In this article, I examine four Windows Update download tools that allow you to download all updates for the various Windows versions. This enables you to perform offline updates or slipstream the updates into a Windows image.
Latest posts by Michael Pietroforte (see all)

Updating Windows through Microsoft Update or WSUS is usually the preferred method of keeping your Windows systems up to date. However, these methods sometimes cause problems or are not possible. Perhaps the computers have a slow Internet connection, or no connection at all. Or, you may want to install important hotfixes before the machine is connected to any network. Many admins also prefer to deploy a completely patched Windows and want to slipstream all available updates with DISM or System Image Manager.

Various ways exist to download the updates manually. If you just need the latest patches of a particular Windows version, you can grab the CAB files from C:\Windows\SoftwareDistribution\Download.

Another option is to search for specific updates in the Microsoft Download Center or Microsoft Update Catalog (Internet Explorer only). If you have to download multiple updates, the Update Catalog is more convenient because you can add all updates you need to your basket and then download them together.

These methods are okay if you just require a few patches for a particular Windows version. A more professional way is to use one of the free Windows Update download tools discussed below.

Portable Update

Portable Update makes use of the fact that Windows Update stores all updates in the folder mentioned above. First, you have to select the tool’s Search tab and then click Start. Portable Update will search for the available updates for this particular machine and display them on the Download tab, where you can then select some or all of the updates. If you click Start again, Portable Update downloads the selected patches as CAB files and stores them in its Cache folder.

List of available patches in Portable Update

List of available patches in Portable Update

If you copy the tool’s entire folder structure to a USB stick, you can easily install those updates on a second computer. For this, you have to click Start again on the Search tab so that Portable Update can determine which updates are missing on the second machine. Note that the second computer doesn’t have to be online for this purpose. On the Install tab, you can then select which patches you want to install.

Installing updates on a second machine with Portable Update

Installing updates on a second machine with Portable Update


AutoPatcher has the same purpose as Portable Update but works differently. It doesn’t use the current machine to generate a list of available updates; instead, it works with its own update lists. You can update a few other products besides Windows, such as Java or Adobe Reader.

Downloading updates with AutoPatcher Update Program

Downloading updates with AutoPatcher Update Program

First, you have to download the AutoPatcher Update Program (apup.exe). This tool is only for downloading updates. If you also want to install updates, you need the AutoPatcher Engine (autopatcher.exe), which you can find in the AutoPatcher Update Program list of available downloads. Autopatcher.exe, which will be downloaded to the same folder as apup.exe, automatically notices the updates that you downloaded with the Update Program.

Installing updates with AutoPatcher Engine

Installing updates with AutoPatcher Engine

A downside of AutoPatcher is that you can’t choose the updates of a particular Windows version that you want to download.

Note that the free tool downloads Windows updates as MSU files. You can find the files in the tool’s Module folder. If you want to slipstream the updates into a Windows image, you have to extract the CAB files from the MSU files. One way to do this is with the Windows command tool “expand”:

expand *.msu c:\targetdir

WSUS Offline Update

WSUS Offline Update also comes with two executables. The WSUS Offline Update Generator is for downloading the updates; the WSUS Offline Update Installer is for installing the updates and is automatically copied to the download folder.

WSUS Offline Update Generator

WSUS Offline Update Generator

As with AutoPatcher, you can only download all updates (not specific ones) for a particular Windows version. The tool also allows you to include service packs and a few other Microsoft packages, such as the Defender definitions and Microsoft Security Essentials. WSUS Offline Update also supports Office 2007, 2010, and 2013.

In the USB medium section, you configure the folder to which all the CAB files will be downloaded. You can just copy this folder to your USB stick and start Updatinstaller.exe to install the updates.

WSUS Offline Update Installer

WSUS Offline Update Installer

Windows Updates Downloader

Windows Updates Downloader is only for downloading files—that is, you can’t install updates with the tool. Its main advantage is that you can select the updates you want to download. Also helpful is that it distinguishes between security updates and non-security updates. This is useful if you just want to make sure that a newly deployed machine at least has all security patches. I also like that each update entry has a link to Microsoft’s Knowledge Base, which helps you decide which updates to download.

Windows Updates Downloader

Windows Updates Downloader

Before you can use Windows Updates Downloader, you have to download the update lists you need from the tool’s website. If you double-click an update list, the list is automatically loaded into Windows Updates Downloader. The tool downloads the selected updates as MSU files to the folder that you configured. Thus, if you want to slipstream the updates into your Windows image, you first have to extract the CAB files with the “expand” command (see above).

Do you know of another Windows Update download program? How do you deploy Windows images: with or without the latest updates?

  1. Dave N 9 years ago

    While I update my image every few months for one thing or another, and run updates at that time while I am at it, in between I point MDT at my WSUS server with a line in the deployment rules:


    Initially I just had imaged PCs put into an OU that pointed at the WSUS server and auto-updated, but that could take quite a while. Now, an image with office and a little other software will deploy and update in about an hour.

