Seems to be easily discoverable by searching Microsoft's update catalog
site at:

https://www.catalog.update.microsoft.com/

I did a search on "windows 7 service pack 1" and the first entry was for
the KB article you mentioned. However, that was for x64. The x86
(32-bit) SP-1 wasn't listed, so I did an online search of:

https://www.google.com/search?q=windows+7+service+pack+1+x86

First hit was for:

https://support.microsoft.com/en-us/help/15090/windows-7-install-service-pack-1-sp1

and that had a link to:

https://www.microsoft.com/en-us/download/details.aspx?id=5842

After clicking on the Download button, the next page listed the .iso
file which doesn't indicate x86 or x64; however, because of its 1.9GB
size which is twice the size of the x64-only download, the ISO probably
contains SP-1 for both x86 and x64. I downloaded the ISO file and
looked inside. It has 3 SP-1 update files: x86, x64, and ia64.

You can use the WSUSoffline kit, to prepare a folder
full of updates, with an application inside to apply them.

It's scripting, and the files come off a Microsoft server
and not off the Wsusoffline site.

http://www.wsusoffline.net/

05.08.2019 Version 11.8 released [likely Win7+]

04.06.2019 Version 9.2.5 ESR [should be suitable for WinXP,
don't know if Vista is in there]

Vista is perilously close to unmaintainable, and is a
waste of brainpower for an IT guy to try to fix. It
took me three tries to get the install order right,
and tip the Windows Update engine upright long enough
to finish. Each session took me a couple of days, to
try to finish.

The Wsusoffline people, have determined what "prerequisite"
files must be installed first, to keep Windows Update
responsive. In some cases, that's about 5 of the 150 plus
updates, that must be installed first, because they
prune the supersedence tree nicely. Vista used to have
information like that available, but as soon as some
shitty little update comes out, it can "break Vista
all over again" and then Windows Update never comes
back with a list of updates.

As part of good practice, you should be running these
patching strategies at home in your spare time. I've done
a few of these, am not an expert, but can see the
advantage in the field of being able to say
"yes, I can fix that".

You don't need any fancy facilities for Wsusoffline.
You could collect the information on a hard drive folder,
copy it to a USB stick as required, and slip it into
your kit bag before you go. You don't have to follow
any of the cheesy suggestions to "burn a DVD" or something.
That's not necessary.

It'll probably be at least 2GB of downloads, or a bit more.

Wsusoffline won't likely use the Win7 SP1 rollup, and some
attention will have been paid to a "CEIP free" version.
But it's pretty hard to patch up to date and stay CEIP free.
Or avoid the library that assists in running Universal
Apps or something. There's a couple items "the kids don't like".

So what you want to do as a "Windows Expert" is try the
different patching methods, time them, and see which
ones are a big win. To time the automation, you can leave
a screen recorder running, so you can review the progress
later. I think Wsusoffline needs multiple reboots (thanks
to Microsoft), and unfortunately I don't think there is
a way around that part. It has to do with installing
an updated version of Windows Update, plus some other
unsavory stuff.

And with any luck, they will also avoid installing any
WGA packages. (Windows Genuine Advantage).

I patched up Windows 7, one patch at a time, reading
every patch description and rejecting patches with
suspicious descriptions. It took me *hours* and my neck
was sore from the stress later :-) You have to try that
once, as a benchmark. That would be "what a tinfoil hat
person must pay for good patching".

While there are currently "security only" patches, they
don't cancel their more bloated counterparts. So it's not
like such a strategy is particularly easy or safe.
(If one of the bloated packages installs because
you made a mistake, your effort is in vain.)

Wsusoffline doesn't have to be any faster. It avoids the
download step (because you download them in advance). If
there is a problem with wuauserv, Wsusoffline can stop dead
in its tracks. This is why, on occasion, you need to test it.
Just to make sure it's still workable. This is part of the
reason they need to test their prerequisites list, to
ensure the engine is ready to go for the rest of the updates.

