Cached Mode And Offline Windows Update

Cached Mode And Offline Windows Update

Cached mode turns BatchPatch into a central distribution point that will cache Windows Updates and act as a conduit for the cached updates to be applied to target computers.
Offline mode provides a facility to easily apply Windows Updates to computers that do not have access to the internet or a WSUS server.

  • When ‘cached mode’ is enabled, the computer that is running BatchPatch will download all updates directly to its own local repository. Once downloaded to BatchPatch’s local repository, BatchPatch will handle distributing the updates to target computers. Target computers will not download their own updates from Microsoft, thus significantly reducing the overall amount of internet bandwidth used to retrieve Windows Updates.
  • When ‘cached mode’ is enabled without also enabling ‘offline mode’, target computers still require internet access because each target computer will perform its own online search for updates against Microsoft’s server. However, the actual download process will take place on the BatchPatch computer, not on the target computers, thus saving internet bandwidth since any available update will only be downloaded one time by the BatchPatch computer rather than being downloaded one time by each target computer. Once BatchPatch has downloaded updates to its cache, it is able to distribute them to target computers.
  • When ‘offline mode’ is enabled in conjunction with ‘cached mode’ each target computer does an offline search for available security updates, utilizing the offline scan file (wsusscn2.cab) that Microsoft provides, which means that target computers do not need to have internet access. The actual update download process will only take place through the BatchPatch computer. Once BatchPatch has downloaded updates to its cache, it is able to distribute them to target computers. With ‘offline mode’ it is also possible to download updates on a BatchPatch computer that has internet access, and then manually move the entire update cache repository to a computer or network that has no internet access, enabling you to distribute Windows Updates security updates to computers on a completely offline network.

Note: Since WSUS already provides a central distribution point for Windows Updates, running BatchPatch in ‘cached mode’ is intended only for environments that are not using a WSUS server. However, ‘cached mode’ does work with WSUS environments, despite being redundant. In this case Tools > Settings > Windows Updates > Server Selection controls where BatchPatch retrieves updates from to populate its own repository.


Scenario 1:

BatchPatch Default Mode – No Caching (All computers have access to the internet or a WSUS)

Summary: BatchPatch instructs each target computer to perform an online search for updates against Microsoft’s server or a local WSUS server. Each target computer downloads its own updates from the same location that it performed the online search.

Step-by-step tutorial: Using BatchPatch To Remotely Install Windows Updates


Scenario 2:

BatchPatch Cached Mode (All computers have access to the internet)

Summary: BatchPatch instructs each target computer to perform an online search for available updates against Microsoft’s server, but the computer running BatchPatch is the only computer that actually downloads updates. It downloads updates to its local cache, and then it distributes these updates to target computers. If multiple target computers require the same update, the update will only be downloaded a single time by the BatchPatch computer. Once the update has been stored in BatchPatch’s local cache, it can be distributed to any computer that requires it without having to re-download another copy of the same update.

Step-by-step tutorial: Using BatchPatch In Cached Mode


Scenario 3:

BatchPatch Cached Mode + Offline Mode (The BatchPatch computer has internet access. Target computers do not have internet access but they do have connectivity to the BatchPatch computer)

Summary: BatchPatch instructs each target computer to perform an offline search for available security updates against the offline scan file (wsusscn2.cab) that Microsoft publishes each month. The BatchPatch computer downloads these updates to its local cache, and then it distributes these updates to target computers. If multiple target computers require the same update, the update will only be downloaded a single time by the BatchPatch computer. Once the update has been stored in BatchPatch’s local cache, it can be distributed to any computer that requires it without having to re-download another copy of the same update.

Step-by-step tutorial: Using BatchPatch In Offline Mode When BatchPatch Has Internet Access


Scenario 4:

BatchPatch Cached Mode + Offline Mode (Target computers do not have access to the internet or a WSUS, but administrators are able/allowed to transfer or copy files from this network to another network that has access to the internet or a WSUS. BatchPatch is run in two separate instances – one instance on a computer that has internet access in order to obtain updates, and one instance on the offline network in order to deploy the updates to target computers)

Summary: On the completely offline network, BatchPatch instructs each target computer to perform an offline search for available security updates against the offline scan file (wsusscn2.cab) that Microsoft publishes each month. Once the list of available updates has been retrieved, the BatchPatch administrator saves this list to a *.bpurl file. The administrator then imports the saved *.bpurl file on a computer running BatchPatch that is connected to a network that does have internet access. The internet-connected BatchPatch computer then downloads these updates to its local cache. The administrator may now copy/move the entire BatchPatch cache of updates over to the completely offline network where BatchPatch can now be used to distribute the updates to all the target computers even though they do not have internet or WSUS access.

Step-by-step tutorial: Using BatchPatch In Offline Mode When BatchPatch Does Not Have Internet Access


Scenario 5:

BatchPatch Cached Mode + Offline Mode (Target computers do not have access to the internet or a WSUS. These computers are connected to a high-security network with strict rules that disallow administrators and users from transferring or copying any files from the high-security network to a lower-security network. BatchPatch is run in two separate instances – one instance on a computer that has internet access in order to obtain updates, and one instance on the offline network in order to deploy the updates to target computers)

Summary: The internet-connected BatchPatch computer is used to pre-download Windows updates security updates to its local cache. The administrator then copies/moves the entire BatchPatch cache of updates to the completely offline network where BatchPatch is able to distribute the updates to all the target computers even though they do not have internet or WSUS access.

Step-by-step tutorial: Downloading Windows Updates for Distribution to Offline Computers on High-Security Networks