Dynamic Update and Resulting Internet Communication in Windows 7 and Windows Server 2008 R2

Applies To: Windows 7, Windows Server 2008 R2

In this section

Benefits and purposes of Dynamic Update

Overview: Using Dynamic Update in a managed environment

How Dynamic Update communicates with sites on the Internet

Controlling Dynamic Update to limit the flow of information to and from the Internet

This section explains how Dynamic Update communicates across the Internet, and it explains steps to take to limit, control, or prevent that communication in an organization with many users.

Benefits and purposes of Dynamic Update

With Dynamic Update, if you start a computer from an existing operating system (for example, Windows Vista®) and then run Setup for Windows® 7 from that operating system, Setup can check for new Setup files, including drivers and other files.

Note

If you perform a network boot, for example, from a Pre-Boot Execution Environment (PXE)-enabled computer, and then run Setup for Windows 7, Dynamic Update does not occur. Similarly, if you start a computer with the Windows Preinstallation Environment (Windows PE), even if media is used, Dynamic Update does not occur.

In an interactive installation, the person installing Windows 7 or Windows Server® 2008 R2 is prompted to choose whether to allow Dynamic Update to occur. In an unattended installation using an answer file, an entry in the answer file can control whether Dynamic Update occurs.

Using Dynamic Update reduces the need to apply patches to recently installed systems, and it makes it easier to run Setup with hardware that would otherwise prevent Setup from being completed successfully.

Note

Additional drivers that were recently added or updated that would not prevent Setup from completing successfully are downloaded to the system the first time the user runs Windows Update.

Dynamic Update performs the same type of check for software updates as can be performed through the existing, installed operating system (for example, through Windows Server 2003 with Service Pack 2), However, Dynamic Update runs during Setup in Windows Server 2008 R2, and a limited set of software updates can be downloaded through Dynamic Update. All files that are made available through Dynamic Update are very carefully tested and fall into three categories:

  • Setup software updates: These updates help Setup run correctly. Dynamic Update handles only limited, important Setup updates.

  • New or changed drivers: These are drivers that are known to be necessary for success with Setup. They include only network, video, audio, and mass storage drivers. Dynamic Update downloads only the files that are required for a particular computer, which means that the Dynamic Update software briefly examines the computer hardware. The information that is collected is not saved. The only purpose for examining the hardware is to select appropriate drivers for it. This keeps the download time as short as possible and ensures that only necessary drivers are downloaded to the hard disk drive.

Note

Another alternative for installing drivers during Setup is to use interactive Setup and press F6 when prompted. A third alternative is to make use of a deployment technology (such as unattended setup) that allows you to create operating system images and control the drivers that are included in a specific image.

  • Updates to operating system features: These are high-priority updates that can help make operating system features more resistant to attack immediately after installation. These updates help increase the security of a newly-installed operating system when it first connects to a network, during the time before you begin your standard software update process (whether you use the Windows Update Web servers, Windows Server Update Services, or a system management solution).

Dynamic Update checks for the new files in the same location that the existing operating system used for software updates. (This is the same location from which Setup for Windows 7 or Windows Server 2008 R2 was run.) This location could be any of the following:

  • The Windows Update Web servers: On a computer that had been receiving software updates from the Internet, Dynamic Update continues to go to the Internet, that is, Windows Update Web servers.

  • A Windows Server Update Services server: On a computer that previously used Windows Server Update Services (WSUS), Dynamic Update continues to go to a WSUS server.

    For information about WSUS, see the following pages on TechNet:

  • A system management server: On a computer that previously used system management servers, for example, servers running Microsoft Systems Management Server 2003 R2, Dynamic Update continues to use a management server.

    For more information, see Microsoft Systems Management Server

Overview: Using Dynamic Update in a managed environment

In a managed environment where you are installing Windows 7 or Windows Server 2008 R2 on many computers, you might choose to prevent Dynamic Update from connecting to the Windows Update Web servers. To do this, you can use Windows Server Update Services or a system management solution, or you can perform an unattended installation with an answer file entry that prevents Dynamic Update. For more information, see Controlling Dynamic Update to limit the flow of information to and from the Internet later in this section.

