Patching Windows Offline, Old School Batch Script Style
Published: 01/30/2008
I'm going to cheat a bit and not really write an article here, but instead just link to another website that I used to maintain.
The first time I consciously put in effort to patch Windows installations using Windows Update was in 2000. Back then, our IT department did not have a formal NT 4.0 maintenance / patching schedule, nor was it ever probably considered. Then Nimda and Code Red hit us. It was chaos. We were shut down for several days. And get this - our "containment" procedure that we developed ad-hoc was to have every employee walking in the front door hand over their laptop so we could patch it before it hit the network.
In a word: ghetto.
I've been pretty diligent about maintaining patch levels since then, and it took Microsoft a while to acknowledge their limitations in this regard as well as put out a solution to help system admins do their job in maintaining their infrastructure. At least now we have WSUS 3.0. However, there are times when I would like to build a new machine with its operating system to specifications (either manually or through imaging), then completely patch it before it even hits the network. No Windows Update, no isolated VLAN to the WSUS interface and running wuauclt.exe /detectnow, nada. It just takes too long to download all those patches to an XP machine. To ensure complete build integrity and confidence, I make sure there's no wired / wireless / infrared / etc. connection available. Then I insert the scripted patchset (CD or flash drive) and viola - one-step patching.
If you're in a new environment with no central WSUS server and bandwidth is at a premium, you might want to consider making one of these for convenience, especially if you go site-to-site as a consultant.
The original Winpatch site. The backup.
When Slammer and Blaster hit a few years later, I didn't even budge. I wasn't affected. Other departments, however, were. I laughed at them.
I haven't updated this site in a long time, but I Googled around a bit and some people have apparently taken this idea and improved upon it a little.
Note: this script was also published in the January 2005 edition of Windows Scripting Solutions, pg. 14 and can also be found on the Windows IT Pro scripting site.
Go back to the main articles list.