Table of Contents

Time to time you need to install multiple Windows Update or Hotfix files on a given computer or server. This can happen if you deploy a new server that needs a bunch of hotfixes that are not available from WSUS and/or Microsoft Update. Or when you're installing onto an isolated secure workstation that should be never connected to any network.

Here's a simple batch file that automates this task. All it does is looking for potentially applicable update files and runs them.
  • Looks for hotfixes in the same folder where the script resides.
  • Works with Windows Vista and higher.
  • Works with x86 (aka i386 aka 32-bit) and x64 (aka EM64T aka AMD64 aka 64-bit) architectures.
  • Works over the network. There's no need copy update files locally.
  • Works with subfolders. You can group hotfix files under several subfolders to ease manual installations.
Currently, to evaluate success or failure of installing individual updates you need to look for the error code. The reason for this is that the logs of “Windows Update Standalone Installer” (WUSA) are human-unreadable binary files.

To evaluate error code you first need to convert it from Decimal (as output by wusa.exe) to Hex. Then look up that Hex value in the list of Windows Update Agent Result Codes.

It might be possible to automate error code lookup but this is not implemented in current version of the script.
@echo off

if %PROCESSOR_ARCHITECTURE%==x86 set arch=x86
for /F "tokens=4-5 delims=[.] " %%A in ('ver') do set ver=%%A.%%B
set log="%temp%\wusa-%date:~-4,4%%date:~-7,2%%date:~-10,2%-%time:~-11,2%%time:~-8,2%%time:~-5,2%.log"

echo Installing updates from "%~dp0"

for /r "%~dp0" %%m in ("Windows%ver%*%arch%*.msu") do (
set msupath=%%m
set msufile=%%~nm
call :wusa
echo Done! Please check %log% for results.
goto :eof

echo %msufile%
start /wait "%SystemRoot%\System32\wusa.exe" "%msupath%" /quiet /norestart
echo %msufile% %errorlevel% >> %log%