Creating Update Binaries
Applies To: Windows Server Update Services
WSUS supports publishing Windows Installer packages, command-line executables, or native drivers (a directory with the driver INF + other binaries). The method PublishPackage adds all the files in the specified directory to a cab file, signs the cab, and publishes the cab. While a typical directory contains a single update file, the directory may also a command-line executable setup file, other files used as part of the setup, or a native driver directory.
Update best practices
You should keep the following best practices in mind when you create an update binary.
You should not put unneeded files in the publishing directory, since the resulting cab will become larger than necessary. In addition, there should be no more than 65,535 files in a .cab file. An exception will be raised if this number is exceeded.
Updates should install silently, without dialog boxes and without requiring user intervention. For command line updates, always provide sufficient command-line arguments to ensure silent-mode installation. Any update that requires user interaction must be flagged by setting the binary-level “Requires user input” flag (although such updates will not support automated deployment).
Updates that do not require user input are installed in the System context and cannot target per-user-installed applications.
Updates should not require exclusive installation. When multiple updates are applicable to be installed on a computer, the Automatic Updates client may install them in batches. Security updates that are released as part of the MSRC bulletins are also released several at a time. Therefore, updates must ensure that they can all be installed in a single install session of Automatic Updates. The update metadata can specify that the update requires exclusive installation, but it is not recommended that you do so.
Updates should not require reboot. Rebooting may be unavoidable, since the binaries being updated may be in use, but it should not be required for other reasons. If the update metadata can specify that the update requires a reboot, all reboots are deferred until the end of the Automatic Updates session. For example, if multiple updates are being installed and the first update requires a reboot, that reboot will not occur until after the last update has been installed. Automatic Updates prompts the user to reboot at the end of any install session in which at least one update has indicated that reboot is required.
Updates should be made uninstallable.