Using BatchPatch Standalone Without WSUS

If you are using BatchPatch in a standalone configuration without a WSUS server, there are a few things to be aware of.

The first order of business is to configure your environment to work with BatchPatch. Please review the Getting Started page. Make sure that you can successfully run the BatchPatch action ‘Windows updates > Check for available updates’ on target computers. Generally if that action is functioning properly, all other actions in BatchPatch should also function properly.

If your goal is to use BatchPatch to handle the process of downloading and/or installing updates on your computers, you’ll want to configure those computers to *not* automatically download and/or install updates on their own. There is a group policy that you should set on those computers if they are part of a domain. If they are running standalone (not part of a domain) then you’ll want to set the same local policy on each target computer. The behavior of this setting varies slightly depending on which operating system is running, but regardless you would want to open the group policy editor (or the local policy editor) and find the setting for Configure Automatic Updates which is available under Computer Configuration > Administrative Templates > Windows Components > Windows Update. Setting the value to either 2 Notify for download and notify for install or 3 Auto download and notify for install will prevent them from installing on their own so that you can instead trigger the install from BatchPatch. If you want BatchPatch to perform both the download and installation, then set the value to 2. If you want the computers to auto-download the updates but use BatchPatch for the installation, then set the value to 3.

Next you’ll need to decide the source for the Windows updates. Since you aren’t using a WSUS as the source, your source is going to be either ‘Windows Update’ or ‘Microsoft Update.’ The default behavior in Windows is to use ‘Windows Update’ as the source. However, if you go into the Windows Update settings in the control panel of a target computer you can see there is an option that says something like this, depending on the OS: ‘Give me updates for other Microsoft products when I update Windows’. If you tick that box, then you are enabling ‘Microsoft Update’ on that computer. Windows Update provides updates for just Windows operating systems, while Microsoft Update provides updates for Windows operating systems PLUS updates for other Microsoft applications.

In BatchPatch under Tools > Settings > Server selection you’ll see three different options:

Default / Managed: Uses the target computer’s existing configuration to determine where to search for updates. If you leave BatchPatch set to ‘Default / Managed’ then it will use whichever setting is applied on the target computers for the update source. If the update source is *not* set in Group Policy to a local WSUS, then the update source will be ‘Microsoft Update’ if on the target computer you have ticked the ‘Give me updates for other Microsoft products when I update Windows’ box. If you leave that box unticked then the update source will be ‘Windows Update’.

Windows Update: Bypasses the target computer’s configuration and searches for updates on Microsoft’s public server. Includes only Windows updates.

Microsoft Update: Bypasses the target computer’s configuration and searches for updates on Microsoft’s public server. Includes Windows updates AND updates for other Microsoft products. Before using Microsoft Update, target servers must be opted-in to the service. If you have ticked the box ‘Give me updates for other Microsoft products when I update Windows’ then you have opted-in that target computer. If you do not tick that box individually on each target computer, then you may use BatchPatch to remotely tick that box on each target by executing ‘Actions > Windows Updates > Opt-in…’ one time.
If you will be applying updates to computers that do not have internet access, please review the various options that BatchPatch provides for cached mode and offline updates.