Hey,
Now my sync end up with 500go of updates to download…
It download a bunch of old updates like 1709,1709×64,1803,1803×64 etc…
Just why ?
In product setting I just cheked Windows 10, 1903 and later» and in classifications «Upgrades, Critical Updates and Security Updates». I’ve create an automatic approval rule with the same product and classification.
My WSUS is also set to download updates files only when updates are approved.
Why I can’t just download only upgrade that I want (21H1) ? Why my WSUS server download those old updates ?
Thanks in advance
Read these next…
Merging two domains with the same name?
Windows
It seems that a possible company merger is coming down the pipeline, but as luck would have it, the active directory domains have the same name (ie, domain.local)The domain I maintain is running server 2019 at a 2016/2019 functional level.The other domain…
How can I track changes to network adapter configuration
Windows
Ok, so we have a site where most of the users have local admin and they have a small group of users who «know about computers». The site runs pretty smoothly but we’re seeing a bunch of users who are able to function on the wired network but aren’t able …
Snap! — Cooling in Antarctica, Back to the Moon, Biological Clothing, AI Sci-Fi
Spiceworks Originals
Your daily dose of tech news, in brief.
Welcome to the Snap!
Flashback: February 3, 1986: The term “vaporware” is first used by Philip Elmer-DeWitt in a TIME magazine article (Read more HERE.)
Bonus Flashback: February 3, 1966: Luna 9 Lan…
Safety Glasses with Glasses
Networking
I’m going to be pulling some new wire soon through some dirty drop ceilings, and without fail, at some point I always get a piece of something in my eye at some point during the job.I’d like to avoid that this time.I have struggled to find safety glasses …
AD on-premise courses
IT & Tech Careers
Hello!We have a predominantly on-prem AD environment. Whilst we will be moving to M365 that will be in a while.We have a number of junior staff that need basic instruction in Active Directory and file/folder permissions. I recall many years ago the MC…
Windows 10, version 21H1 is now available through Windows Server Update Services (WSUS) and Windows Update for Business, and can be downloaded today from Visual Studio Subscriptions, the Software Download Center (via Update Assistant or the Media Creation Tool), and the Volume Licensing Service Center[1]. Today also marks the start of the 18-month servicing timeline for this H1 (first half of the calendar year) Semi-Annual Channel release.
Windows 10, version 21H1 (also referred to as the Windows 10 May 2021 Update) offers a scoped set of improvements in the areas of security, remote access, and quality to ensure that your organization and your end users stay protected and productive. Just as we did for devices updating from Windows 10, version 2004 to version 20H2, we will be delivering Windows 10, version 21H1 via an enablement package to devices running version 2004 or version 20H2—resulting in a fast installation experience for users of those devices. For those updating to Windows 10, version 21H1 from Windows 10, version 1909 and earlier, the process will be similar to previous updates.
Jump to: What is an enablement package? | Tools | Resources | Features to explore | Deployment recommendations | Office hours
What is an enablement package?
Simply put, an enablement package is a great option for installing a scoped feature update like Windows 10, version 21H1 as it enables devices to update with a single restart, reducing downtime. This works because Windows 10, version 21H1 shares a common core operating system with an identical set of system files with versions 2004 and 20H2. As a result, the scoped set of features in version 21H1 were included in the May 2021 monthly quality updates for version 2004 and version 20H2, but were delivered in a disabled/dormant state. These features remain dormant until they are turned on with the Windows 10, version 21H1 enablement package—a small, quick to install “switch” that activates these features. Using an enablement package, installing the Windows 10, version 21H1 update should take approximately the same amount of time as a monthly quality update.
Note: If you are connected to WSUS and running Windows 10, version 2004 or version 20H2, but have not installed the May 2021 updates (or later), you will not see the version 21H1 enablement package offered to your device. Devices running version 2004 or version 20H2 connecting directly to Windows Update will be able to install the enablement package, but will also install the Latest Cumulative Update (LCU) at the same time (if needed), which may increase the overall installation time slightly.
Which tools are being updated for version 21H1?
To support the release of Windows 10, version 21H1, we have released updated versions of the following tools:
- Security baseline (final) for Windows 10, version 21H1 – Microsoft-recommended configuration settings, including explanations of their security impact.
- Administrative Templates (.admx) for Windows 10, version 21H1 – While natively accessible via the C:WindowsPolicyDefinitions folder in Windows, administrative template files can be downloaded separately and used to populate policy settings in the user interface of Group Policy tools, allowing you to manage registry-based policy settings.
- Group Policy settings reference spreadsheet for Windows 10, version 21H1 – List of the policy settings for computer and user configurations included in the ADMX files delivered for Windows 10, version 21H1.
