Dynamic Update and Resulting Internet Communication in Windows Vista
In This Section
Benefits and Purposes of Dynamic Update
Overview: Using Dynamic Update in a Managed Environment
How Dynamic Update Communicates with Sites on the Internet
Controlling Dynamic Update to Limit the Flow of Information to and from the Internet
Benefits and Purposes of Dynamic Update
With Dynamic Update, if you start a computer from an existing operating system (for example, Windows XP with Service Pack 2) and then run Setup for Windows Vista from that operating system, Setup can check for new Setup files, including drivers and other files.
Note
If you perform a network boot, for example, from a PXE-enabled client, and then run Setup for Windows Vista, Dynamic Update does not occur. Similarly, if you start a computer with the Windows Preinstallation Environment (Windows PE), Dynamic Update does not occur.
In an interactive installation, the person installing Windows Vista is prompted to choose whether to allow Dynamic Update to occur. In an unattended installation using an answer file, an entry in the answer file can control whether Dynamic Update occurs.
Using Dynamic Update reduces the need to apply patches to recently installed systems, and makes it easier to run Setup with hardware that requires a driver that was recently added or updated on the Windows Update Web site. For example, if a new video adapter requires a driver that was recently added to the Windows Update Web site, with Dynamic Update, the driver can be downloaded so that the video adapter is supported during Setup.
Dynamic Update performs the same kind of check for software updates as can be performed through the existing, installed operating system (for example, through Windows XP with Service Pack 2), except that Dynamic Update happens during Setup for Windows Vista, and a limited set of software updates can be downloaded through Dynamic Update. All files that are made available through Dynamic Update are very carefully tested and fall into three categories:
- Setup software updates: These updates help Setup run correctly. Dynamic Update handles only limited, important Setup updates.
- New or changed drivers: These are drivers that are known to be necessary for success with Setup. They include only network, video, audio, and mass storage drivers. Dynamic Update downloads only the files that are required for a particular computer, which means that the Dynamic Update software briefly examines the computer hardware. The information collected is not saved. The only purpose for examining the hardware is to select appropriate drivers for it. This keeps the download time as short as possible and ensures that only necessary drivers are downloaded to the hard disk.
Note that another alternative for installing drivers during Setup is to use interactive Setup and press F6 when prompted. A third alternative is to make use of a deployment technology that allows you to create operating system images and control the drivers included in a specific image. - Updates to operating system features: These are high-priority updates that can help make operating system features more resistant to attack in the period immediately after installation. These updates help increase the security of a newly-installed operating system when it first connects to a network, during the time before you begin your standard software update process (whether you use the Windows Update Web site, Windows Server Update Services, or a system management solution).
Dynamic Update checks for the new files in the same location that the existing operating system (the one from which Setup for Windows Vista was run) was using for software updates:
- The Windows Update Web site: On a client that had been receiving software updates from the Internet, Dynamic Update continues to go to the Internet, that is, the Windows Update Web site.
- A Windows Server Update Services (WSUS) server: On a client that previously used WSUS, Dynamic Update continues to go to a WSUS server.
For information about WSUS, see the following pages on the Microsoft Web site: - A system management server: On a client that previously used system management servers, for example, servers running Microsoft Systems Management Server 2003 R2, Dynamic Update continues to go to a management server.
For information about system management server software offered by Microsoft, see the Microsoft Web site at:
https://go.microsoft.com/fwlink/?LinkId=70683
Overview: Using Dynamic Update in a Managed Environment
In a managed environment where you are installing Windows Vista on many computers, you might choose to prevent Dynamic Update from connecting to the Windows Update Web site. To do this, you can use Windows Server Update Services or a system management solution, or you can perform unattended installation with an answer file entry that prevents Dynamic Update. For more information, see "Controlling Dynamic Update to Limit the Flow of Information to and from the Internet," later in this section.
How Dynamic Update Communicates with Sites on the Internet
This subsection focuses on the communication that occurs between Dynamic Update and the Windows Update Web site during an interactive installation (or a pre-installation compatibility check) when the computer has access to the Internet. This subsection also provides a description of the default behavior of Dynamic Update with unattended setup.
Note
This subsection describes how Dynamic Update works if a client runs an existing operating system (for example, Windows XP with Service Pack 2), the client is currently configured to go to the Windows Update Web site for software updates, and you run Setup for Windows Vista from the operating system already running on the client. Adjust the description to fit other scenarios, for example, where WSUS is being used.
For a description of how you can control the behavior of Dynamic Update during unattended installations, see "Controlling Dynamic Update to Limit the Flow of Information to and from the Internet," later in this section.
Specific information sent or received: When Dynamic Update contacts the Windows Update Web site, it sends only the exact operating system version and the information necessary for appropriate drivers to be selected (network, video, audio, and mass storage drivers). The information it collects about the hardware devices on that particular computer is only what is needed to identify drivers needed for a successful completion of Setup.
The files that Dynamic Update downloads are only those that are important to:- Ensure that Setup runs successfully.
- Help protect operating system features in the period immediately after installation (until the normal software-update process can begin).
Files with minor updates that have little impact on the preceding items are not made available through Dynamic Update. Some of the updated files will be replacements (for example, an updated Setup file) and some will be additions (for example, a driver not available at the time that the Setup CD was created).
Default behavior and triggers: During interactive installation, the person installing is offered the following options:
- Go online to get the latest updates for installation
- Do not get the latest updates for installation
If the person installing chooses the first option, Dynamic Update occurs.
During unattended installation with an answer file, if the answer file does not contain any entries related to Dynamic Update, Dynamic Update will occur.
Note that for either interactive or unattended installation, if the computer is not connected to the Internet during installation, Dynamic Update cannot occur.User notification: During an interactive installation, the person installing is notified when the choice of whether to run Dynamic Update is offered. During an unattended installation, there is no notification (unattended installation by definition means that no user interaction is required).
Logging: By default, the progress of Setup is logged in systemroot\Panther\setupact.log. You can view this log if you have questions about Dynamic Update, for example, if you want to know whether Dynamic Update occurred, or which files were successfully downloaded during Dynamic Update.
Encryption: Dynamic Update uses the same encryption methods as Windows Update, which means initial data is transferred using HTTPS, and updates are transferred using HTTP.
Access: No information about the hardware devices on a particular computer is saved or stored, so no one can access this information. The information is used only to select appropriate drivers.
Privacy: Dynamic Update is covered by the same privacy statement that covers Windows Update. The privacy statement for Windows Update is on the Microsoft Web site at:
https://go.microsoft.com/fwlink/?LinkId=72162Transmission protocol and port: Dynamic Update uses the same transmission protocols and ports as Windows Update: HTTP with port 80 and HTTPS with port 443.
Ability to disable: During interactive Setup, the prompt for Dynamic Update will always appear (it cannot be disabled), but the person installing can decline at the prompt. During unattended installation with an answer file, Dynamic Update is disabled if the answer file includes the following lines:
<DynamicUpdate> <Enable>false</Enable> </DynamicUpdate>
Controlling Dynamic Update to Limit the Flow of Information to and from the Internet
As summarized in "Overview: Using Dynamic Update in a Managed Environment," earlier in this section, if you do not want Dynamic Update to connect to the Windows Update Web site during the installation of Windows Vista, you have several options:
- Use Windows Server Update Services or a system management solution: You can use Windows Server Update Services or a system management solution to cause Dynamic Update to use a server you configure instead of the Windows Update Web site.
For more information about Windows Server Update Services, see https://go.microsoft.com/fwlink/?LinkId=70686 and https://go.microsoft.com/fwlink/?LinkId=72156
For more information about the system management solutions offered by Microsoft, see https://go.microsoft.com/fwlink/?LinkId=70683. - Avoid Dynamic Update: You can avoid using Dynamic Update, which means that Setup will use only the files and drivers provided on the CD for Windows Vista. The method by which you avoid using Dynamic Update depends on how you are performing the installation:
Interactive installation: During interactive installation, when prompted, you can choose not to use Dynamic Update. As an alternative, you can ensure that the computer does not have Internet access.
Unattended setup: During unattended installation with an answer file, Dynamic Update does not occur if the answer file includes the following lines:
<DynamicUpdate> <Enable>false</Enable> </DynamicUpdate>
For more information about deployment and about unattended installation, see the following documents on the Microsoft Web site:
https://go.microsoft.com/fwlink/?LinkId=70685
https://go.microsoft.com/fwlink/?LinkId=70684
For additional information about performing unattended installations, see Appendix A: Resources for Learning About Automated Installation and Deployment for Windows Vista.