I don't do this often, but when I've had to, I follow this procedure. First, I use Shavlik for patching normally so that's the tool I use for this - and since it works with lots of 3rd party apps, thats just a bonus.
I setup a VM that mimics the current state of the disconnected machine but that is accessible by the Shavlik server. Run a scan against the VM and deploy the files to it. This sends down all the patch executables and a batch file with instructions for installing them in the correct order. Take that package of files to the disconnected machine via a CD or whatever and run the batch file. Later, apply that same package to the VM so now you've got the same system state as the disconnected machine. Rinse and repeat each month. Obviously you still need a deployment license for the disconnected machine as well as the VM. - Andy O. >-----Original Message----- >From: Ben Scott [mailto:mailvor...@gmail.com] >Sent: Thursday, March 05, 2009 6:04 PM >To: NT System Admin Issues >Subject: Offline patching Vista / Microsoft Update Catalog searching > >Hi all, > > I'm working on getting our first stand-alone Vista computers set up. > By "stand-alone", I mean these computers are not and cannot be >connected to *ANY* network -- including the Internet. No Ethernet, no >modem, no nuttin'. The only way files get to these computers is by >sneakernet -- carried on removable media like diskettes or CDs. > > I'm looking for a way to easily obtain the various Microsoft >critical/security updates for Vista. Then I can burn them to a CD for >installation on these PCs. Keeping these sorts of computers current >with all patches is a new requirement for us, so I've got nothing in >place for this. On the corporate network, I use WSUS 2.0, but that >doesn't help for this. The MS Office site at least gives you a way to >drill down to this stuff. > > I was hoping I could go to the Microsoft Update Catalog ><http://catalog.update.microsoft.com/> and get a list of the needed >updates. I could then download them all, and script something to >install them. But I'm not having much luck searching the catalog. >I'd like it to show me all post-SP1 critical and security updates for >i386 (x86-32). That doesn't seem to be possible. The search syntax >appears to be fixed at a boolean AND of all search terms, with no NOT >operator or anything. :-( I also couldn't find a way to select just >i386. All my searches are finding hundreds and hundreds of matches. > > The Microsoft Download site appears equally ineffective. I can't >easily find a way to specify post-SP1 updates, or i386. Even >selecting the "Security Updates" category seems to find stuff that's >not really a security update. > > If a payware product is the only way to do this, I can go that >route, but it has to support offline usage as described above. > > Suggestions welcomed! > > advTHANKSance > >-- Ben > >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
