forums.wsusoffline.net

Forums for questions, problems and suggestions concerning WSUS Offline Update
https://forums.wsusoffline.net/

Only approved patches

https://forums.wsusoffline.net/viewtopic.php?f=4&t=8863

Page 1 of 1

Only approved patches

PostPosted: 08.02.2019, 14:25
by kennethkarlsson
Is there any way to only download and install approved patches?

Re: Only approved patches

PostPosted: 08.02.2019, 16:29
by Dalai
No, there isn't. WSUS Offline was never intended to do Opt-in (download/install only certain updates). What you can do is blacklist updates you don't want (Opt-out). Search wsusoffline\doc\faq-enu.txt for "exclude" for information on how to do that.

Regards
Dalai

Re: Only approved patches

PostPosted: 12.02.2019, 16:03
by kennethkarlsson
Thanks for your answer.

Unfortunately using a blacklist would not work as patches are continually being tested and then approved by the IT department on our internal WSUS server.

Re: Only approved patches

PostPosted: 12.02.2019, 17:01
by Dalai
Well, if there already is a WSUS server, I'd use that to install only approved/tested updates. Or, if you're familiar with batch scripting, sift through WSUS Offline's InstallOSUpdate.cmd to find out how it installs updates, and write a script of your own to install the updates you want (kind of manually).

Example from one of my scripts:
Code: Select all
dism.exe /Online /Quiet /NoRestart /Add-Package /PackagePath:"%~1" /IgnoreCheck
wusa.exe "%~1" /quiet /norestart
The first is for .CAB updates, the second for .MSU ones. There are also switches for .EXE updates, but they sometimes use different ones.

HTH

Regards
Dalai

Re: Only approved patches

PostPosted: 14.02.2019, 10:25
by hbuhrmester
There is a hidden option wsusonly for that.

If you specify a local WSUS server, then WSUS Offline Update will try this server first, to get all dynamic updates. If that fails, it will use the Microsoft download servers as a fallback and get all missing updates there. In the end, all dynamic updates will be downloaded, without any filtering applied.

If you also specify the option wsusonly, then only the local WSUS server is used for dynamic updates. This allows administrators to get only WSUS approved updates.

This doesn't work for static updates, which are always downloaded from the Internet.

The option wsusonly must be manually added to the configuration file UpdateGenerator.ini. Please see:

viewtopic.php?f=3&t=8573
viewtopic.php?f=3&t=3973

More discussions may be found with the forum search or a general search engine, for example DuckDuckGo:

https://duckduckgo.com/?q=wsus+approved ... ffline.net
All times are UTC + 1 hour
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/