In association with heise online

Tweaking the parameters

It is possible to prevent the installation of individual updates, such as when it becomes known that a specific patch causes problems. To do so, enter its KnowledgeBase ID into the "exclude-list.txt" file in the \client\exclude folder on the basis of the pattern 123456. The installation script will skip over any updates indicated there, recording that it has done so in the log file.

image 3 [650 x 488 Pixel @ 55,4 KB]
Zoom If run before any updates, Microsoft's Baseline Security Analyzer will show as here that no updates have been installed. Run again after the updates, it will confirm that they are in place.

Additional Microsoft patches not covered in the base configuration of the offline update can be added in later as static updates. To arrange for the download script to download an additional packet, add its URL into one of the text files in the "static" directory. For the English version of XP, for example, this is the file StaticDownloadLinks-wxp-enu.txt. The download script sorts the downloaded files into the proper folder within \client.

To arrange for the installation script to install the additional update, you must add its KnowledgeBase ID into a file within \client\static associated with the applicable operating system; for XP this is StaticUpdateIds-wxp.txt. Because the installation script cannot check whether a static update has already been installed, it basically installs the entire list, even if individual updates are already present.

image 4 [600 x 320 Pixel @ 64 KB]
Zoom The ctupdate.log file in the Windows system directory documents which updates have been successfully applied by the script.


Offline update is not intended to replace the mechanism specified by Microsoft for bringing Windows up to date via Internet. It is intended to provide removable storage media with security updates for PCs, after which they can be brought safely onto the internet. A self-assembled service pack can be quite practical when making "house calls" for acquaintances or clients who lack a broadband internet connection or who have previously been skittish about patching.

The update packet created through the scripts can also be shared over a local network with the caveat that in the current version the automatic reboot function cannot be used for network installations. Through its WSUS update server, Microsoft offers a more powerful solution for keeping PCs in a larger LAN up to date. The server is used to set in detail just which updates are to be installed on which PC groups. WSUS also reports back which have already been provided.

Our update scripts are superior in several ways to similar solutions circulating on the internet. For starters, "update packs" prepared by third parties (and which Microsoft has in no way authorised) are a dubious source of security updates. Our script by contrast draws updates directly from Microsoft's internet servers, independently of whether the PC running the download script has been fully patched or not.

The offline update is set up modularly and is easy to adjust. It would also be conceivable to use the mechanisms employed there to install updates for other Microsoft products such as Office. The version available at press time, 3.0, passed our tests although it cannot be ruled out that one bug or another may turn up over time. We have set up a forum and invite you to discuss your experiences or problems there and suggest further enhancements. (kav)

Download: You will always find the latest version of Offline Update on the Project page

Forum: Discuss your experiences and questions in our Forum for Offline Update


[1] Windows Service Pack Road Map

[2] Update Error Codes, Microsoft.

[3] Windows Update Agent API documentation.

[4] Catalogue file

Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit