I've been using the Heise Security's Offline Updater (DIY Service Pack) package for some time in our IT workshop to keep freshly reimaged systems almost fully patched right after deployment, but before connection to the network.
I highly recommend this for anyone deploying a new Windows 2000/XP system. It's a great way to get a system almost fully patched before attaching it to the wild wild network and any baddies that might be floating around the Web or the local network.
It basically works like this,
Download the updater program to a "host" system.
Run the launcher and pick your operating system(s) to update.
The application will go out and download all the needed patches off Microsoft's own servers using their update catalog.
It will then wrap them up in an ISO format file...ready for burning.
Deploy on individual CD media or all of them on a single DVD.
To install pop the auto-run cd/DVD media in the system needing updating. Select the "run" option and let the updates flow.
If you want to bring your update media up to date (after the next patch release cycle by Microsoft) just rerun the application off the host system and it will only download and add any new updates, creating a new ISO file.
It's very neat and slick, and can even be customized to include or skip particular patches and files.
Version 3.02 worked great.
Beginning in version 3.03 I began having some issues with the updater not downloading/installing the packages quite correctly.
Then I found a post thread that helped; What fixed it for me with errors I found using v3.04 - via Offline Update | heisec-UK Forums
Basically, I copied the files mentioned from a previous Offline Update disk that did work to the locations mentioned in the new updater. Then I ran it as normal. This ensured the files needed were already present. No more problems.
I noticed Friday night that they released another new version, 3.11 with a number of fixes and tweaks.
I'm going to give this one a clean test without the "hack" mentioned above when I get to work next week.
Hopefully it will work like a charm.
I highly recommend this Windows Update utility for any Windows IT shop. It saves a bunch of time on downloading updates over the wire...especially if it is a brand-new, unpatched system. Also great for users still on dialup (although you still got to make and get the files first...broadband is highly recommended!).
Similar Windows updater packages exist as I have previously blogged, but this is by far the best in my book. Simple, fast and directly delivered to you from Microsoft's own servers.
Go roll your own!