- Windows 10 Enterprise Evaluation – Free 90-day evaluation of Windows 10, version 21H1 for IT professionals interested in trying Windows 10 Enterprise on behalf of their organization.
What about other tools?
As Windows 10, version 21H1 shares a common core and an identical set of system files with version 2004 and 20H2, the following tools do not need to be updated to work with version 21H1:
- Windows Assessment and Deployment Kit (Windows ADK) for Windows 10, version 2004 –Customize Windows images for large-scale deployment or test the quality and performance of your system, added components, and applications with tools like the User State Migration Tool, Windows Performance Analyzer, Windows Performance Recorder, Window System Image Manager (SIM), and the Windows Assessment Toolkit.
- Windows PE add-on for the Windows ADK, version 2004 – Small operating system used to install, deploy, and repair Windows 10 for desktop editions (Home, Pro, Enterprise, and Education). (Note: Prior to Windows 10, version 1809, WinPE was included in the ADK. Starting with Windows 10, version 1809, WinPE is an add-on. Install the ADK first, then install the WinPE add-ons to start working with WinPE.)
- Remote Server Administration Tools (RSAT) for Windows 10 – Tools that let you manage Windows Server roles and features from a Windows 10 PC. Starting with Windows 10, version 1809, RSAT are included as a set of «Features on Demand» in Windows 10 itself.
Any resources being updated?
To support Windows 10, version 21H1, we are updating the key resources you rely on to effectively manage and deploy updates in your organization, including:
- Windows release health hub – The quickest way to stay up to date on update-related news, announcements, and best practices; important lifecycle reminders, and the status of known issues and safeguard holds.
- Windows 10 release information – A list of current Windows 10 versions by servicing option along with release dates, build numbers, end of service dates, and release history.
- Windows 10, version 21H1 update history – A list of all updates (monthly and out-of-band) released for Windows 10, version 21H1 sorted in reverse chronological order.
New features to explore
As noted above, Windows 10, version 21H1 offers a scoped set of features focused on the core experiences that you rely on the most as you support both in person and remote workforces. Here are the highlights for commercial organizations:
- Windows Hello multi-camera support. For devices with a built-in camera and an external camera, Windows Hello would previously use the built-in camera to authenticate the user, while apps such as Microsoft Teams were set to use the external camera. In Windows 10, version 21H1, Windows Hello and Windows Hello for Business now default to the external camera when both built-in and external Windows Hello-capable cameras are present on the device. When multiple cameras are available on the same device, Windows Hello will prioritize as follows:
- SecureBio camera
- External FrameServer camera with IR + Color sensors
- Internal FrameServer camera with IR + Color sensors
- External camera with IR only sensor
- Internal camera with IR only sensor
- Sensor Data Service or other old cameras
- Microsoft Defender Application Guard enhancements. With Windows 10, version 21H1, end users can now open files faster while Application Guard checks for possible security concerns.
- Security updates. Windows 10, version 21H1 provides security updates for Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Kernel, Windows Virtualization, Internet Explorer, and Windows Media.
- Windows Management Instrumentation (WMI) Group Policy Service (GPSVC) updating performance improvements to support remote work scenarios. When an administrator would make changes to user or computer group membership, these changes would propagate slowly. Although the access token eventually updates, the changes would not be reflected in a troubleshooting scenario when the gpresult /r or gpresult /h commands were executed. This was especially experienced in remote work scenarios and has been addressed.
What else have we been up to?
Aside from Windows 10, version 21H1, we’ve been busy with other new, exciting features and solutions that you may have heard about! (Note that some of these may require additional licensing or services.) Check out the links for details:
- Passwordless authentication – Speaking of Windows Hello for Business, I wanted to make sure you didn’t miss our March announcement that passwordless authentication is now generally available for hybrid environments! This is a huge milestone in our zero-trust strategy, helping users and organizations stay secure with features like Temporary Access Pass.
- Windows Update for Business deployment service – Approve and schedule content approvals directly through a service-to-service architecture. Use Microsoft Graph APIs to gain rich control over the approval, scheduling, and protection of content delivered from Windows Update.
- Expedite updates – Expediting a security update overrides Windows Update for Business deferral policies so that the update is installed as quickly as possible. This can be useful when critical security events arise and you need to deploy an update more rapidly than normal.
- Known Issue Rollback – Quickly return an impacted device back to productive use if an issue arises during a Windows update. Known Issue Rollback supports non-security bug fixes, enabling us to quickly revert a single, targeted fix to a previously released behavior if a critical regression is discovered.
