Monday, October 15, 2007

heise Offline Update 4.0 - Now Serving Vista and Office users!

I've mentioned here (once or twice) the fantastic Windows update tool from heise: Offline Update.

I can't imagine a Windows tech-support shop (hobby or enterprise) that hasn't at least kept a copy of this tool in reserve.

Home users even can benefit.  It's great for fully patching a Windows system without having to connect the computer to the network/Internet to obtain the critical update patches.  This helps ensure that the operating system is as locked down and secure as possible before networking it.  The drawback it that (in the past) you either had to download and keep up with the patches manually one at a time, and install them one at a time, or take your chances and download them from the net(work) with the time associated with that process.  And if you were setting up a new system for a dial-up user...get out the cooler and kick back...you will be sitting there a long, long, time.

Autopatcher...Down but not Out

Previously users might turn to AutoPatcher for an all-rolled-into-one patching solution. It worked great and had a big following. Unfortunately, Microsoft decided they didn't like the model and had to shut down their project in it's current build.  Good news is that Antonis is hard at work making a new version that will hopefully pass Microsoft's smell-test.

heise Offline Update Script

heise Security's Offline Update script does some amazing things.  First you just download and install the latest build version. Then unpack it to any location you wish on your drive.  Run the executable and select which platform(s) and localized language(s) you want to create.  Then decide and select if you want an individual media ISO for each build or a combined platform ISO.

A WGET window opens and the scripts download the latest update catalogs directly from Microsoft's update servers. Then it downloads (again from Microsoft's update servers) the updates needed.  When done it rolls them up in an ISO file ready for burning to disk media with an updater kickoff exe file.  I just unpack the ISO with ISOBuster and put the files directly on a portable USB drive and use that instead.

When it is time to update a system, pull out your current disk/USB media, pop-it-in and update away...no network connection required!

An auto-run kicks in and the apply update window appears. Select your options as appropriate and let-her-rip.  The script then compares it's update catalog list against the updates currently listed on the local system catalog and then proceeds to apply only those updates (automatically) needed to bring the computer current.

Next time you run the "master" updater again, WGET again gets the latest catalog, compares what it finds against what has already been previously downloaded, and only downloads the new ones or patches that have been updated to a newer version.  Then creates a fresh ISO file.

Version 3.2 supported updates for Windows 2000, 2003 Server, and XP (all versions).

Easy-Peasy!

heise Offline Update Script 4.0

With version 4.0 the folks at heise have simply outdone themselves.

They have included Vista System update patches in the list of supported operating systems and have added support for individual support packages for Office 2000, Office XP, Office 2003, and Office 2007!

Check out all these new features!

  • New: Support added for Microsoft Windows Vista
  • New: Support added for Microsoft Office 2000, XP, 2003 and 2007
  • New: Updates which are not listed in wsusscn2.cab any longer will be removed automatically
  • New: Service Packs (statically defined updates) may be excluded from download
  • New: CopyToTarget.cmd added to ease USB device preparation
  • New: Generator and Installer GUIs will be displayed in German on German systems.

I tested the new builds on a freshly (ImageX'ed) XP Pro SP-2 with Office 2003 system.

Before using, I ran an on-line Windows Update check and found the system needed 22 Critical Windows updates for the system and needed 2 office 2003 patches (SP3 and Outlook junk mail filter update).  I did not apply these but just use this to "baseline" the patch status.

Note: I could have also used the Microsoft Baseline Security Analyzer (MBSA) to test the before/after patching state as well.  MBSA 2.1 (beta) now also supports Vista platforms.

Next I ran the XP patch updater installer and it quickly performed the updates "off-line."  I rebooted the system and went back and checked "on-line" how many patches were applied.

Result? All of them. No updates were missed.

Then I tried the Office 2003 updater installer.  It successfully installed the Office 2003 SP3 patch, but didn't catch the junk-mail filter patch.  Still, not to shabby!

The scripts/installers can be customized with include/exclude lists manually if you are willing to do a bit of work.  For my purposes it looks and works great as-is, but it's nice to know you can continue to tweak it out a bit more if you want.

heise Offline Update script 4.0 -- Highly Valca Recommended!

--Claus

No comments: