Dynamic Update and Internet Communication (Windows Server 2003)

  • Article

Applies To: Windows Server 2003 with SP1

This section provides information about:

  • The benefits of Dynamic Update

  • How Dynamic Update communicates with sites on the Internet

  • How to control Dynamic Update to limit the flow of information to and from the Internet

Benefits and Purposes of Dynamic Update

With Dynamic Update, Setup for the Microsoft Windows Server 2003 family can check the Windows Update Web site for new Setup files, including drivers and other files, while the server operating system is being installed. In an interactive installation (in contrast to an unattended installation), the person installing a product in the Windows Server 2003 family chooses whether to allow Dynamic Update.

In a managed environment, if you are using Setup (Winnt32.exe) for unattended installation, you can create a shared folder on a server and deliver Dynamic Update files to destination computers from that shared folder (instead of downloading the files directly from the Windows Update Web site to the computer being installed). For additional information about how to do this, see "How Dynamic Update Communicates with Sites on the Internet," and "Controlling Dynamic Update to Limit the Flow of Information to and from the Internet," later in this section.

Whenever an important update is made to any crucial Setup file, that update is made available through Dynamic Update functionality built into the Windows Update Web site. Some of the updated files will be replacements (for example, an updated Setup file) and some will be additions (for example, a driver not available at the time that the Setup CD was created). All files on the Dynamic Update section of the Windows Update Web site are carefully tested, and only files that are important in ensuring that Setup runs well are made available.

Using Dynamic Update reduces the need to apply patches to recently installed systems, and makes it easier to run Setup with hardware that requires a driver that was recently added or updated on Windows Update. For example, if a new video adapter requires a driver that was recently added to Windows Update, with Dynamic Update, the video adapter is recognized and supported during Setup.

Dynamic Update downloads only the files that are required for a particular computer, which means that the Dynamic Update software briefly examines the computer hardware. No personal information is collected, and no information is saved. The only purpose for examining the hardware is to select appropriate drivers for it. This keeps the download time as short as possible and ensures that only necessary drivers are downloaded to the hard disk.

Overview: Using Dynamic Update in a Managed Environment

If you do not want Dynamic Update to connect to the Windows Update Web site during the installation of a product in the Windows Server 2003 family, you have two options:

  • Creating a shared folder and delivering Dynamic Update files to destination computers from that shared folder: You can ensure that when Setup (Winnt32.exe) for the Windows Server 2003 family is run in your organization, Dynamic Update does not connect to the Internet but instead uses the files you place on a server. To do this, you create a shared folder on a server in your organization, download Dynamic Update files to that server, and run unattended installations using Winnt32.exe with appropriate options.

  • Avoiding Dynamic Update: You can avoid using Dynamic Update, which means Setup will use only the files and drivers provided on the CD for products in the Windows Server 2003 family. For more information, see "Avoiding Dynamic Update," later in this section.

The subsections that follow provide more information about these options.

For additional sources of information about performing unattended installation, see Appendix A: Resources for Learning About Automated Installation and Deployment (Windows Server 2003).

How Dynamic Update Communicates with Sites on the Internet

This subsection focuses on the communication that occurs between Dynamic Update and the Windows Update Web site during an interactive installation (or a preinstallation compatibility check) when the computer has access to the Internet. This subsection also provides some description of the default behavior of Dynamic Update with unattended Setup.

For information about how you can control the behavior of Dynamic Update during unattended installation, see "Controlling Dynamic Update to Limit the Flow of Information to and from the Internet," later in this section.

  • Specific information sent or received: When Dynamic Update contacts the Windows Update Web site, it sends only the information necessary for appropriate drivers to be selected. In other words, it collects only necessary information about the hardware (devices) on that particular computer. No personal information is collected.

    The Setup files and drivers downloaded by Dynamic Update consist only of files that are important in ensuring that Setup runs successfully. Files with minor updates that will not significantly affect Setup are not made available through the Dynamic Update section of the Windows Update Web site. Some of the updated files will be replacements (for example, an updated Setup file) and some will be additions (for example, a driver not available at the time that the Setup CD was created).

