus solution.
You cannot use it on the server platform. In the Windows 8 and later versions, this tool is replaced with the built-in Windows Defender. Depending on what you are doing, this can be sufficient protection. However, you can consider other anti-virus solutions. Some of them are free and some are commercial. In this moment, there are more than 50 anti-virus solutions.
We will focus on the offline installation process in this post. This procedure can be very useful even for the offline servers or the computers with specific update policies. In addition, if you need to support the single, home-based, clients, then having all that files with you can be timesaving.
We supporting some specific vendor-based solutions that must be updating very carefully. Customer cannot assign easily the update policy to those servers. Therefore, our clients and we are very interested in such offline solutions that can be run from the disk. We can build ISO image or large zip file and place them on FTP server for our customers to download them.
The Autopatcher solution
The Autopatcher is the desktop oriented solution. You can use it to download a pile of the updates for specific version and the distribution of the operating system. It can support all Windows versions from the Windows XP SP2, over Vista, the Windows 7 in the 32- and 64-bit versions until the Windows 8.1 in 32- and 64-bit versions.
We can add additional programs and utilities, like the Visual C runtime, .net frameworks (updates and installations), the Java run-time environment, the Silverlight and so on. All those updates are downloaded and separated inside folders to the related platforms.
We are using a same application to download the updates and to install them. With the Autopatcher we can install just the valid critical (security) updates or we can add even the non-critical updates.
I found that this application could not install the Internet Explorer 11. The installation package is there, however it will not install it. You need to run it separately and manually.
The WSUS Offline Update tool
The WSUS Offline Update (WOU) tool will prepare mostly security updates and essential additional programs, like the .net, Silverlight or the Visual C runtime modules. With this tool, we can download the updates for all supported operating systems, including the server platform.
This tool will first install the Internet Explorer 11 on the older operating systems and reboot the system for you. Then it will continue with the security updates for the system. This whole process can be automated. You just need to start the process and you can go on the coffee.
We can just download the updates. They will be separated by the folders, related to the version. Moreover, we can choose the option that WOU make the ISO file with all updates and the application itself. Later we can adapt that image or installation folder according our need.
I found this tool very handy for the server side updates. However, it will not install the non-critical (a.k.a. recommended) updates. In case that some update is required on the machine, you need to install it manually.
Disabling the Windows update checks
Before we can proceed with any offline updating option, we should switch the automatic updates to the option – Never check for updates. This is the trick. This step is very important.
All those patches are mostly special installation archives named as msu files. Those updates are installed independently to the Windows update service. However, they need some features of the Windows updates service. Therefore, we cannot disable this service.
Moreover, if we left in on any other option, the Windows update will begin to search for the updates. In case when any offline updating solution install some update that require the system reboot, the Windows update will try to do so. In addition, it will interfere with that offline solution. Therefore, we need to disable it, keeping service alive in the same time.
On the test
In this moment, the most critical systems are those with the Windows 7 or Windows Server 2008 R2 with Service Pack 1. Those systems requires lot of patches, especially after reinstallation. Both operating systems will be supported until 2020 and we will see them so many years in the service.
I installed the fresh 32-bit Windows 7 Enterprise with Service Pack 1. I opted for this operating system, as it is the older one that is widely used and still is supported by Microsoft. Moreover, the Autopatcher officially does not support the server platform.
I made two linked clones of that virtual machine. In the end, I had three identical virtual machines. Original one was turned off to avoid virtual disk compromising. It will be used again in the end of the test.
We used the Autopatcher on the first machine. It took almost two hours to install all available updates, including the Windows security updates, the .net 3.5.1 updates and available recommended updates. As we can see, there are 265 updates installed.
Now we need to check for the updates from the Microsoft site. We can check manually even if the Windows update service is set not to check.
Some of the updates inside the repository failed continuously. I suspect that those updates are withdrawn and replaced with newer.
Then we tried the WSO on the second machine. An installation process took less time. As we already said, this option will offer only security updated and the Internet Explorer 11.
As we can see, the WSO will offer only 174 updates. Although the recommended updates are not necessary for proper work, we need the .net updates. Those updates are for increased security and better work. However, we must check the application requirements. There are applications that are developed with specific version of the .net in mind and other version can generate the problems in their operation.
We checked now updates from the Microsoft site. As we can see, we need to download much more updates. Most of them are the .net security updates.
As the last step, I stopped both virtual machines and then started the original virtual machine. Here I started update. As the first step, I updated the Windows update client using the method from this post (***).
The Windows update service checking for some time and eventually reported all available updates from the Microsoft update server. As we can see, there was 231 critical updates and 41 recommended updates.
Instead of the conclusion
We can see that both applications (solutions) can satisfied our needs. Any solution can be the right one for you. I used both and I found that every solution have its own advantages.
Put the solution on the USB disk and keep it updated. Then you can update any computer in fraction of the time. Both solutions are smart and they will recognized installed updates.
When I need to support the desktops, then the Autopatcher have advantage. It is obvious that some patches are not required any more, but we will need to install later the smaller number of the updated.
In case that we need to support the server platform, then in my humble opinion the WSUS Offline Update is better choice. Yes, we will not have optional updates and there is a lack of the .net updates. However, we must keep in mind that the server platform is more sensitive to wrong updates. One inadequate patch can crush mission critical server and cause large damage in both time to repair and the money.
You should try both solution. Alternatively, try some third solution that is not mention here. There are few more solutions on the Internet. Then you can find the best one for you.