28,659 questions
WSUS in a disconnected network uses wsusutil to export and import the data from an online WSUS server to a WSUS server in the disconnected network.
Windows Updates In A Air Gapped Network
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 63%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Samantha Slack
0
Reputation points
How would I update my windows systems in a air gapped network? I have seen people mention WSUS Offline Updater and wsusutil. I can't find any "how to" for any of these though.
We currently have a laptop that has a wsus on it that would download all of the updates transfer it to a drive and then scan it on a OPSWAT system for vulnerabilities. After the scan is finished it is transferred to a drive that can go onto the air gapped system; basically sneakernet it to our wsus server in the air gapped network.
Is there a better way to do this? Our systems haven't been updated in a while so would I know how far back the updates I need to get? Would I use the Windows Update Agent on all systems and how would I use that correctly? If I could find training on how to do this like videos or "how to" that would be helpful.
Do I download the entire catalog for windows then move it all into my WSUS? This would make a lot of declined updates so how do I delete all of those when I no longer need them?
Windows for business | Windows Client for IT Pros | User experience | Other
2 answers
Sort by: Most helpful
-
Adam J. Marshall 10,356 Reputation points MVP2024-10-18T01:20:33.6133333+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 10%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Samantha Slack 20 Reputation points2024-10-18T13:30:32.7466667+00:00 Thank you I will look over this documentation.
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 9%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWL%3C/text%3E%3C/svg%3E)
Wesley Li 11,275 Reputation points2024-10-18T13:26:09.24+00:00 Hello
Updating Windows systems in an air-gapped network can indeed be challenging, but there are several methods and tools you can use to streamline the process. Here are some steps and resources that might help you:
WSUS Offline Updater: This tool allows you to download Windows and Office updates and install them from a local storage device. You can download the updates on a machine with internet access, transfer them to a USB drive, and then use the WSUS Offline Updater to install them on the air-gapped systems. This method is useful for ensuring that all necessary updates are applied without needing direct internet access.
WSUSUtil Tool: This tool can be used to export and import updates between WSUS servers. You can use it to synchronize software updates metadata from a WSUS server with internet access to a WSUS server in the air-gapped network. This involves exporting the updates from the internet-connected WSUS server to removable media and then importing them to the air-gapped WSUS server.
BatchPatch: This tool provides several modes of operation for offline updates. It allows you to scan the isolated network for needed updates, download them on an internet-connected network, and then transfer them to the air-gapped network. This method can be particularly useful if you have specific rules and processes for transferring files to and from the air-gapped network.
Additional Tips
Determine Update Requirements: To know how far back the updates you need to get, you can use the Windows Update Agent on all systems to scan for missing updates. This will help you identify the specific updates required for each system.
Managing Declined Updates: If you download the entire catalog for Windows, you can use the WSUS cleanup wizard to remove declined updates when they are no longer needed. This helps in managing the storage and ensuring that only necessary updates are retained.
-
Deleted
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
-
Samantha Slack 20 Reputation points
2024-10-22T13:59:53.83+00:00 Can you please tell me where I can get the updated Windows Update Agents every month?
Sign in to comment -