Windows XP offline updates - Which ones required?

Hi,

I'm using several XP pcs on a totally standalone network that is not capable of being connected to the internet. Is there any way of finding out which updates are required to bring them up to date?

Just had a virus infection (Conficker) that we have now got rid off, and now what to bring everything upto date to help spot anything. (Malacious Software Removal, Patches, etc.)

Using XP Pro, mixture of SP2 and SP3.

Now can I find out what's currently on the network, and then get the correct updates?

Is there a utility that can do this?

Thanks
 
Plugging in a usb stick or disk would infect the network if there was a virus on them. Logically, then, you need the same degree of security as if you connected to the internet. A standalone set up is still going to be vulnerable and you are less likely to identify a problem right away. That's just my opinion but it seems commonsense to take every precaution.
 
There are a couple of possibilities.

For most of us, something like AutoPatcher will work for you. Just prepare a thumb drive with AutoPatcher on it from an Internet-capable computer and give it a few hours... It will download all of the updates you need. Once it is ready, you can take the thumb drive and run the apup.exe program on the workstations -- It will silently install of the updates your downloaded.

A second solution is -- and this may not be applicable to you -- WSUS. You'll need Windows Server to host WSUS, so this is probably only useful if this is for a business or you have a very involved setup at home. ;-)

Check out these articles for more details about WSUS:

Configuring XP to use WSUS server for updates:
http://www.techrepublic.com/article/solutionbase-configuring-windows-xp-to-use-a-wsus-server/5888918

WSUS for your server:
http://technet.microsoft.com/en-us/windowsserver/bb332157
 
Plugging in a usb stick or disk would infect the network if there was a virus on them. Logically, then, you need the same degree of security as if you connected to the internet. A standalone set up is still going to be vulnerable and you are less likely to identify a problem right away. That's just my opinion but it seems commonsense to take every precaution.

If you DO have a Windows server and a domain, then disabling autoplay through GPOs is a very, very good idea.

If you DO NOT have a Windows server, but all of your computers are running Windows XP Professional then you can disable autoplay manually through gpedit ( Start > Run > gpedit.msc ).

If your computers are running XP Home, then you can change the registry as follows to disable autoplay on all drives:

Start > Run > regedit.exe

Navigate to:
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer

... and set the NoDriveTypeAutoRun value to 0xFF


A recent update to Windows XP was supposed to do disable autorun completely by default. So if you get those systems up to date with AutoPatcher, that'll probably be set for you automatically.
 
Back