Beruflich Dokumente
Kultur Dokumente
A: As long as release notes or installation hints don't recommend other, you may
unpack a new version's archive (.zip) over/into an existing structure, if you l
et existing files be overwritten.
Of course you may use the automatic self update functionality instead.
-------------------------------------------------------------------------------Q: Can I exclude patches from download and/or installation?
A: Yes, that's possible through customizing the download- and update scripts acc
ording to your requirements. You may add new patches or exclude existing ones. P
lease follow this guide:
1. Exclude patches from download
You have to differentiate between statically defined updates (like the latest Se
rvice Packs, for example) and updates that are determined dynamically at runtime
of the script.
a) Statically defined updates
To exclude static updates from download, please delete the corresponding URL def
initions in the matching file named "StaticDownloadLinks-<platform>[-<architectu
re>].txt" in the folder "static". Please note that the files residing here will
be overwritten on a software update.
b) Dynamically determined updates
To exclude dynamically determined updates from download, insert their knowledge
base ID (KBxxxxxx or simply xxxxxx) into the matching exclude file named "Exclud
eList-<platform>[-<architecture>].txt".
2. Excluding updates from installation
Once again you have to make a difference between statically defined and dynamica
lly determined updates.
a) Statically defined updates
The statically defined updates (latest version each) are:
- Service Pack (SP)
- Windows Update Agent (WUA)
- Microsoft Installer (MSI)
- Windows Script Host (WSH)
- Internet Explorer (IE)
These updates will be installed only if the version installed on the target syst
em is lower than the versions defined in the file "SetTargetEnvVars.cmd" (direct
ory .\client\cmd). If you generally want to prevent installation of one of those
updates, you have to modify the expected values in the "SetTargetEnvVars.cmd" o
r insert jump marks into the "DoUpdate.cmd" (which controls the installation pro
cess). You should do this in very special cases only, as with SP, WUA, MSI and W
SH, certain versions are required as preconditions.
b) Dynamically determined updates
To exclude dynamically determined updates from installation, insert their knowle
dge base ID (KBxxxxxx or simply xxxxxx) into the file "ExcludeList.txt" (directo
ry .\client\exclude). These updates will now be ignored; and you'll receive a wa
rning in the log.
The following updates are already excluded:
- kb816093 (Security update for Microsoft VM)
- kb951847 (.NET Framework 3.5 SP1 Family Update (will be explicitly installed i
f selected))
- kb890830 (Windows Malicious Software Removal Tool (MSRT))
- kb931125 (Trusted Root Certificates (will be explicitly updated if selected))
- kb2917500 (Revoked Root Certificates (will be explicitly updated if selected))
- kb926874 (Internet Explorer 7 (will be explicitly installed if selected))
- kb940767 (Internet Explorer 7 (will be explicitly installed if selected))
- kb944036 (Internet Explorer 8 (will be explicitly installed if selected))
e Microsoft server.
-------------------------------------------------------------------------------Q: Can I integrate patches for products made by third parties?
A: No, and there are no plans to add this. Patches from third parties commonly h
ave completely different command line parameters which makes an integration prob
lematic, if not impossible. Additionally, the Offline Update is meant for making
a PC as secure as possible before going online. Updates from third parties can
then be downloaded from their respective websites. Many third party products off
er some kind of auto-update mechanism to keep themselves current, e. g. Acrobat
Reader, Firefox, Thunderbird, SUN Java Runtime, and others.
-------------------------------------------------------------------------------Q: Is it possible to automate the creation of the update media (CD/DVD images),
with a scheduled task maybe? If yes, how do I do that?
A: Create a new batch file in the ".\cmd" directory, e. g. "DownloadUpdatesAndCr
eateISOImage.cmd". Then enter the desired calls to "DownloadUpdates.cmd" and "Cr
eateISOImage.cmd" with the required options into this file. An example of such a
file would be:
@echo off
call DownloadUpdates wxp enu
call CreateISOImage wxp enu
Next, create a scheduled task for your new custom script "DownloadUpdatesAndCrea
teISOImage.cmd" and select the desired run time. For example, if you intend to c
reate new update media following each Microsoft Patchday, select "second Wednesd
ay of every month".
-------------------------------------------------------------------------------Q: Can I start update installation from a shared network resource?
A: Yes, but you should only use the "Automatic reboot and recall" feature, if th
e shared resource permits anonymous access. Otherwise the automatic recall will
fail, because the share won't be accessible for the temporary administrator acco
unt "WOUTempAdmin".
If the network share doesn't have a drive letter assigned to, the "UpdateInstall
er" script will automatically do a drive mapping, because cmd.exe does not suppo
rt UNC paths (\\<server>\<share>) as the current directory (see http://support.m
icrosoft.com/kb/156276/).
If you like to assign a drive letter yourself using the "map network drive" feat
ure or "net use" command, you'll have to do this in an administrative context/co
mmand shell (Windows Vista/7/Server 2008(R2)), because the "UpdateInstaller" scr
ipt requests administrative privileges for patch installation.
