none
2019 LTSC security patches and Defender definitions via controlled release process RRS feed

  • Question

  • Hello,

    Our systems are UWF locked and in any case we can't just run auto-update because we need to control the configuration.

    Is there a way to download security patches manually, package them in some way and then deploy this package as an installer/script?

    For Windows XP we did something like this by grabbing installers from MSFT Update Catalog website and making a batch file

    For WES7 we used WEDU tool.

    What do you do for Win 10 Enterprise LTSC?

    --------------

    Same question about Windows Defender definitions.

    Thanks!


    • Edited by Kirko77 Wednesday, September 11, 2019 10:45 PM
    Wednesday, September 11, 2019 10:42 PM

Answers

  • Create a configuration set with only the update packages that you want to install. Use DISM to install the configuration set.

    1. On a test system, run windows update with UWF off to get a list of updates.
    2. Go the Update Catalog site: https://www.catalog.update.microsoft.com/Home.aspx, download the catalog files, and extract the CAB files. (alternatively, you could run each .MSU file download on target, but this will take time)
    3. Use SIM to create a configuration set = Answer File XML and Autounattend folde.
    4. Copy the configuration set to the target and run DISM.

    Sean Liming - Book Author: Starter Guide Windows 10 IoT Enterprise - www.annabooks.com / www.seanliming.com

    • Marked as answer by Kirko77 Thursday, September 12, 2019 5:10 PM
    Thursday, September 12, 2019 3:46 AM
  • Correct, step 1 is to get the list of the updates, you can re-load the test system when done. Step 2 is to search for the list of updates. 

    Note: Some minor updates might not be un the update catalog. 


    Sean Liming - Book Author: Starter Guide Windows 10 IoT Enterprise - www.annabooks.com / www.seanliming.com

    • Marked as answer by Kirko77 Friday, September 13, 2019 9:38 PM
    Friday, September 13, 2019 2:39 AM

All replies

  • Hi,

     

    Based on my research, SCCM may be helpful to you.

     

    More information please refer to the following article:

    https://docs.microsoft.com/en-us/sccm/sum/deploy-use/manually-deploy-software-updates

     

    Hope above information can help you.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 12, 2019 3:22 AM
  • Create a configuration set with only the update packages that you want to install. Use DISM to install the configuration set.

    1. On a test system, run windows update with UWF off to get a list of updates.
    2. Go the Update Catalog site: https://www.catalog.update.microsoft.com/Home.aspx, download the catalog files, and extract the CAB files. (alternatively, you could run each .MSU file download on target, but this will take time)
    3. Use SIM to create a configuration set = Answer File XML and Autounattend folde.
    4. Copy the configuration set to the target and run DISM.

    Sean Liming - Book Author: Starter Guide Windows 10 IoT Enterprise - www.annabooks.com / www.seanliming.com

    • Marked as answer by Kirko77 Thursday, September 12, 2019 5:10 PM
    Thursday, September 12, 2019 3:46 AM
  • Create a configuration set with only the update packages that you want to install. Use DISM to install the configuration set.

    1. On a test system, run windows update with UWF off to get a list of updates.
    2. Go the Update Catalog site: https://www.catalog.update.microsoft.com/Home.aspx, download the catalog files, and extract the CAB files. (alternatively, you could run each .MSU file download on target, but this will take time)
    3. Use SIM to create a configuration set = Answer File XML and Autounattend folde.
    4. Copy the configuration set to the target and run DISM.

    Sean Liming - Book Author: Starter Guide Windows 10 IoT Enterprise - www.annabooks.com / www.seanliming.com

    Thanks Sean!

    Is Step#1 just to record the list of applicable KBs to then search for them in Step#2?

    Just trying to understand the point of Step#1


    • Edited by Kirko77 Thursday, September 12, 2019 5:20 PM
    Thursday, September 12, 2019 5:20 PM
  • Correct, step 1 is to get the list of the updates, you can re-load the test system when done. Step 2 is to search for the list of updates. 

    Note: Some minor updates might not be un the update catalog. 


    Sean Liming - Book Author: Starter Guide Windows 10 IoT Enterprise - www.annabooks.com / www.seanliming.com

    • Marked as answer by Kirko77 Friday, September 13, 2019 9:38 PM
    Friday, September 13, 2019 2:39 AM