forums.wsusoffline.net

Hi and thanks for this program!

Years ago I used http://forums.mydigitallife.info/thread ... e0ed359c34
for updates after installation and those packages had a "critical" directory, so that installing only critical patches was easy.

Is there a way to do this with WSUS? I downloaded updates and there is a lot of stuff in the glb directory I don't want, like .NET patches and IE. However, it's too many to do through manually, especially because the KB description needs to be searched and correlated manually.

Again, I'd like only critical updates and then I want to read about their reason. Any possibility to do this with WSUS? Any ideas of how to get a list of the downloaded updates with their respective KB description?

Thanks a lot!

viewtopic.php?f=7&t=172
This topic should explain, how wsusou works. wsusou will just install updates, which are declared as security-relevant by MS.
But also compontent as .NET & IE are security-relevant even if you don't use them. They are more a framework used by different system components than single applications. You might be able to remove the frontend, but the backend still exists and needs to be updated.

If you still want to exclude the updates, you have to search for the KB-numbers and write them into .\client\exclude\custom\ExcludeList.txt.

Thanks aker! I had read that before posting.

I know what M$ wants and what is officially supported. I want something else and different and am looking for an easy way.
If anyone knows how to quickly select only critical updates or delete/exclude all others I'd thank him! Otherwise my systems will stay unpatched as they have for years.

You may try this script (modified version of .\lient\cmd\ListMissingUpdateIds.vbs):

Code: Select all

' *** Author: T. Wittrock, Kiel ***
' some mods by aker

Option Explicit

Dim wshShell, objUpdateService, objUpdateSearcher, objSearchResult, objUpdate, objIDFile
Dim strTextFileName, strArgument

Set wshShell = WScript.CreateObject("WScript.Shell")
strTextFileName = "MissingUpdateIds.txt"
If WScript.Arguments.Count = 0 Then
  strArgument = ""
Else
  strArgument = WScript.Arguments(0)
End If

Set objUpdateService = CreateObject("Microsoft.Update.ServiceManager").AddScanPackageService("Offline Sync Service", "wsusscn2.cab")
Set objUpdateSearcher = CreateObject("Microsoft.Update.Session").CreateUpdateSearcher()
objUpdateSearcher.ServerSelection = 3 ' ssOthers
objUpdateSearcher.ServiceID = objUpdateService.ServiceID
If LCase(strArgument) = "/all" Then
  Set objSearchResult = objUpdateSearcher.Search("Type='Software'")
Else
  Set objSearchResult = objUpdateSearcher.Search("Type='Software' and IsInstalled=0 and IsHidden=0")
End If

If objSearchResult.Updates.Count > 0 Then
  Set objIDFile = CreateObject("Scripting.FileSystemObject").CreateTextFile(strTextFileName, True)
  For Each objUpdate In objSearchResult.Updates
    If objUpdate.KBArticleIDs.Count > 0 Then
      objIDFile.Write(objUpdate.KBArticleIDs.Item(0))
    End If
    objIDFile.WriteLine("," & objUpdate.Identity.UpdateID & "," & objUpdate.Title)
  Next
  objIDFile.Close
End If
WScript.Quit(0)


Save this file as ".vbs" file on your Desktop, copy .\client\wsus\wsusscn2.cab to your Desktop,too. Then run the script as administrator. It should generate a file called "MissingUpdateIds.txt", which should contain the update names, too.
WARNING: I didn't test it, but according to https://msdn.microsoft.com/en-us/librar ... 85%29.aspx it should work.