Once Windows 7 is patched far enough, any of the Jumbo
patches should install with less fuss. A more likely case
though, is the one you ran into, which is essentially as
bad as a reinstall for all practical purposes.

If you tick the box, Wsusoffline will include x86 and x64 versions
of SP1 installer package. So you can have it include those,
just plug it in and walk away. Checking early on, that
the train hasn't left the tracks. Once the 150 start
bunging in, enough has happened by that point it should
be OK.

At the current time, Wsusoffline should be installing the
SHA2 signing patch, so that the signing will work. The
installer checks that the packages are valid, before installing
them.

Paul

"T" <***@invalid.invalid> wrote
|
| Had a customer yesterday that needed Service Pack 1 (SP1)
| installed manually. Looked all over M$'s web site and
| found several. They ran and no service pack 1 afterwards.
| I finally found the correct KB with the correct SP1 that
| Windows Update recognizes.
|

You seem to do a lot of tech support. Why didn't you
already have the file? You should keep backups of all
such things. There's no telling when you might not be
able to get them.

I always look around until I find the actual direct download
link. There are usually tech support sites that post them.
Then I back up the file so I never have to do that again.
Microsoft go to great lengths to make it convoluted and
force you to enable script. I see no reason not to assume
that they're rummaging around on your system when you
get the download from their page. There's no other excuse for
requiring script, even in the download link itself.

I keep copies of SP1, the "SP2" rollup, the winhttp update
that enable TLS 1.1 and 1.2 in winhttp on Win7, the update
to enable reading HLP files, and a couple of security updates
for things like CPU vulnerabilities.

Examples: Here's the link for SP1 64. It seems to still be valid:

http://download.microsoft.com/download/0/A/F/0AFB5316-3062-494A-AB78-7FB0D4461357/windows6.1-KB976932-X64.exe

This is the link for the winhttp TLS update for Win7-64:

http://www.download.windowsupdate.com/c/msdownload/update/software/updt/2016/04/windows6.1-kb3140245-x64_5b067ffb69a94a6e5f9da89ce88c658e52a0dec0.msu

It still works. But at some point it might not. So you shouldn't
just share the page links. Share the file links and keep backed up
copies yourself.

Microsoft break their links more than any website I know. (Though
I haven't yet seen them break one of those ridiculously long
direct file download links.) They're notoriously
bad at designing and organizing their data store. That's probably
partly due to design-by-committee. It's probably also due partly
to their tendency to not know when to quit. They're addicted to
complexity. But I think it's also partly a design to keep control
over their customers and charge as much money as possible.

For instance, their MSDN docs. They should offer a download,
but they don't. It's expensive to get a subscription. It *is* all
online, but you could spend days going from one page to the next,
trying to get the info you need. One topic with a table of
contents will be broken into dozens or hundreds of pages.

They even lie. Older MSDN docs used to accurately say which
version of Windows was the first to support a particular function.
More recently they're apt to lie and say they only work in recent
or supported versions. For instance, GetUserName. My copy of
MSDN says it's supported in Win3.1NT and win95. The current online
docs say it requires Win2000 Pro. When they were first trying to
phase out XP many of their API pages said Vista was the oldest
supported OS version! They actually changed the docs to lie,
in order to make people think that XP was no longer a usable
system. But in terms of the base API, Win95 is still perfectly
up-to-date.

If Microsoft decide it's in their interest to stop offering downloads
for Win7 then they'll do exactly that. There may be no notice.
I don't think most things are available anymore for XP. (The TLS
update, for instance, was only available for XP kiosk.)

Win7 SP1 was released in 2010. That means you shouldn't have
needed to download it for the past *9* years. You should have
saved a copy in 2010. I actually put all that kind of thing on DVDs,
along with things like UBCD and other boot disks, which I keep
in a sort of briefcase, which I can take with me if I need to work
on someone's computer.