Please keep in mind that installing patches over the network is against the phil
osophy of an Offline update, and the machine may be vulnerable to attacks while
the update process is still in progress.
-------------------------------------------------------------------------------Q: A patch is installed over and over again, in spite of being installed already
on the target system. What is the reason and how can I resolve this?
A: This problem regularly occurs when doing kernel updates on OEM systems; it's
a Microsoft issue.
To solve the issue, install such updates manually and specify the "/o" (or "/ove
rwriteoem") switch (as shown on http://support.microsoft.com/kb/262841).
-------------------------------------------------------------------------------Q: When installing patches I receive a warning, that kb890830 and kb976002 have
been skipped. Why aren't they integrated?
A: Patch kb890830 is not really an update, but the Malicious Software Removal To
ol (MSRT). This tool (MRT.exe) scans the PC once after a reboot for possible mal
ware infections, but it is inferior to commercial virus software in terms of det
ection rate and updating frequency (it's only updated once a moth on most PCs).
Additionally, multiple versions are contained in WSUSSCN2.CAB (Microsoft's updat
e catalog), so it's already filtered out on download. Patch kb976002 is the Brow
ser Choice update for European market.
-------------------------------------------------------------------------------Q: On patch installation I receive warnings about further missing updates. What'
s up?
A: WSUS Offline update by default downloads only patches contained in Microsoft'
s catalog WSUSSCN2.CAB. This includes at least all critical and security-related
patches, but not every important, recommended or optional one. If you feel the
need to include them, you are free to do so manually (see above).
-------------------------------------------------------------------------------Q: Can I force installation of patches despite them being installed already on t
he target system?
A: Yes, but not with the GUI (UpdateInstaller.exe). Call the batch file "Update.
cmd" directly using the "/all" option, e. g. "Update.cmd /autoreboot /showlog /a
ll".
-------------------------------------------------------------------------------Q: On my target system, the missing updates can't be determined; on another comp
uter, missing updates will be installed again and again. Why?
A: In most cases, the Windows Update Agent (WUA) is responsible for this misbeha
vior. To resolve this problem, please follow the instructions to reset the Windo
ws Update components (http://support.microsoft.com/kb/971058).
-------------------------------------------------------------------------------Q: On installation of patches I'm getting strange errors in the command line win
dow, e. g. "C:\wsusupdate\client\cmd\DetermineSystemProperties.vbs(92, 3) (null)
: 0x80041014". Then the script terminates. What is the cause and how can I solve
this problem?
A: For trouble-free execution, the script requires the correct installation and
configuration of the following Windows services/components: "Automatic Update/Wi
ndows Update (WUA)", "Windows Script Host (WSH)" and "Windows Management Instrum
entation (WMI)". Please check first if you have restricted or even disabled thes
e services with tools like TweakUI, nLite/vLite, XP-Antispy, XPy, Tuneup Utiliti
es etc.
If that's not the case, the cause is most probably an erroneous scripting compon
ents' or WMI registration.
To (re-)register the scripting components on your computer, please follow the in
structions at http://support.microsoft.com/kb/949140.
To check your WMI installation, use Microsoft's WMI diagnostics tool (http://www
.microsoft.com/downloads/details.aspx?familyid=d7ba3cd6-18d1-4d05-b11e-4c64192ae
97d&displaylang=en). Further technical information is given on http://technet.mi
crosoft.com/en-us/library/cc787057(WS.10).aspx; the WMI FAQs you'll find on http
://technet.microsoft.com/en-us/library/ee692772.aspx.
-------------------------------------------------------------------------------Q: When installing patches I'm receiving the error: "...\ListMissingUpdateIds.vb
s(17, 1) (null): The file or directory is corrupted and unreadable." or "...\Lis
tMissingUpdateIds.vbs(17, 1) (null): The signature of the certificate cannot be
verified." How can I solve that problem?
A: This error occurs, if the file ".\client\wsus\wsusscn2.cab" is truncated/corr
upted, because it has not been downloaded completely. Of course this invalidates
its digital signature. Please rerun the download and media creation again to re
place the bad file.
-------------------------------------------------------------------------------Q: My antivirus package reports the downloaded archive to be infected by a virus
/trojan? Is that true?
A: This is with very high probability a false positive! The archive contains com
piled AutoIt3 scripts, which some antivirus programs generally detect as malware
. You can verify the clean status of the scripts (*.au3) by compiling them yours
elf using the AutoIt3 compiler (http://www.autoitscript.com/autoit3/). Alternati
vely, upload the downloaded archive to a site like VirusTotal (http://virustotal
.com) or Jotti (http://virusscan.jotti.org) and let it be scanned by a multitude
of antivirus engines. Additionally, many antivirus suites have the possibility
to send the presumed false positives to the author, either manually over a web f
orm/email or automatically within the program. This will improve detection abili
-------------------------------------------------------------------------------Q: I have selected "Show log file", but after finishing the installation and reb
ooting, the log is not shown. What's the reason?
A: Maybe the user account you're logging in with after the final reboot has no p
ermission to access the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windo
ws\CurrentVersion\RunOnce or the log file (%SystemRoot%\wsusofflineupdate.log).
