Dynamic Update and Internet Communication

Applies To: Windows Server 2003 with SP1

This section provides information about:

  • The benefits of Dynamic Update

  • How Dynamic Update communicates with sites on the Internet

  • How to control Dynamic Update to limit the flow of information to and from the Internet

Benefits and Purposes of Dynamic Update

With Dynamic Update, Setup for Microsoft Windows Server 2003 can check the Windows Update Web site for new Setup files, including drivers and other files, while the server operating system is being installed. In an interactive installation (in contrast to an unattended installation), the person installing Windows Server 2003 chooses whether to allow Dynamic Update to occur.

In a managed environment, if you are using Setup (Winnt32.exe) for unattended installation, you can create a shared folder on a server and deliver Dynamic Update files to destination computers from that shared folder (instead of downloading the files directly from the Windows Update Web site to the computer being installed). For additional information about how to do this, see "How Dynamic Update Communicates with Sites on the Internet" and "Controlling Dynamic Update to Limit the Flow of Information to and from the Internet," later in this section.

Whenever an important update is made to any crucial Setup file, that update is made available through Dynamic Update functionality built into the Windows Update Web site. Some of the updated files will be replacements (for example, an updated Setup file) and some will be additions (for example, a driver not available at the time that the Setup CD was created). All files on the Dynamic Update section of the Windows Update Web site are carefully tested, and only files that are important in ensuring that Setup runs well are made available.

Using Dynamic Update reduces the need to apply patches to recently installed systems, and makes it easier to run Setup with hardware that requires a driver that was recently added or updated on Windows Update. For example, if a new video adapter requires a driver that was recently added to Windows Update, with Dynamic Update, the video adapter is recognized and supported during Setup.

Dynamic Update downloads only the files that are required for a particular computer, which means that the Dynamic Update software briefly examines the computer hardware. No personal information, such as user name or e-mail address, is collected. The only purpose for examining the hardware is to select appropriate drivers for it. This keeps the download time as short as possible and ensures that only necessary drivers are downloaded to the hard disk.

Overview: Using Dynamic Update in a Managed Environment

If you do not want Dynamic Update to connect to the Windows Update Web site during the installation of Windows Server 2003, you have several options:

  • Creating a shared folder on a server and delivering Dynamic Update files to destination computers from that shared folder: You can create a shared folder on a server in your organization, download Dynamic Update files to that server, and by using Winnt32.exe for unattended installations, ensure that when Setup for Windows Server 2003 is run in your organization, Dynamic Update uses the files you placed on the server and does not connect to the Internet.

  • Avoiding Dynamic Update: You can avoid using Dynamic Update, which means Setup will use only the files and drivers provided on the CD for Windows Server 2003. For more information, see "Avoiding Dynamic Update," later in this section.

The subsections that follow provide more information about these options.

For additional sources of information about performing unattended installations, see Appendix A: Resources for Learning About Automated Installation and Deployment.

How Dynamic Update Communicates with Sites on the Internet

This subsection focuses on the communication that occurs between Dynamic Update and the Windows Update Web site during an interactive installation (or a pre-installation compatibility check) when the computer has access to the Internet. This subsection also provides some description of the default behavior of Dynamic Update with unattended Setup.

For information about how you can control the behavior of Dynamic Update during unattended installations, see "Controlling Dynamic Update to Limit the Flow of Information to and from the Internet," later in this section.

  • Specific information sent or received: When Dynamic Update contacts the Windows Update Web site, it sends only the information necessary for appropriate drivers to be selected. In other words, it collects only necessary information about the hardware (devices) on that particular computer. No personal information, such as user name or e-mail address, is collected.

    The Setup files and drivers downloaded by Dynamic Update consist only of files that are important in ensuring that Setup runs successfully. Files with minor updates that will not significantly affect setup are not made available through the Dynamic Update section of the Windows Update Web site. Some of the updated files will be replacements (for example, an updated Setup file) and some will be additions (for example, a driver not available at the time that the setup CD was created).

  • Default behavior and triggers: Dynamic Update may connect to the Internet, depending on how Setup is run. The following two tables provide details. The first table provides contrasting scenarios to show the broad outlines of choices among command-line options and answer file entries. The second table provides details about additional scenarios.

    Three Contrasting Scenarios for Running or Preventing Dynamic Update

    Scenario Steps to Take and Effect on Dynamic Update Does Dynamic Update Connect to the Internet?

    Interactive installation in which you permit Dynamic Update to run

    Start Setup from the CD or a network and run it interactively. You are offered the choice of running Dynamic Update or skipping Dynamic Update.

    Yes, if you choose to run Dynamic Update.

    Unattended installation in which you prevent Dynamic Update from running

    Run Winnt32.exe with the /unattend and /DUdisable command-line options. If the /DUdisable option is used, Dynamic Update is not triggered, regardless of whether an answer file is used.

    No.

    Unattended installation in which you create a shared folder on a server and deliver Dynamic Update files to destination computers from that shared folder

    Prepare a shared folder as outlined in "Creating a Shared Folder on a Server and Delivering Dynamic Update Files to Destination Computers from that Shared Folder," later in this section. Then choose one of two methods for handling installations:

    One method is to run Winnt32.exe with /DUShare = path_to_downloaded_files. Dynamic Update uses the folder specified in the /DUShare option and does not connect to the Internet.

    Another method is to create an answer file that includes an [Unattended] section with an entry that specifies DUShare = path_to_downloaded_files. Run the Winnt32.exe command with the /unattend:answer_file option. Dynamic Update uses the folder specified in the DUShare entry and does not connect to the Internet.

    No, Dynamic Update uses the files in the shared folder that you created.

    Additional Scenarios for Running or Preventing Dynamic Update

    Scenario Steps to Take and Effect on Dynamic Update Does Dynamic Update Connect to the Internet?

    Pre-installation compatibility check

    Insert the Setup CD and choose the appropriate options for checking system compatibility. You are offered the choice of running Dynamic Update or skipping Dynamic Update.

    Yes, if you choose to run Dynamic Update.

    Unattended Setup in which you do not use an answer file and you allow Dynamic Update to run

    Run the Winnt32.exe command with the /unattend option, but do not provide the name of an answer file and do not specify /DUdisable or any other options that affect Dynamic Update. Dynamic Update is triggered under these conditions for both unattended installation and unattended upgrade.

    Yes.

    Unattended Setup in which you use an answer file and you allow Dynamic Update to run

    Create an answer file that includes an [Unattended] section with an entry that specifies DUDisable = No. Run the Winnt32.exe command with the /unattend:answer_file option. Dynamic Update is triggered. (However, note that if you run Winnt32.exe from the command line with the /DUdisable option, Dynamic Update is always prevented from running.)

    Yes.

    Unattended Setup in which you prevent Dynamic Update by creating an answer file that does not specify any options that affect Dynamic Update

    Run the Winnt32.exe command with the /unattend:answer_file command-line option. By default, if the answer file does not specify any options that affect Dynamic Update, Dynamic Update is disabled.

    No.

  • User notification: During an interactive installation, the user is notified when the choice of whether to run Dynamic Update is offered. During an unattended installation, there is no notification (unattended installation by definition means that no user interaction is required).

  • Logging: By default, the progress of Setup is logged in systemroot\Winnt32.log. By using command options for the Winnt32.exe command, you can control the name of the log and the level of detail it contains.

  • Encryption: The data is transferred from Microsoft using HTTPS.

  • Access: No information about the hardware (devices) on a particular computer is saved or stored, so no one can access this information. The information is used only to select appropriate drivers.

  • Privacy: Dynamic Update is covered by the same privacy statement that covers Windows Update. To view the privacy statement for Windows Update, go to the Web site and click Windows Update Privacy Statement:

    https://windowsupdate.microsoft.com/

  • Transmission protocol and port: The transmission protocol is HTTPS and the port is 443.