- News and interests – For devices running Windows 10, version 1909 or later, news and interests in the taskbar enables users to easily see local weather and traffic as well as favorite stocks and the latest news on topics related to professional or personal interests. To learn how to manage news and interests via Group Policy or Microsoft Endpoint Manager, see Manage news and interests on the taskbar with policy,
- Universal Print – Now generally available, Universal Print is ready for your business! Universal Print is the premier cloud-based printing solution, run entirely in Microsoft Azure, and requires no on-premises print infrastructure.
- …and so much more! Follow the Windows IT Pro Blog (and @MSWindowsITPro on Twitter) to keep up-to-date on Windows announcements and new feature releases, and the Microsoft Endpoint Manager Blog (and @MSIntune on Twitter) for announcements and features new to Intune and Configuration Manager.
Deployment recommendations
With today’s release, you can begin targeted deployments of Windows 10, version 21H1 to validate that the apps, devices, and infrastructure used by your organization work as expected with the new features. If you will be updating devices used in remote or hybrid work scenarios, I recommend reading or revisiting Deploying a new version of Windows 10 in a remote world. For insight into our broader rollout strategy for this release, see John Cable’s post, How to get the Windows 10 May 2021 Update.
If you need a refresher on Windows update fundamentals, see:
- Overview of Windows as a service
- Manage updates using Windows Update for Business
- Prepare updates using Windows Server Update Services
- Manage updates using Configuration Manager
For step-by-step online learning to help you optimize your update strategy and deploy updates more quickly across your device estate, see:
- Stay current with Windows 10 and Microsoft 365 Apps
- Manage Windows updates in the cloud
To get an early peek at some of the new features before we release them, join the Windows Insider Program for Business! Insiders can test new deployment, management, and security features, and provide feedback before they become generally available. Learn about managing the installation of Windows 10 Insider builds across multiple devices and get started today!
Join us for Office Hours
And finally, make sure you join our monthly Windows Office Hours, where you can ask your deployment, servicing, and updating questions and get answers, support, and help from our broad team of experts. Submit questions live during the monthly one-hour event or post them in advance if that schedule does not work for your time zone. Our next event is Thursday, May 20, 2021 so add it to your calendar and join us!
[1] It may take a day for downloads to be fully available in the VLSC across all products, markets, and languages.
WSUS Offline Update
для Windows
WSUS Offline Update — незаменимая программа для пользователей, которым необходимо установить свежие обновления Windows и Microsoft Office на компьютер с отсутствующим подключением к сети Интернет (в режиме оффлайн). Утилита позволяет скачивать обновления для мультиязычных версий Windows 7/8/8.1/10, Microsoft Office 2003/2007/2010/2013/2016, причем для каждой локации можно скачивать отдельные обновления.
В список загружаемых обновлений можно включать (или исключать) сервис-паки, Microsoft Security Essentials, библиотеки C++ Runtime, .NET Frameworks и Windows Defender Definition. По окончании загрузки присутствует возможность провести верификацию загруженных обновлений, сохранить данные в виде ISO-образа, после чего записать их на DVD-диск или USB-носитель.
ТОП-сегодня раздела «Обновления, патчи»
ASUS BIOS Update 7.18.03
ASUS BIOS Live Update — Фирменная утилита для обновления BIOS материнских плат ASUS через интернет…
MSI LiveUpdate 6.2.0.74
MSI LiveUpdate — это полезные и мощные приложения для автоматической загрузки и обновления BIOS,…
Отзывы о программе WSUS Offline Update
Nejtralist Absoljutnyj про WSUS Offline Update 12.0 [15-02-2021]
Ищите прямую автоматическую ссылку от разработчика на v8.9 в «WebArchive» — а эта версия (v12) поддерживает только всё, что не ниже Office 2013 и Windows 8.1.
| | Ответить
Александр про WSUS Offline Update 11.4 [30-05-2018]
Для офиса 2007 не подходит уже. Печально.
3 | 2 | Ответить
presto next про WSUS Offline Update 10.0.1 [11-09-2015]
Не понятная фигня !! Не потомучто на инглише а каким именно образом она отбирает и скачивает обновления и может ли она ваще понимать установлины ли у меня они ?? Например установит загрузчик IE 11 или SP 1 и к тамуже куда ???
3 | 4 | Ответить
Bey71 про WSUS Offline Update 9.5.3 [16-03-2015]
WSUS Offline Update 9.5.3 — уже не поддерживает Win XP
Плохо. И офис начинается с 2007. Будем искать версию постарше
2 | 2 | Ответить
Tryndec про WSUS Offline Update 8.2 [04-03-2013]
Программа очень полезна. Ставит без ошибок (пока) все фиксы, даже те которые не хотели становиться за один раз все вместе через кривой апдейтер винды. Полезно тем кто занимаеться настройкой и установкой системы очень часто.
