This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 88%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER9%3C/text%3E%3C/svg%3E)
Hello I support a customer who has two labs without external connectivity. I know normally that to get to 22h2 in Domain/work environment or at home that you receive the 22H2 Enablement via WSUS, SCCM, or Windows Update.
To my knowledge and according to KB5040427 this msu/Enablement is not being made available on the Microsoft Update Catalog website. There is an msu there for that KB but it does not bring the build to 22H2.
This would mean without this update that the only path forward would be via a 22H2 ISO with an in place upgrade which leaves me with questions. In place upgrades are almost like laying down the whole OS again and I am wondering what that would do to any hardening done on these machines.
The reason for going to 22h2 is for compliance reasons as 21H2 is now considered end of life.
Normally I am able to airgap updates using Microsoft's wsusscn2.cab file however because MS treats 22H2 differently that does not come down with normal updates.
July 9th 2024 KB5040427
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 55.00000000000001%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHL%3C/text%3E%3C/svg%3E)
Hello,
May I know whether your issue has been solved or not?
If you have any problems about the thread, please feel free to let us know.
Best Regards,
Hania Lian
Hello,
Regarding your concerns about in-place upgrades and system hardening:
Preservation of Settings: In-place upgrades are designed to retain your applications, settings, and data. However, it’s always a good practice to back up critical data before proceeding.
Hardening Configurations: Most hardening configurations should remain intact after an in-place upgrade. However, some settings might revert to their defaults, especially if they are not supported in the new version. It’s advisable to review and reapply hardening policies post-upgrade.
Testing: Before performing the upgrade on all machines, consider testing the process to identify any potential issues with hardening or other configurations.
Best Regards,
Hania Lian
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Question: Do you have WSUS within your Disconnected Environment? This is the proper way to do it (export metadata from online WSUS, copy data to media, sneakernet data to disconnected network, copy data to disconnected WSUS, import the metadata to the disconnected WSUS). Then your devices in the disconnected network check WSUS for updates and find the enablement package and will update using it.