forums.wsusoffline.net
Forums for questions, problems and suggestions concerning WSUS Offline Update
Only approved patches
5 posts
• Page 1 of 1
Only approved patches
by kennethkarlsson » 08.02.2019, 14:25
Is there any way to only download and install approved patches?
- kennethkarlsson
- Posts: 2
- Joined: 08.02.2019, 14:02
Re: Only approved patches
by Dalai » 08.02.2019, 16:29
No, there isn't. WSUS Offline was never intended to do Opt-in (download/install only certain updates). What you can do is blacklist updates you don't want (Opt-out). Search wsusoffline\doc\faq-enu.txt for "exclude" for information on how to do that.
Regards
Dalai
Regards
Dalai
- Dalai
- Posts: 1041
- Joined: 12.07.2016, 21:00
Re: Only approved patches
by kennethkarlsson » 12.02.2019, 16:03
Thanks for your answer.
Unfortunately using a blacklist would not work as patches are continually being tested and then approved by the IT department on our internal WSUS server.
Unfortunately using a blacklist would not work as patches are continually being tested and then approved by the IT department on our internal WSUS server.
- kennethkarlsson
- Posts: 2
- Joined: 08.02.2019, 14:02
Re: Only approved patches
by Dalai » 12.02.2019, 17:01
Well, if there already is a WSUS server, I'd use that to install only approved/tested updates. Or, if you're familiar with batch scripting, sift through WSUS Offline's InstallOSUpdate.cmd to find out how it installs updates, and write a script of your own to install the updates you want (kind of manually).
Example from one of my scripts:
HTH
Regards
Dalai
Example from one of my scripts:
- Code: Select all
dism.exe /Online /Quiet /NoRestart /Add-Package /PackagePath:"%~1" /IgnoreCheck
wusa.exe "%~1" /quiet /norestart
HTH
Regards
Dalai
- Dalai
- Posts: 1041
- Joined: 12.07.2016, 21:00
Re: Only approved patches
by hbuhrmester » 14.02.2019, 10:25
There is a hidden option wsusonly for that.
If you specify a local WSUS server, then WSUS Offline Update will try this server first, to get all dynamic updates. If that fails, it will use the Microsoft download servers as a fallback and get all missing updates there. In the end, all dynamic updates will be downloaded, without any filtering applied.
If you also specify the option wsusonly, then only the local WSUS server is used for dynamic updates. This allows administrators to get only WSUS approved updates.
This doesn't work for static updates, which are always downloaded from the Internet.
The option wsusonly must be manually added to the configuration file UpdateGenerator.ini. Please see:
viewtopic.php?f=3&t=8573
viewtopic.php?f=3&t=3973
More discussions may be found with the forum search or a general search engine, for example DuckDuckGo:
https://duckduckgo.com/?q=wsus+approved ... ffline.net
If you specify a local WSUS server, then WSUS Offline Update will try this server first, to get all dynamic updates. If that fails, it will use the Microsoft download servers as a fallback and get all missing updates there. In the end, all dynamic updates will be downloaded, without any filtering applied.
If you also specify the option wsusonly, then only the local WSUS server is used for dynamic updates. This allows administrators to get only WSUS approved updates.
This doesn't work for static updates, which are always downloaded from the Internet.
The option wsusonly must be manually added to the configuration file UpdateGenerator.ini. Please see:
viewtopic.php?f=3&t=8573
viewtopic.php?f=3&t=3973
More discussions may be found with the forum search or a general search engine, for example DuckDuckGo:
https://duckduckgo.com/?q=wsus+approved ... ffline.net
- hbuhrmester
- Posts: 525
- Joined: 11.10.2013, 20:59
5 posts
• Page 1 of 1
Return to Installation / Updating
Who is online
Users browsing this forum: No registered users and 76 guests