  • Ability to disable: You can control the behavior of Dynamic Update by running Setup in specific ways, as shown in the previous table. (Of course, you can also disable Dynamic Update by preventing access to the Internet or by blocking HTTPS over port 443.)

If you do not want to disable Dynamic Update but only want to prevent it from communicating with an Internet site, as noted earlier you can create a shared folder on a server and deliver Dynamic Update files to destination computers from that shared folder.

Controlling Dynamic Update to Limit the Flow of Information to and from the Internet

As summarized in "Overview: Using Dynamic Update in a Managed Environment" earlier in this section, if you do not want Dynamic Update to connect to the Windows Update Web site during the installation of Windows Server 2003, you have several options. With the appropriate methods for unattended installation, you can create a shared folder on a server and deliver Dynamic Update files to destination computers from that shared folder. Another alternative is to avoid using Dynamic Update at all.

Creating a Shared Folder on a Server and Delivering Dynamic Update Files to Destination Computers from that Shared Folder

This subsection briefly describes the steps for creating a shared folder on a server and delivering Dynamic Update files to destination computers from that shared folder. The subsection also provides links to more detailed information. The steps can be summarized as follows:

  • Step 1: Determine what packages you need to download from the Windows Update Web site.

  • Step 2: Download the packages and prepare them and the folder they are in for use with Dynamic Update. This step includes extracting files and placing them in folders, as well as running Winnt32.exe with the /duprepare option, which creates subfolders and copies appropriate files to those subfolders. This step also requires other actions, such as sharing the folder and setting permissions.

  • Step 3: Configure the answer file and Winnt32.exe settings for Dynamic Update (and for any other configuration options you want).

  • Step 4: Run the unattended installations.

For more detailed information about performing the preceding steps, see the Microsoft Windows Server 2003 Deployment Kit, specifically the book titled, Automating and Customizing Installations. To view the Microsoft Windows Server 2003 Deployment Kit, see the Microsoft Web site at:

https://go.microsoft.com/fwlink/?linkid=29887

For additional sources of information about performing unattended installations, see Appendix A: Resources for Learning About Automated Installation and Deployment.

Avoiding Dynamic Update

You can avoid using Dynamic Update, which means that Setup will use only the files and drivers provided on the CD for Windows Server 2003. The method by which you avoid using Dynamic Update depends on how you are performing the installation:

  • Interactive installation: During interactive installation (not unattended installation), you can select No when offered the option to use Dynamic Update. As an alternative, you can ensure that the computer does not have Internet access.

  • Unattended Setup: Dynamic Update is disabled when you run Setup in specific ways, as shown in the tables in "How Dynamic Update Communicates with Sites on the Internet," earlier in this section. As the tables show, the simplest way to ensure that Dynamic Update does not run during unattended Setup is to use the /DUdisable option in the command line. This ensures that Dynamic Update will not occur during the installation.

How Avoiding Dynamic Update or Directing Dynamic Update to a Server on Your Network Can Affect Users and Applications

Regardless of whether you use Dynamic Update, you can obtain updated system and driver files after installations are complete (for example, through Windows Update or a service pack). Allowing Dynamic Update to run during Setup, however, helps ensure Setup success.

If you create a shared folder on a server and deliver Dynamic Update files to destination computers from that shared folder (instead of downloading the files directly from Windows Update to the computers), you can control the exact set of updated files to be installed. By contrast, when you download the current set of Dynamic Update files directly from the Windows Update Web site to users’ computers, you might introduce inconsistencies among your destination computers because the Windows Web Site is periodically updated, and you cannot control when these updates occur.

Procedures for Controlling Dynamic Update

For detailed descriptions of Dynamic Update and procedures for controlling it, see the Microsoft Windows Server 2003 Deployment Kit, specifically the book titled, Automating and Customizing Installations. To view the Microsoft Windows Server 2003 Deployment Kit, see the Microsoft Web site at:

https://go.microsoft.com/fwlink/?linkid=29887