9 | 3 | Ответить
Изменение схемы распространения Servicing Stack Updates для Windows 10 2004-21H1 на WSUS и решение ошибки 0x800f0823 — CBS_E_NEW_SERVICING_STACK_REQUIRED
В операционной системе Windows 10 для успешного получения обновлений ОС механизм «Центр обновления Windows» должен и сам регулярно обновляться.
Это происходит с помощью специальных обновлений SSU (Servicing Stack Updates). Актуальный список обновлений SSU для всех версий Windows можно найти на странице «ADV990001 — Security Update Guide — Microsoft — Latest Servicing Stack Updates».
Начиная с марта 2021 года, Microsoft перестала выпускать отдельные обновления SSU для сборок Windows 10 2004 и старше.
Теперь они интегрируются в последнее кумулятивное обновление LCU (Latest Cumulative Update). Информацию по этому поводу можно найти по ранее обозначенной ссылке в разделе FAQ:
4. Why are the 20H2 and 2004 rows no longer included in the table?
The Windows 10 20H2 and Windows 10 2004 Security Stack Update is included in the Update Package as of the March 2021 release. If you have not yet updated to the current release, the previous Security Stack Update for these versions is KB4598481. This version needs to be installed before updating to the March 2021 update.
Проблема:
Если у вас одобрено лишь последнее кумулятивное обновление, а кто-то из клиентов не получал предыдущие кумулятивы (например, в случае если клиентский компьютер был длительное время выключен), он вообще не сможет получить новые обновления.
В окне Центра обновлений будет показано, что новых обновлений не обнаружено и всё вроде бы «икебана».
Однако, в файле журнала %WinDir%LogsCBSCBS.log будут фиксироваться ошибки следующего вида:
...
Error CBS Package "xxx" requires Servicing Stack v10.0.19041.980 but current Servicing Stack is v10.0.19041.860. [HRESULT = 0x800f0823 - CBS_E_NEW_SERVICING_STACK_REQUIRED]
...
На ряду с этим, при попытке поставить последнее кумулятивное обновление вручную, будет выдана ошибка, сообщающая то, что оно не подходит для этой версии Windows и не может быть установлено.
Решение:
1. Установить на компьютер последний SSU для 2004-21H1 KB4598481
2. Затем установить Майское кумулятивное обновление KB5003173
Обратите внимание на то, что два указанных обновления придется не отклонять на WSUS и в дальнейшем, хотя в консоли WSUS они и будут отображаться, как замененные.
По крайней мере, пока порядок снова не поменяется.
Источник информации:
- June 8, 2021—KB5003637 (Секция «How to get this update» > «Before installing this update»)
Managing Windows Updates is a task every IT pro has probably done in their career. Managing patches is never fun, especially for offline Windows computers. If you have offline Windows computers, it’s time to automate the process as much as possible with the WSUS Offline Update tool!
The WSUS Offline Update tool, or what some call WSUSOffline, is a handy (and free) utility that downloads updates on an Internet-connected computer, packages up all necessary updates, and provides a way to install that package via offline media.
In this tutorial, you’re going to learn how to patch an offline computer with the WSUS Offline Update tool to become an offline-patching master!
Prerequisites
If you’d like to follow along with the steps in this tutorial, be sure you have the following:
- A Windows 7 SP1+ or Windows Server 2008 R2+ computer preferably that’s way behind on patching. The demos in this guide are going to use Windows Server 2012 R2 virtual machine.
- A separate Windows PC with Internet access to download updates.
Downloading and Setting up WSUS Offline Update
Before you can become an offline-patching master, you must first get your tool.
1. Open your favorite web browser and navigate to the WSUS Offline Update download page.
2. Click on the Version link shown below to download to your PC. As of this writing, the latest version is 12.03.2020.
WSUS Offline Update comes in two separate versions; the “Most recent version” and the “ESR version.” The “Most recent version” covers all modern Microsoft products. If you have older operating systems like Windows 7 SP1 or Windows Server 2008 R2, you’d have to use the “ESR version.” But note that WSUS Offline Update does not help get you around an extended security updates (ESU) agreement.
3. Once downloaded, extract the ZIP file, find and run the executable called UpdaterGenerator.exe. This EXE is the application that will help you customize offline updates.
When the tool launch, you’ll be in the Windows tab, as shown below, with a lot of options in front of you! Don’t worry, though. In the next section, you’ll learn how to perform each task necessary to download updates and patch that offline Windows computer.