  • Default behavior and triggers: Dynamic Update may connect to the Internet, depending on how Setup is run. The following table provides details.

    Choices for running Setup and effects on Dynamic Update



    Choice

    Steps to take and effect on Dynamic Update    		 Does Dynamic Update connect to the Internet?

    Running a preinstallation compatibility check

    Insert the Setup CD and choose the appropriate options for checking system compatibility. You are offered the choice of running or skipping Dynamic Update.

    Yes, if you choose to run Dynamic Update.

    Interactive installation

    Start Setup from the CD or a network and run it interactively. You are offered the choice of running or skipping Dynamic Update.

    Yes, if you choose to run Dynamic Update.

    Unattended Setup without an answer file and without the use of any options that affect Dynamic Update

    Run the Winnt32.exe command with the /unattend option, but do not provide the name of an answer file and do not specify /dudisable or any other options that affect Dynamic Update. Dynamic Update is triggered under these conditions for both unattended installation and unattended upgrade.

    Yes.

    Unattended Setup with the /dudisable option

    Run the Winnt32.exe command with the /unattend option and also with the /dudisable option. If the /dudisable option is used, Dynamic Update is not triggered, regardless of whether an answer file is used.

    No.

    Unattended Setup with an answer file that specifies that Dynamic Update should not be disabled

    Create an answer file that includes an [Unattended] section with an entry that specifies dudisable = No. Run the Winnt32.exe command with the /unattend:answer_file option. Dynamic Update is triggered (although see the previous entry in this table).

    Yes.

    Unattended Setup with an answer file that does not specify any options that affect Dynamic Update

    Run the Winnt32.exe command with the /unattend:answer_file option. By default, if the answer file does not specify any options that affect Dynamic Update, Dynamic Update is disabled.

    No.

    Unattended Setup without an answer file and with the /dushare option

    Prepare a shared folder as outlined in "Creating a shared folder and delivering Dynamic Update files to destination computers from that shared folder," later in this section. When you run Winnt32.exe, run it with the /dushare = path_to_downloaded_files option. Dynamic Update uses the folder specified in the /dushare option and does not connect to the Internet.

    No. Dynamic Update uses the files in the shared folder that you created.

    Unattended Setup with an answer file that contains the DUShare entry

    Prepare a shared folder as outlined in "Creating a shared folder and delivering Dynamic Update files to destination computers from that shared folder," later in this section. Create an answer file that includes an [Unattended] section with an entry that specifies dushare = path_to_downloaded_files. Run the Winnt32.exe command with the /unattend:answer_file option. Dynamic Update uses the folder specified in the DUShare entry and does not connect to the Internet.

    No. Dynamic Update uses the files in the shared folder that you created.

  • User notification: During an interactive installation, the user is notified when the choice of whether to run Dynamic Update is offered. During an unattended installation, there is no notification (unattended installation by definition means that no user interaction is required).

  • Logging: By default, the progress of Setup is logged in systemroot\Winnt32.log. By using command options for the Winnt32.exe command, you can control the name of the log and the level of detail it contains.

  • Encryption: The data is transferred from Microsoft using HTTPS.

  • Access: No information about the hardware (devices) on a particular computer is saved or stored, so no one can access this information. The information is used only to select appropriate drivers.

  • Privacy statement: Dynamic Update is covered by the same privacy statement that covers Windows Update. To view the privacy statement for Windows Update, go to the Web site and click Microsoft Update Privacy Statement:

    https://windowsupdate.microsoft.com/

  • Transmission protocol and port: The transmission protocol is HTTPS and the port is 443.

  • Ability to disable: You can control the behavior of Dynamic Update by running Setup in specific ways, as shown in the previous table. (You can of course disable Dynamic Update by preventing access to the Internet, or by blocking HTTPS over port 443.)