    You can configure a target group on WSUS and point MDT to that based on the deployment share rules, or create a target group variable in a task sequence. I just deploy desktops here some, but that would be handy if you were deploying servers and desktops and needed separate update groups on WSUS for them. I also believe you can tell MDT to determine the WSUS server based on subnet.

    If you don’t set a WSUS computer group, just make sure in WSUS that the automatic approval rule will apply to “unassigned computers” and they can get WSUS updates without first being in a group.

    Using MDT and WSUS means i dont have any manual work to do on updates.
    Unless I am updating a surface–because the firmware updates CAN NOT be downloaded in WSUS. You have to manually create an update thumb drive for a Surface Pro, boot to the drive, let it run the firmware updates, then use a USB ethernet adapter to PXE boot *shakes tiny fist at microsoft*

    see this technet article: How to Update the Surface Pro 3 Firmware offline using a USB drive

  2. Dave, thanks for the tips! You are right, WSUS and MDT work well together.

  3. Harry Lime 9 years ago

    Hi Michael and thank you very much for considering PortUp as an update solution.
    Reviewing your post, i think is better to clarify PortUp functionality.
    PortUp can be used to update offline or online computers. In either of two cases, his cache mechanism helps user to avoid to download the same update two times. This implies that the prevalent use of PortUp is to update many computers.

    In the offline mode, PortUp have to be run directly against the target (offline) machine, allowing to the software to list update needed to the offline computer. Second step, you can go to every computer connected to internet for restarting PortUp only for downloading updates needed to the first computer. So, in this case the second computer doesn’t need to have the same OS, as is used only as “download station”.

    In the online mode, operative steps resemble classical Windows Update methods, but using the local cache. In this mode, if you have already downloaded the update you gain time.

    Hope to have clarified the functional use.


  4. Harry, thanks for the comment. Unfortunately, I am a bit confused now. Is there anything wrong in the article? And how can you use PortUp for “many computers?” I didn’t find any remote installation features.

    The second procedure you describe sounds a bit cumbersome. I think if you have many different Windows versions, you are better off with a tool that works with download lists.

  5. Harry Lime 9 years ago

    Micheal, sorry for my confusing post.

    Typical PortUp use scenario is composed by many computers, often with the same OS, not connected (sneakernet) or bad connected (slow connected) to internet.

    In this scenario, the app reside physically on a external Usb disk with a decent free space that will be connected to every machine that needs to be updated.

    First step consist to use PortUp in offline mode to collect all desiderata updates from each bad-connected computer, using his Search function, allowing the app to collect all desiderata updates in a file in the toolbox directory (downloads.xml).

    The next step consist to connect the usb disk to a well-connected computer, and using PortUp from this computer to download physically all updates needed to the set of the bad connected machines (Download function). All updates will be stored in the Cache directory.

    Third Step is to return back to the set of bad connected computers and install the needed updates. This last step is composed by two-sub steps: Search and Install function.

    This scenario was the main functionality behind PortUp and is the principal reason for PortUp existence. Once developed this functionality, there are many positive side-effects:

    1) Many updates aren’t linked to a particular Os. This implies that if, for example, you download an Office update or a Defender one, you can use the same update for many computers, independently from OS used.

    2) You can use PortUp directly on your single, well connected computer as a Windows Update replacement. In this case, the Search function will use the Microsoft databases (Online mode) and not the local database (Offline mode). In this manner you will have the complete list of the needed updates (the local one is limited) and, more, all updates will be stored on your usb disk, allowing you to re-install completely from scratch the same computer or another computer without download a bit from internet (more or less).

    3) Last, but not least, PortUp use only WUA API. That is, isn’t a preventive updater, installing only the updates really needed from the system, as would the normal Windows Update. This is a distinctive characteristic that differ PortUp from all other offline updaters.

    Normally PortUp is used in environments where security is a must.

    I hope that this post clarify the PortUp use.

    Thank you very much for your hospitality.


  6. Mike 8 years ago

    From the description of the products each of them sound great for slipstream. However, what are replacements for WSUS, to deploy to certain updates multiple computers and different times?

  7. Harry Lime 8 years ago

    Hi Mike
    Actually I am studying a solution based on PortUp that should be an integral wsus replacement based on a http server and an agent on every client.

  8. Jack Scott 8 years ago

    re WSUS – I selected automatic reboot and recall option when updating a Windows 7 Pro x64 laptop assuming that the program would restart the machine when required and then restart itself to continue with the updates – however – I noticed that the Restart Required message appeared and nothing happened until I manually restarted the computer. Also, the program itself did not restart on reboot and I had to restart it manually from the client folder. Is this the way it is supposed to work or am I doing something wrong? Thank you.

  9. Bill Gates 5 years ago

    Portable Update’s feature to cherry pick individual update becomes an important advantage over the other alternatives. Lately some Windows updates can break the system (actually doing more harm than the malware and viruses their supposed to prevent). There is no way to isolate which update will break windows on mass installs.

    • Author

      Bill Gates, thanks for posting. What happened to your company? Why is Microsoft so desperate to force their buggy updates on Windows computers?

  10. Hadi 4 months ago

    Does wsus offline ,… support Windows 11?

Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account