I'm trying to find an effective method to patch a large number of servers and PCs that operate in an air-gapped environment, meaning they have very limited connectivity. Downloading updates directly from Windows isn't an option, and tools like Intune and Azure Update Manager are also off the table due to their cost. Currently, we're using WSUS for updates, but I've heard it's going to be deprecated in Server 2025. I'm seeking alternatives that can simplify the patching process for these isolated systems.
3 Answers
There's been some confusion about WSUS—it's not actually deprecated. It's still supported and works fine for patching Windows Server 2025. You might want to check for the latest updates and guidance on its usage.
You could simplify the patching process by writing a PowerShell script that applies updates based on the OS version. Just download the update files (MSU) to a network share and run the script as a scheduled task or during system restart. It’s not perfect, but it’s a viable workaround in air-gapped situations.
I used WSUS Offline Update a while back, and it was effective for me. While the project has stopped updating since 2020, it could still be useful for some scenarios.
I noticed that too. It might be worth looking into how it's still performing, despite the lack of recent updates.