WSUS Offline Update: A lifesaver for patching Windows on standalone systems without internet

A lifesaver for patching Windows

Once in a while luck comes your way, and if you’re smart you’ll grab it and ride it for all it’s worth. No, I’m not talking about Matt Damon playing Texas hold ’em poker in the movie Rounders, I’m talking about finding the right tool for the job when it comes to patching Windows computers that have no Internet connectivity and are disconnected from the local network. The normal way for consumer Windows machines to stay updated is for them to connect periodically to Microsoft’s Windows Update website so they can download the latest patches and install them as needed. But to use Windows Update, the computer naturally needs an Internet connection. By contrast mid- and large-sized businesses and organizations generally use Windows Server Update Services (WSUS) for patching Windows. WSUS lets administrators download patches and manage how they are distributed to Windows computers connected to the network. But to use WSUS the targeted computers must, of course, be on the network. So what can you do then when you have standalone Windows systems that have no network or Internet connectivity at all and you need to keep them patched?

Patching Windows: Introducing WSUS Offline Update

Enter WSUS Offline Update, a utility developed by Torsten Wittrock from Germany that lets you patch any Windows machine even when it doesn’t have any connectivity with the Internet or even a network connection of any form. I asked one of the readers of our weekly newsletter WServerNews how WSUS Offline Update works and he replied as follows: “Quite simple: you run the downloader on any machine, specifying the target operating system (it does Windows, Office, .NET and a few other Microsoft tools). Then it creates a .\client directory and downloads (allegedly) only the missing updates (but I suspect all possible). You then run the update launcher in the .\client directory and it runs all the updates on to the machine. If you supply credentials it will reboot as required.” In other words, you first run WSUS Offline Update on a machine that has Internet connectivity to download the updates you need for your target systems (your standalone Windows computers). The result is update media that you can copy to a USB drive. You then use your USB drive to run the installer tool from the update media on each of your target computers to patch them. A simple walkthrough with screenshots can be found on Torsten’s website for this terrific tool, and a fuller how-to showing the tool in action can be found in this article from the SpiceWorks Community.

Usefulness of WSUS Offline Update

Numerous readers of our WServerNews newsletter have told me how they have benefited from using WSUS Offline Update for patching Windows in their working environments. For example, a reader named John from South Africa said: “We use WSUS Offline Update to process donated computers we give away and have done hundreds of Windows computers using it. After we install a fresh copy of the operating system on the computers the UpdateInstaller of WSUS is run either from a USB stick or over a network, or the directory is copied and run from the computer itself. It brings the operating system up to date, or at least as up to date as the most recent run of the UpdateGenerator can make it.”

Another reader named Lee, who works in a PC repair shop, thanked me for pointing him to WSUS Offline Update by saying: “You suggested using WSUS Offline Update. What a great tool. I deployed it this morning with great results.” And one more reader described how WSUS Offline Update saved his bacon a couple of times as follows: “I had a damaged Windows 7 Dell laptop, which was upgraded from Windows Vista (it was one of the last Vista laptops delivered to us) and it got Windows Update nuked during the Windows 10 update issues. It couldn’t find updates to install and would take up to 40 minutes to reboot if updates were supplied. Microsoft’s System Update Readiness Tool (SURT) couldn’t fix it, but WSUS Offline Update did! I also had a Windows 7 Dell system given to me at work with a bare installation of Windows and no device drivers (the standard Windows image we use didn’t support it, apparently) so I loaded up the Dell drivers and pointed WSUS Offline Update at it and five hours later it was ready to rock. WSUS Offline Update claims to be able to do any operating system from Windows 7 upwards and I don’t doubt it. It’s solid gold, and free!”

Limitations of WSUS Offline Update

Torsten Wittrock

Testimonials aside, however, there are a few limitations you need to keep in mind if you plan on using WSUS Offline Update for patching Windows on your standalone machines. The main one is that WSUS Offline Update can’t keep the device drivers on your machines up to date the way Windows Update usually can do. I say “usually” because different hardware vendors release drivers packaged in different ways. For example, sometimes the device drivers you need are packaged into a utility that you may not actually want or need on your computer. In any case, don’t expect WSUS Offline Update to be of any use for updating the drivers your system hardware may need to keep running properly.

And while WSUS Offline Update currently works with Windows 10, it’s unclear if it will continue working in the future. For example, this topic in the Windows IT Center says: “Delta update will only be available for servicing of Windows 10 1607 (Anniversary Update) and 1703 (Creators Update) releases. For releases after 1703, you will need to implement a deployment infrastructure that supports Express update delivery to continue taking advantage of incremental updates.”

In response to this statement, one of the commenters in the forums on the WSUS Offline Update website pointed out: “WSUS Offline Update’s purpose is to install updates on Windows systems regardless of their patch level. That’s a quite different approach than delta updates, which can only be applied to systems with a specific patch level. So you’d need to keep ALL delta updates, which is the opposite of your intention of keeping the file/download size minimal.” And since the delta updates Microsoft releases are not listed in the update catalog file, you can’t make WSUS Offline Update determine the version of Windows 10 you’re currently running and then retrieve the appropriate delta updates for it if any may be required. So while WSUS Offline Update is still a fantastic tool for users of older Windows versions (and be honest, how many of us out there are still running Windows 7 and intend to continue doing so long after the product’s end of life?) it’s future as regards to Windows 10 is still cloudy.

Finally, please keep in mind that WSUS Offline Update is an unsupported third-party utility, so if supportability is important for the systems you’re updating then you might want to find a way to patch them using WSUS or Windows Update. On the other hand, however, the community of users who informally support WSUS Offline Update in the forums for this tool is still very strong and full of helpful individuals, so if you do plan on using the tool for patching Windows you can at least count on some level of help being available for you when you find yourself puzzling over some issue. Just be aware: Many of the users who post to these forums do so in German, not English!