Offline Windows Update

Today I’d like to take a few minutes to go over the offline Windows Update capabilities that are built in to BatchPatch. One of the common problems that sysadmins have, particularly on secured networks, is getting their Windows systems updated without having access to the internet or a WSUS server (Windows Server Update Services). In BatchPatch we provide complete functionality for applying Windows Updates to systems that are members of a totally offline or segregated network.

BatchPatch essentially has four primary modes of operation when it comes to installing Windows Updates remotely:

BatchPatch Online Default Mode

**Online Windows updates with no caching**
(This mode is recommended for most environments)

The default configuration for BatchPatch works when all target computers have access to either ‘Windows Update,’ ‘Microsoft Update,’ or your own local managed WSUS server. In this configuration, BatchPatch instructs target computers to search for and download their own updates from the configured update service (Windows Update, Microsoft Update, or WSUS).

Tutorial: BatchPatch Online Default Mode


BatchPatch Online Cached Mode

**Online Windows updates with caching**
(This mode is recommended for environments with very limited internet bandwidth *and* no WSUS server)

With online cached mode enabled all target computers are required to have access to either ‘Windows Update,’ ‘Microsoft Update,’ or your own local managed WSUS server. In this configuration, BatchPatch instructs target computers to search for updates on the configured service (Windows Update, Microsoft Update, or WSUS), but update downloads only occur through the BatchPatch computer to the BatchPatch update cache. BatchPatch then distributes updates from its cache to target computers. While this process decreases the total bandwidth required to download updates since only one copy of each update is downloaded to the BatchPatch cache (instead of each computer downloading its own copy of each update), the overall process for applying Windows Updates takes longer to complete.

Tutorial: BatchPatch Online Cached Mode


BatchPatch Partially Offline Cached Mode

**Offline Windows updates with caching**
(The mode is recommended for restricted environments where target computers do *not* have access to the internet or a local WSUS but *do* have network access to an internet-connected computer running BatchPatch)

In this configuration, even though target computers do not have internet access, they do have access to the BatchPatch computer, which has access to the internet. The BatchPatch computer instructs target computers to perform an offline search for available updates. The BatchPatch computer then downloads all the necessary updates and distributes them to target computers.

Tutorial: BatchPatch Partially Offline Cached Mode


BatchPatch Completely Offline Cached Mode for Lower-Security Networks

**Offline Windows updates with caching**
(The mode is recommended for restricted environments where target computers are on a completely segregated, offline network, without access to the internet and without network access to an internet-connected computer running BatchPatch. In this scenario, administrators are required to manually copy a single text file from the offline network to an online network via an external flash drive or whatever means is convenient for the administrator)

In this configuration, since target computers do not have internet access and also do not have access to an internet-connected computer running BatchPatch, all updating occurs 100% offline. In this configuration, the search for available updates is performed offline, and then the list of available/needed updates is manually moved to an internet-connected computer running BatchPatch where the updates are downloaded. The entire update cache is then manually moved to the segregated/offline network where BatchPatch is used to distribute them to target computers.

Tutorial: BatchPatch Completely Offline Cached Mode for Lower-Security Networks


BatchPatch Completely Offline Cached Mode for High-Security Networks

**Offline Windows updates with caching**
(The mode is recommended for restricted environments where target computers are on a completely segregated, offline network, without access to the internet and without network access to an internet-connected computer running BatchPatch. In this scenario, the high-security nature of the offline network disallows any files from ever being transferred from the high-security offline network to another network. Files will only ever be transferred *to* the high-security offline network, but files will never need to be removed *from* the high security offline network)

In this configuration, since target computers do not have internet access and also do not have access to an internet-connected computer running BatchPatch, all updating occurs 100% offline. In this configuration, an internet-connected BatchPatch computer is used to pre-download all Windows updates to its local cache. The administrator then copies/moves the entire BatchPatch cache of updates to the completely offline network where BatchPatch is able to distribute the updates to all the target computers even though they do not have internet or WSUS access.

Tutorial: BatchPatch Completely Offline Cached Mode for High-Security Networks

This entry was posted in Blog, General, Tutorials and tagged . Bookmark the permalink. Both comments and trackbacks are currently closed.