Monday, 7 August 2017

Without SCCM or WSUS want to Patch my machines as Offline

Do you want to install Patches for a internet offline connected machines ?

Install patches where no internet on machines 

Below are the steps that can be performed.

Copy mbsacli.exe & wusscan.dll (Get these files from MBSA tool, install MBSA tool from https://www.microsoft.com/en-in/download/details.aspx?id=7558) on a test machine and get these two files from installed directory) ==> This is a one time task, You no need to repeated this step on every month However next steps are repeated every month.

Download wsusscn2.cab file from http://download.windowsupdate.com/microsoftupdate/v6/wsusscan/wsusscn2.cab ==> you need to download every month this file. This file has latest patches as Microsoft keeps updated when they release any pacthes to this file.

Copy above three files to a Single folder in my case "Offlinescan" (C:\Users\Theone\Downloads\offlinescan\)

Run this command on a machine that you wanted to patch without having internet access or SCCM or WSUS, this will create create a XML file with missing and installed patches list.

C:\Users\Theone\Downloads\offlinescan>MBSACLI /xmlout /catalog C:\Users\pbadugu\Downloads\wsusscn2.cab /unicode >updates.xml

The above command creates a file called updates.xml with what is missing and what is installed, by any chance you want to see try to open in Excel :) .. Tip :) 

Now we need to download all the missing files and get create a installation batch file. Below powershell script does this exactly for you in automated fashion.

If you want to download the required Patches, try to copy the above folder "Offlinescan"  in my case "C:\Users\Theone\Downloads\offlinescan" to a machine that has internet access and run below powershell script this will download the missing patches and creates a batch file for automated installation of missing Patches.


$UpdateXML = "C:\Users\Theone\Downloads\offlinescan\updates.xml"
$toFolder = "C:\Users\Theone\Downloads\offlinescan\"
$installFile = $toFolder +"\_Install.bat"

#Initialize webclient for downloading files
$webclient = New-Object Net.Webclient
$webClient.UseDefaultCredentials = $true

# Get the content of the XML file
$Updates = [xml](Get-Content $UpdateXML)

"@Echo Off" | Out-File $installFile
"REM This will install all patches" | Out-File $installFile -Append

foreach ($Check in $Updates.XMLOut.Check)
{
Write-Host "Checking for", $Check.Name
Write-Host $Check.Advice.ToString()

#Checking for files to download
foreach ($UpdateData in $Check.Detail.UpdateData)
{
if ($UpdateData.IsInstalled -eq $false)
{
Write-Host "Download the file for KB", $UpdateData.KBID
Write-Host "Starting download ", $UpdateData.Title, "."
$url = [URI]$UpdateData.References.DownloadURL
$fileName = $url.Segments[$url.Segments.Count – 1]
$toFile = $toFolder +"\"+ $fileName

#Below line can be commented IF you do not want to download and just create a batch file for Patch installaton, this can be used in non internet connected machines.

$webClient.DownloadFile($url, $toFile)


Write-Host "Done downloading"

"@ECHO Starting installing "+ $fileName | Out-File $installFile -Append
if ($fileName.EndsWith(".msu"))
{
"wusa.exe "+ $fileName + " /quiet /norestart /log:%SystemRoot%\Temp\KB"+$UpdateData.KBID+".log" | Out-File $installFile -Append
}
elseif ($fileName.EndsWith(".cab"))
{
"start /wait pkgmgr.exe /ip /m:"+ $fileName + " /quiet /nostart /l:%SystemRoot%\Temp\KB"+$UpdateData.KBID+".log" | Out-File $installFile -Append
}
else
{
$fileName + " /passive /norestart /log %SystemRoot%\Temp\KB"+$UpdateData.KBID+".log" | Out-File $installFile -Append
}
"@ECHO Installation returned %ERRORLEVEL%" | Out-File $installFile -Append
"@ECHO." | Out-File $installFile -Append
Write-Host
}
}

Write-Host
}