How Dynamic Update communicates with sites on the Internet

This subsection focuses on the communication that occurs between Dynamic Update and the Windows Update Web servers during an interactive installation (or a preinstallation compatibility check) when the computer has access to the Internet. This subsection also provides a description of the default behavior of Dynamic Update with an unattended setup.

Note

This subsection describes how Dynamic Update works if a computer runs an existing operating system (for example, Windows Server 2003 with Service Pack 2), the computer is currently configured to go to the Windows Update Web servers for software updates, and you run Setup for Windows Server 2008 R2 from the operating system already running on the computer. Adjust the description to fit other scenarios, for example, when you are upgrading from Windows Vista to Windows 7 or where WSUS is being used.

For a description of how you can control the behavior of Dynamic Update during unattended installations, see Controlling Dynamic Update to limit the flow of information to and from the Internet later in this section.

  • Specific information sent or received: When Dynamic Update contacts the Windows Update Web servers, it sends only the exact operating system version and the information that is necessary to select appropriate drivers (network, video, audio, or mass storage drivers).

    The files that Dynamic Update downloads are only those that are important to:

    • Ensure that Setup runs successfully.

    • Help protect operating system features immediately after installation (until the normal software-update process can begin).

    Files with minor updates that have little impact on the preceding items are not made available through Dynamic Update. Some of the updated files will be replacements (for example, an updated Setup file) and some will be additions (for example, a driver that was not available at the time that the Setup CD was created).

  • Default behavior and triggers: During interactive installation, the person installing the software is offered the following options:

    • Go online to get the latest updates for installation.

    • Do not get the latest updates for installation.

    If the person installing chooses the first option, Dynamic Update occurs.

    During an unattended installation with an answer file, if the answer file does not contain any entries related to Dynamic Update, Dynamic Update will occur.

Note

For an interactive or an unattended installation, if the computer is not connected to the Internet during installation, Dynamic Update cannot occur.

  • User notification: During an interactive installation, the person installing the software is notified when the choice to run Dynamic Update is offered. A progress indicator appears that enables the person to track the status of the update process. During an unattended installation, there is no notification (unattended installation by definition means that no user interaction is required).

  • Logging: By default, the progress of Setup is logged in systemroot\Sources\Panther\setupact.log in the installation folders for the operating system that is being upgraded. After the upgrade is complete, the information about the new installation of Windows 7 or Windows Server 2008 R2 is stored in systemroot\Panther\setupact.log. You can view this log if you have questions about Dynamic Update, for example, if you want to know whether Dynamic Update occurred or which files were successfully downloaded during Dynamic Update.

  • Encryption: Dynamic Update uses the same encryption methods as Windows Update. This means that the initial data is transferred using HTTPS (that is, Secure Sockets Layer (SSL) or Transport Layer Security (TLS) with HTTP) and updates are transferred using HTTP.

  • Access and privacy: No information about the hardware devices on a particular computer is saved or stored by Dynamic Update, so no one can access this information. The information is used only to select appropriate drivers.

    For information about access and privacy for a related feature, Windows Update, see Windows Update and Resulting Internet Communication in Windows 7 and Windows Server 2008 R2 later in this document.

  • Transmission protocol and port: Dynamic Update uses the same transmission protocols and ports as Windows Update: HTTP with port 80 and HTTPS with port 443.

  • Ability to disable: During interactive Setup, the prompt for Dynamic Update always appears (it cannot be disabled), but the person installing the software can decline at the prompt. During an unattended installation with an answer file, Dynamic Update is disabled if the answer file includes the following lines:

    <DynamicUpdate>
         <Enable>false</Enable>
    </DynamicUpdate>
    

Controlling Dynamic Update to limit the flow of information to and from the Internet

As summarized in Overview: Using Dynamic Update in a managed environment earlier in this section, if you do not want Dynamic Update to connect to the Windows Update Web servers during the installation of Windows Server 2008 R2, you have several options: