nji wrote:If I get you right, then your strategy is Win7-DVD, SP1, WSUSOU, Windows-Update (with blacklist)?
I'm pretty sure the strategy is to use a DVD with integrated SP1. After that maybe install scan prerequisites, then run WSUS Offline (which might also use the blacklist/exclude list) and run Windows Update last.
But won't the Window-Update (with your blacklist) will
- install Win10-forcing update?
WSUS Offline doesn't contain this crap. Even if it did, you can use its exclude list in wsusoffline\exclude\custom and wsusoffline\client\exclude\custom to avoid the dowload and installation of certain updates; see wsusoffline\doc directory and the forum for more information on the exclude feature (there's plenty of threads about it).
- install other "M$-features" unwanted?
Which would be? As aker already said, WSUS Offline only contains security updates. And as I said: you can use the WSUS Offline's exclude function. You can also hide updates after you ran WSUS Offline and let Windows Update search for updates.
- deadlock/ take hours (as reported in the month)?
No. WSUS Offline takes care of this by installing updates that we call scan prerequisites. This is done before scanning for missing updates. WSUS Offline then prompts for a reboot (if the prerequisites have been installed), and then it starts the scan for missing updates.
If I leave the last step out (Windows-Update with blacklist):
Will I miss "less important" bug fixes? So this wouldn't be to recommend?
You should add updates to your exclude list that you really don't want to install on any system. You have to check yourself which updates you want to exclude. You can rely on other's recommendations, but it's better to think for yourself and evaluate if it's the right way for you.
How do I blacklist in Windows Update?
You don't and you can't, at least not really and not permanently. Windows Update only allows to hide updates. To do that, let it search for updates, then go to the resulting list and right-click an update and select "Hide update". Note that this will only hide this update that has a specific ID (which is NOT the KB number). Example: You hid update KB123456, and some time later this update appears again because MS might re-release updates with the same KB number but different update ID. Specific example for this is KB890830 (Malicious Software Removal Tool).
And, as I said WSUS Offline has an exclude function, but note that this function will only exclude updates that would be installed by WSUS Offline - Windows Update may offer them regardless.
Activate automatic update and de-install the blacklist afterwards?
I don't think it makes sense to uninstall unwanted updates. Although this will most likely work, it's better to exclude them from the start. Just check the list of updates offered by Windows Update after you ran WSUS Offline, and unselect and/or hide the updates you don't want.
Regards
Dalai