    If you do not want to disable Dynamic Update but only want to prevent it from communicating with an Internet site, as noted earlier, you can create a shared folder on a server and deliver Dynamic Update files to destination computers from that shared folder.

Controlling Dynamic Update to Limit the Flow of Information to and from the Internet

As summarized in "Overview: Using Dynamic Update in a Managed Environment," earlier in this section, if you do not want Dynamic Update to connect to the Windows Update Web site during the installation of a product in the Windows Server 2003 family, you have two options. With the appropriate methods for unattended installation, you can create a shared folder on a server and deliver Dynamic Update files to destination computers from that shared folder. Another alternative is to completely avoid using Dynamic Update.

Creating a shared folder and delivering Dynamic Update files to destination computers from that shared folder

This subsection briefly describes the steps for creating a shared folder on a server and delivering Dynamic Update files to destination computers from that shared folder. The subsection also provides links to more detailed information. The steps can be summarized as follows:

  • Step 1: Determine what packages you need to download from the Windows Update Web site.

  • Step 2: Download the packages and prepare them and the folder they are in for use with Dynamic Update. This step includes extracting files and placing them in folders, as well as running the /duprepare option with Winnt32.exe, which creates subfolders and copies appropriate files to those subfolders. This step also requires other actions, such as sharing the folder and setting permissions.

  • Step 3: Configure the answer file and Winnt32.exe settings for Dynamic Update (and for any other configuration options you want).

  • Step 4: Run the unattended installations.

For more detailed information about performing the preceding steps, see the Microsoft Windows Server 2003 Deployment Kit, specifically the book titled Automating and Customizing Installations. To view the Microsoft Windows Server 2003 Deployment Kit, see the Microsoft Web site at:

https://go.microsoft.com/fwlink/?linkid=29887

Similar information is available in the Dynamic Update article on the Microsoft Web site at:

https://go.microsoft.com/fwlink/?LinkId=4925

For additional sources of information about performing unattended installation, see Appendix A: Resources for Learning About Automated Installation and Deployment (Windows Server 2003).

Avoiding Dynamic Update

You can avoid using Dynamic Update, which means Setup will use only the files and drivers provided on the CD for products in the Windows Server 2003 family. The method by which you avoid using Dynamic Update depends on how you are performing the installation:

  • Interactive installation: During interactive installation (not unattended installation), you can select No when offered the option to use Dynamic Update. As an alternative, you can ensure that the computer does not have Internet access.

  • Unattended Setup: Dynamic Update is disabled when you run Setup in specific ways, as shown in the table in "How Dynamic Update Communicates with Sites on the Internet," earlier in this section. As the table shows, the simplest way to ensure that Dynamic Update does not run during unattended Setup is to use the /dudisable option in the command line. This ensures that Dynamic Update will not occur during the installation.

How avoiding Dynamic Update or directing Dynamic Update to a server on your network can affect users and applications

Regardless of whether you use Dynamic Update, you can obtain updated system and driver files after installations are complete (for example, through Windows Update or a service pack). Allowing Dynamic Update to run during Setup, however, helps ensure Setup success.

If you create a shared folder on a server and deliver Dynamic Update files to destination computers from that shared folder (instead of downloading the files directly from Windows Update to the computers), you can control the exact set of updated files to be installed. By contrast, when you download the current set of Dynamic Update files directly from the Windows Update Web site to users' computers, you might introduce inconsistencies among your destination computers because the Windows Web Site is periodically updated, and you cannot control when these updates occur.

Procedures for Controlling Dynamic Update

For detailed descriptions of Dynamic Update and procedures for controlling it, see the Microsoft Windows Server 2003 Deployment Kit, specifically the book titled Automating and Customizing Installations. To view the Microsoft Windows Server 2003 Deployment Kit, see the Microsoft Web site at:

https://go.microsoft.com/fwlink/?linkid=29887

Similar information is available in the Dynamic Update article on the Microsoft Web site at:

https://go.microsoft.com/fwlink/?LinkId=4925