Please log in once with a sufficiently privileged account after finishing instal
lation and reboot.
-------------------------------------------------------------------------------Q: I enabled the "automatic reboot and recall" option, and now my PC automatical
ly logs into the "WOUTempAdmin" account. How can I prevent that and revert to my
previous account settings?
A: That issue rarely happens. Please help improve the software by submitting a d
etailed error report, including the preconditions and how to reproduce the error
, to the development team.
To "clean up" your OS do the following:
- Cancel running update scripts using <Ctrl>+C;
- Execute the "CleanupRecall.cmd" script in the "cmd" directory, then reboot.
If it still won't work, follow this guide:
- Log off the "WSUSAdmin" account. While doing this, hold the <Shift> key to pre
vent automatic login and show the Logon screen instead.
- Log on the "Administrator" account (or an account with administrative rights).
- Check for the existence of a file named "%SystemRoot%\wsusbak-winlogon.reg".
- If the file exists, start the registry editor ([Start - Run...] regedit) and d
elete the key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\W
inlogon". Then merge the backed up values back into the registry by double-click
ing the "%SystemRoot%\wsusbak-winlogon.reg" file and confirming the prompt. Then
you can delete that file.
- If the file doesn't exist, start the registry editor ([Start - Run...] regedit
) and modify some values of the key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windo
ws NT\CurrentVersion\Winlogon" as follows:
- DefaultUserName: Administrator (or another user account of your choice)
- DefaultPassword: Delete value
- AutoAdminLogon: Delete value
- ForceAutoLogon: Delete value
- Delete the "WOUTempAdmin" account using the "User accounts" Control Panel item
.
- Delete the user profile files if they still exist (XP: C:\Documents and Settin
gs, Vista/7: C:\Users).
- Reboot.
-------------------------------------------------------------------------------Q: During download, I receive a file integrity verification failure. What can I
do to resolve this?
A: If you're sure that the patch files in your repository weren't manipulated, y
ou may delete the corresponding checksum files under ...\client\md. They'll then
be recreated during the next download run.
-------------------------------------------------------------------------------Q: Why are check boxes grayed out when I start UpdateInstaller.exe?
A: The check boxes' availability is dependent on platform, update medium and pac
kage installation state.
-------------------------------------------------------------------------------Q: During download or installation, I receive an error indicating an invalid pac
kage.xml file. What can I do?
A: Your copy of Microsoft's update catalog file (...\client\wsus\wsusscn2.cab) s
eems to be corrupt. Please delete it and re-run the download process.
-------------------------------------------------------------------------------Q: Can I let the download window(s) stay in the background?
A: Yes. Please edit the UpdateGenerator.ini file and add an entry/line "minimize
ondownload=Enabled" to the "[Miscellaneous]" section.
-------------------------------------------------------------------------------Q: After installation of patches using the WSUS Offline Update finished, an empt
y box without contents appears on every reboot. Only when I click "OK", the boot
process continues.
A: It's uncertain at this time what causes this behavior. Please login as "Admin
istrator" and check if the Windows registry key "HKLM\SOFTWARE\Microsoft\Windows
\CurrentVersion\Run" contains a value named "WSUSOfflineUpdate", or if the key "
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" contains values named "D
eleteWOUTempAdminProfile" or "ShowOfflineUpdateLogFile". If they exist, delete t
hem.
Should these entries do not exist in the registry, this behavior was not caused
by the Offline Updater. The WSUS Offline Updater team welcomes further hints con
cerning this problem.
-------------------------------------------------------------------------------Q: I miss IEx, .NET, MSSE and WLE installation files for my language. Why aren't
they downloaded and what can I do to have them downloaded?
A: Since Service Packs and updates for Windows Vista / 7 / Server 2008(R2) are m
ultilingual, there's no 24-language selection table for these platforms, so by d
efault, only the English and German versions of those localized installation pac
kages for IEx, .NET, MSSE and WLE will be downloaded.
To have your favorite locale(s) downloaded in addition, you may use the ...\cmd\
AddCustomLanguageSupport.cmd script.
-------------------------------------------------------------------------------Q: The determination of "superseded updates" takes more than 15 minutes. How can
I speed it up?
A: Some Anti-Virus-Scanners (especially "Microsoft Security Essentials" (MSSE))
retard the required calculations. You may temporarily disable your AV scanner or
define an appropriate exception.
-------------------------------------------------------------------------------Q: I miss the x64 versions of Office 2010 Service Pack 2 and Office 2013 Service
Pack 1. How can I have them downloaded?
A: Please call ...\cmd\AddOffice2010x64Support.cmd {lng} once to add their URLs
to your custom static download definitions (see directory ...\static\custom).
-------------------------------------------------------------------------------Q: I don't need the German installation files for IEx, .NET, MSSE and WLE. How c
an I disable their downloads?
A: Please call ...\cmd\RemoveGermanLanguageSupport.cmd once to remove their URLs
from the static download definitions.
--------------------------------------------------------------------------------