Creating an Offline Update Package
Now that you have the WSUS Offline Update tool open let’s see what you can do with it. To demonstrate the tool, let’s assume you have an offline Windows Server 2012 R2 machine that needs all of the Visual C++ Runtime libraries, a version of .NET Framework, and the latest security updates.
Don’t worry if you don’t have Windows Server 2012 R2. The steps in this section apply to all Windows OS and Microsoft Office versions with only minor modifications.
Your first task is creating an offline update package. This offline update package can be created as an ISO image or stored on a USB drive. In this tutorial, you’re going to create the offline update package as an ISO file.
ISOs are easier to work with and can be mounted natively by Windows Server 2012 and newer. That’s why this article focuses on using them.
With the tool open:
1. First, uncheck all Windows 10 updates if you are not updating Windows 10. Failure to do so will cause WSUS Offline Update to download more than you might need, greatly increasing the update download and ISO creation time.
2. Since the tutorial will be patching a Windows Server 2012 R2 machine, click on the Legacy Windows tab. In this tab, select the OS you’re patching and the architecture. In this case, choose x64 Global (multilingual updates).
And, finally, pick the additional updates you’d like to download, such as C++ Runtime Library and .NET Frameworks, and Use “security-only updates” instead of “quality rollups.” Quality rollups are bundled updates. Security-only updates install faster and typically are smaller in size.
If you have an internal WSUS server with approved updates and would rather not download patches from the Internet, click on the WSUS button.
When you are satisfied with the selections, click on Start to begin the build process. WSUSOffline will open a command prompt window when you do so and will begin to download the required updates and create the ISO file. Be sure to leave this window open. This step takes a few minutes to complete.
If you selected a lot of options and different OS’es, this process could take HOURS! Be warned.
After the updates are finished downloading, and WSUS Offline Update has created the ISO image, you will see the following prompt:
3. To view the log file for the entire operation, click Yes. Otherwise, click No.
That’s it! You’ve created your first offline update ISO image that contains the updates you selected for Windows Server 2012 R2.
4. Now, open the folder you started WSUSOffline from and notice two folders called iso and client. These folders contain the updates the tool just downloaded. The Client folder contains all of the updates stored directly into the folder, while the iso folder holds the ISO, which has compressed all of the updates.
Inside of the iso folder, you will see an ISO file called wsusoffline-w63-x64.iso.
If you’d rather use a USB key to transfer the update package to the offline computer, you could also transfer the contents of the client folder directly to the USB key.
Applying an Offline Update Package
You now have an ISO file containing all of the required updates sitting on your local computer. It’s time to get that ISO file’s content to your offline computer!
As you can see below, an unpatched Windows Server 2012 R2 machine is waiting in the tutorial lab environment.
The Last installed updates status will not change after running WSUS Offline Update. This is because these fields are taken from registry keys that are updated only when using WSUS or Microsoft Update. They do not update when installing individual updates, which is what WSUS Offline Updater does.
To install the offline updates via the ISO file:
1. Copy the ISO to the offline computer using either a virtualized DVD drive in VMware or Hyper-V or using a USB key.
2. Connect to the offline computer’s console and log in with an administrative user account.
3. Next, find the ISO, right-click on it and click on Mount.
4. Now, navigate to the DVD drive that Windows created for the ISO file and run the UpdateInstaller.exe application.
5. In the installer dialog box, choose any other extra updates you’d like to install and select your required options. For this tutorial, select Update C++ Runtime Libraries, Update Root Certificates, and Install Management Framework 5.1.
When complete, click on Start to begin the installation process.
If WSUSOffline detects any of these updates are already installed, it will simply skip over them.
If the offline computer is way out of date, updating it may require multiple reboots. To prevent manually rebooting, start the tool again and repeat the process, select Automatic reboot and recall. This option will temporarily disable User Account Control (UAC), create a temporary user account, automatically reboot after installation, and continue patching until complete.
Once you click Start, WSUSOffline will open a command prompt and provide status messages throughout the update process. Do not close this window!
6. After the updates have been installed, reboot your computer. WSUS Offline Update will prompt you to restart your computer to complete the process if you did not choose the option to do so automatically.
7. If you did not select the Automatic reboot and recall option before starting the update, continue rebooting the computer and performing steps 4-6 again until WSUS Offline Update detects no more updates needed.
You now have a freshly patched and up to date offline Windows computer!
Conclusion
WSUS Offline Update is a tool that every sysadmin should have in their toolbelt. This tool saves so much time patching offline computers by automating most of the process.
If you haven’t been using WSUS Offline Update previously, how were you, and how does that process compare to this tool?