In praise of “WSUS Offline Update” for speeding up Windows 7 patches

Reader SH took WSUS Offline Updater for a spin. It’s an open source (GNU GPL) program that lets you install updates offline – no network connection necessary – for both Windows and Office. Several folks have asked me if it makes the chore of installing Win7 patches any faster. Here’s his report:

Hardware: Dell Vostro 220s, Intel Core 2 Duo 2.9GHz, 3 GB RAM (surplus system from client trade-up)

Software: Wiped hard disk, Fresh install of Windows 7 Pro, 64 bit, SP 1, from a bootable USB thumb drive.

System NOT connected to the internet, Windows Update was in “Never check for Updates” mode after Windows was installed.

Loaded full package of WSUS Offline Updater from a USB thumb drive to a folder on the hard disk, ran it from there.  Updates were from an April 13 download (didn’t bother to re-download a newer batch).

Started WSUS at 9:50 pm, it installed about 7 updates then needed a manual reboot

Re-started WSUS at 9:58, it did some checking, it wanted to install IE 11, so did that, it took about 3-4 minutes, and rebooted

Re-started WSUS at 10:01.  It installed about 6 updates, the started “creating a list of missing updates, this could take awhile (be patient….)”.  I checked it from time to time, got doing other things, checked back at 11:09, it was still ‘checking’. During this time the hard disk was running pretty steadily, and good old svchost.exe was running at 50% CPU usage.

Finally about midnight, it got done checking, came up with 142 updates to install and started on that.  I watched some being installed, when it got to about 40 installed, I gave up and went to bed.

Got up the next morning, and it was done with the 142 updates, had finished at 1:46 AM.

I rebooted, it did the ‘configuring updates’ thing, phase 1 of 4, etc, took about 20-25 minutes to do the pre-shut down/restart configuring, then booted back to the desktop.

I started the next round of WSUS Offline about 8:10 AM, it started another ‘creating list of missing updates (be patient…)’, but this time took only about 5 minutes, found about 4, I skipped the Windows Defender update and the MS Security Essentials install, so it only installed 1 update (KB2532531), then needed a reboot.

Started the next phase at 8:30, it did ‘creating a list of missing updates (be patient…)’, this time it took about 5 minutes to come up with NONE found.

Update history shows 11 updates in the Windows Update app, but in Programs & FeaturesàView Installed Updates, that lists 162 updates.

Some of the ‘bad’ Updates that were NOT installed were KB3035583, KB2952664.

Others installed were KB3139398, KB3139852, and the 2 possible update speed-up checking fixes KB3138612 and KB3145739.

After WSUS Offline updater was done, I hooked the system up to my network and the internet, installed GWX Control Panel, to see if any updates WSUS had installed might have turned any Windows 10 updating on.  What was on was “Get Win 10 icon app allowed” and “Are Windows 10 upgrades allowed”, so I shut those off and put GWX Control Panel in Monitor mode.

I then went to the Windows Update app at 9:18 and turned on “Check for updates, but allow me choose whether to download and install them”, that kicked off an update check. That got done before 9:30, found 7 Important and 68 Optional updates.

I selected 4 of the 7 (skipped the Defender update and the Malware scan), it downloaded them in about 2 minutes, created a restore point and installed them in about 1 minute. Then needed a reboot.

I then went back into the Update app and downloaded the Malware scan and Defender updates, 87MB, in under a minute, and did the scan and installed the Defender file.

I ran one more manual check, it found only one more update in under a minute, downloaded and installed it in under 2 minutes.

Rebooted, ran a manual Update check again and that found no more updates, still just the 68 optional ones.

So, other than the initial 2 hours of ‘creating a list of missing updates…’, and the 1 hr, 45 minutes it took to install the big 142 updates batch, the remaining steps went pretty fast, much faster and with less operator intervention than doing it using the in-Windows update app.

Supposedly the whole process can be automated with a command line modification to the install process that will auto-reboot the PC and pick back up where it left off.  Some comments I read said that sometimes caused problems, so I did not try that, wanted to see what the manual mode process entailed.

I’ve attached 3 screen shots of the updates found after the WSUS offline updater process and a manual check was run.  I did not try to install or care about the 68 optional updates (this was only a test…), perhaps Woody and others can review them and see if there are any that are worthwhile or that should be avoided.

If I was doing this on a ‘real’ system, I would re-run the WSUS downloader process again to have it check for any late updates, as mine were about a week out of date so I figured I’d just run it with what I had and see how many more the real update checking process might find (7 I guess) and how fast it would then download those using the regular process (pretty fast).

As I mentioned, I’ve been getting official referbed Windows 7 systems for my clients to finally get them off XP.  Those systems come with SP1 on them and some updates, but sill have been requiring numerous checking the regular way, waiting to find the updates, then waiting to download them, then waiting for them to install, then repeat until all updates have been found.

If and when I get any more of those referbed systems, it will be interesting to see if WSUS Offline can update an already partially updated system up to ‘current’ status faster than doing it manually.

I know doing massive updates to Windows 7 is in the dying stage, as pretty soon it will be very hard to buy new Win7 systems, and Windows 7 has been very resilient to needing total re-installations (unlike XP).  But I wish I’d found this utility years ago, might have gotten more sleep!