locked
Offline Update Server for Microsoft products RRS feed

  • Question

  • Our company have around 2000+ PCs connected through LAN. Almost all computers are running on Microsoft Windows family. Most of them are Windows 7. However few are windows 8 and even Windows XP. Similarly All PCs have Microsoft Office 2013/2007/2003 etc. There are few servers having Windows Server 2008/2003 and two database servers i.e. SQL Servers. We do have established anti virus server to update virus definitions offline. However, windows updates have to be manually installed. Is there a mechanism that we can establish windows update server over LAN and just add updates on that server and all PCs on LAN get updated through that server automatically? It is worth mentioning that our LAN is not connected to Internet. We have just one PC that is connected to Internet and we can download the updates but CAN'T connect the LAN to Internet due to policy.
    Thursday, October 22, 2015 8:53 AM

Answers

  • The easiest way to manage updates on an isolated network is to install to WSUS services: one on a machine connected to internet and a second one on your isolated LAN. You can then synchronize your internet-connected WSUS with online catalog, approve required updates, and then use wsusutil to export update metadata and content to a temporary location and import it to server on an isolated network. The process can be automated so that you avoid doing it manually every time there is a new update to be deployed.

    See Configure a Disconnected Network to Receive Updates for more info.


    Gleb.

    • Proposed as answer by Steven_Lee0510 Monday, October 26, 2015 2:20 AM
    • Marked as answer by TheMightiest Monday, October 26, 2015 7:50 AM
    Thursday, October 22, 2015 9:15 AM

All replies

  • The easiest way to manage updates on an isolated network is to install to WSUS services: one on a machine connected to internet and a second one on your isolated LAN. You can then synchronize your internet-connected WSUS with online catalog, approve required updates, and then use wsusutil to export update metadata and content to a temporary location and import it to server on an isolated network. The process can be automated so that you avoid doing it manually every time there is a new update to be deployed.

    See Configure a Disconnected Network to Receive Updates for more info.


    Gleb.

    • Proposed as answer by Steven_Lee0510 Monday, October 26, 2015 2:20 AM
    • Marked as answer by TheMightiest Monday, October 26, 2015 7:50 AM
    Thursday, October 22, 2015 9:15 AM
  • After the import and export servers are set and synchronized, how the nodes (other PCs) on LAN should be configured so that they automatically check and get the updates from the server?
    Monday, October 26, 2015 11:09 AM
  • After the import and export servers are set and synchronized, how the nodes (other PCs) on LAN should be configured so that they automatically check and get the updates from the server?

    Here is a good article about how to configure clients to receive updates from WSUS.

    https://thwack.solarwinds.com/community/application-and-server_tht/patchzone/blog/2013/05/02/configuring-your-first-wsus-client

    Hope this helps.

    Monday, October 26, 2015 1:28 PM