Patch My PC Feature and Application Request
A community where customers and the community can provide feedback to make a better product for everyone! For more details on how we prioritize request, please see:
A community where customers and the community can provide feedback to make a better product for everyone! For more details on how we prioritize request, please see:
Some customers have to use an upstream WSUS that they do not control and in some cases have different PKI between environments, both of which prevent a wsusutil export/import to transfer 3rd party updates.
A nice solution would be the publishing service having the ability to download metadata AND the payload into some sort of archive, to allow for transfer to an air-gapped network where an additional install of the publishing service is installed. That offline publishing service could import the archive, sign with the appropriate certificate, and publish to the WSUS instance on the offline network.
Added Keywords: offline air gap no internet secure network
We support this scentio today that would work for most use cases, and we recently wrote a KB https://patchmypc.com/how-to-use-patch-my-pc-in-a-disconnected-environment-without-internet about the process. Overall, the process is very similar to how Microsoft updates work for a environment without internet https://docs.microsoft.com/en-us/mem/configmgr/sum/get-started/synchronize-software-updates-disconnected.
As far as the specific requirement for a scenario where you can't use WSUSUtil import/export because specific WSUS signing certificate requirements, I'd say it's unlikely we would have a feature in the near future for a fully offline publishing experience, because either way, the process would be similar with binaries and the active catalog needing to be manually copied, and it would only address that one possible use case for needing to sign updates with a different WSUS signing certificate. For this scenario today, you could set up a different WSUS server for each environment that needs a specific WSUS signing certificate.
Hey Charles, just wanted to let you know it will work fine today using wsusutil.exe export and then wsusutil.exe import (Just like Microsoft updates would work). The OP has a very specific scenario, and we are working on making that possible as well.
+3, I need this!