Actions: Forcing windows update and installation

Comments

32 comments

  • Shane Corellian

    Thanks for posting this, Servis. I'll check this out in my environment. 

    0
    Comment actions Permalink
  • Michael Pietrzak

    Can anyone please elaborate on this procedure? I cannot figure out how the original poster was able to "upload" and run the script. I am in a similar situation trying to run the WSUS script on numerous computers in my domain.


    Thank you,

    Michael

    0
    Comment actions Permalink
  • SelfMan

    First of all you have to configure the script. Everything is documented within the file.

    '~~[usage]~~
    'Install updates silently, email you a logfile, then restart the computer ->
    'updatehf.vbs action:install mode:silent email:you@yourdomain.com restart:1

     

    '*******************************************************************************
    'You need to edit the following variables:
    'sExePath - this is the location of the WindowsUpdateAgent20-x86.exe. Download
    ' it from http://go.microsoft.com/fwlink/?LinkId=43264
    'strMailFrom - arbitrary reply-to address
    'strMailto - email address you want the report to mail to (this is for manual
    ' mode
    ' - or if the command-line switch isn't specified).
    'strSMTPServer - the IP address of the email server you are sending the reports
    ' through.
    '
    '*******************************************************************************
    'Optional variables:
    'Silent - 0 = verbose, 1 = silent (no windows or visible information)
    'Intdebug - 0 = off, 1 = 1 (see some variables that are being passed)
    'strAction - prompt|install|detect. Prompt gives users opportunity to install
    ' updates or not, install just installs them, detect updates the WU collection
    ' and downloads the updates (but does not install them) - useful if you want to
    ' have the computer refresh its stats to the stat server but not install the
    ' updates.
    'blnEmail - 0 = off|1 = on. If set to 0, the script will not email a log file.
    ' If you specify an email address in the command-line, this will force the
    ' script to switch blnEmail to '1'.
    'strRestart - 0 = Do nothing|1 = restart|2 = shutdown. Command-switch 'restart:'
    ' supercedes this variable.
    '
    '*******************************************************************************
    'Command line switches:
    'action: prompt|install|detect
    'mode: silent|verbose
    'email: you@yourdomain.com
    'restart: 0 (do nothing)| 1 (restart) | 2 (shutdown)
    'force: 0 (do not enforce restart action - this is optional, by default it is
    ' set to 0) | 1 (enforce restart action).
    'SMTPServer: x.x.x.x or hostname; overrides strSMTPServer above.
    'emailsubject: "this is a subject" Overrides default subject. Server name is appended to this text. Use quotes if spaces exist.
    'emailifallok: 0|1, where 0 = dont send email if server up to date and no
    ' reboot pending, and 1 = always send email
    'fulldnsname: 0|1, where 0 = use server name only in subject, and 1 = use full
    ' dns name in email subject
    '
    'Finally, rename the file with .vbs
    '*******************************************************************************

    Don't forget to set the strSMTPServer variable.

    Deployment is easy. Create a new Installer.

    Set name,
    Set installer file (choose wuforce.vbs or UpdateHF.vbs one which you are using),
    Set aditional parameters I.E.: action:install mode:silent restart:0

    (final line should look like: cscript.exe //b "wuforce.vbs" action:install mode:silent restart:0)

    Click OK and deploy.

    Remember the file MUST BE accessible over the network and WSUS MUST BE Already configured.

    0
    Comment actions Permalink
  • Michael Pietrzak

    Hi SelfMan

    Thanks for posting!! I guess I've found myself in a situation of counting my chickens before there even hatched. I am having the "usual" problems of getting all my machines checked into WSUS in the first place. I've been using the following script for that...

     


    net stop bits

    net stop wuauserv

    regsvr32 /u wuaueng.dll /s
    del /f /s /q %windir%\SoftwareDistribution\*.*
    del /f /s /q %windir%\windowsupdate.log
    regsvr32 wuaueng.dll /s
    REGSVR32 MSXML.DLL /s
    REGSVR32 MSXML2.DLL /s
    REGSVR32 MSXML3.DLL /s
    regsvr32.exe %windir%\system32\wups2.dll /s
    regsvr32.exe %windir%\system32\wuaueng1.dll /s
    regsvr32.exe %windir%\system32\wuaueng.dll /s
    regsvr32.exe %windir%\system32\wuapi.dll /s
    %windir%\system32\regsvr32.exe /s %windir%\system32\atl.dll
    %windir%\system32\regsvr32.exe /s %windir%\system32\jscript.dll
    %windir%\system32\regsvr32.exe /s %windir%\system32\msxml3.dll
    %windir%\system32\regsvr32.exe /s %windir%\system32\softpub.dll
    %windir%\system32\regsvr32.exe /s %windir%\system32\wuapi.dll
    %windir%\system32\regsvr32.exe /s %windir%\system32\wuaueng.dll
    %windir%\system32\regsvr32.exe /s %windir%\system32\wuaueng1.dll
    %windir%\system32\regsvr32.exe /s %windir%\system32\wucltui.dll
    %windir%\system32\regsvr32.exe /s %windir%\system32\wups.dll
    %windir%\system32\regsvr32.exe /s %windir%\system32\wuweb.dll

    reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
    reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
    reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f

    net start bits


    exit

     

     

    ...I suppose once I get my machines all in the WSUS console, I can move onto using the above script.

    Thanks again,

    Michael

    0
    Comment actions Permalink
  • Michael Pietrzak

    Right, I have all that in place. It's just that I am not getting 100% compliance with all of my workstations checking into WSUS. Once the machines get into WSUS, I'm golden.

    Thanks again!

    Michael

    0
    Comment actions Permalink
  • SelfMan

    It takes time before all the computers connect to the server properly.  You can allways use gpupdate /force + reboot. Then wuforce.vbs and you are done.

    0
    Comment actions Permalink
  • Michael Pietrzak

    Yup, that too. Sometimes they just refuse to check in. This script has usually worked best for me...

     

    http://community.spiceworks.com/scripts/show/297-reset-wsus-authorization-on-a-remote-local-computer

    Regards,
    Michael

    0
    Comment actions Permalink
  • SelfMan

    Yeah, I know about the WSUS ID reset. That is usually necessary after you deploy computers using harddrive image.

    I am using a batch (found on net) for this purpose:

    rem Fixes problem with client machines not showing up on the server due to imaging method

    reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
    reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
    reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
    cls
    @echo Triggering detection after resetting WSUS client identity
    net stop "Automatic Updates"
    net start "Automatic Updates"
    wuauclt /resetauthorization /detectnow
    gpupdate /force /boot

    0
    Comment actions Permalink
  • SelfMan

    You might find this tool to be very usefull:

    http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE

    I quote:

    Download this tool, which has been designed to aid the WSUS administrator in troubleshooting client machines that are failing to report back to the WSUS Server. The tool will conduct preliminary checks and test the communication between the WSUS Server and the client machine. Once the tool has completed the tests it will display the results in the console window. The Windows Server Update Services Client Diagnostic tool is provided AS IS. No product support is available for this tool

    For more information check the readme file http://download.microsoft.com/download/e/4/b/e4bc4153-be1f-460f-800e-69c6a1857d68/readme.htm

    0
    Comment actions Permalink
  • Terrence

    There is also a free program called WUInstall that can perform WSUS updates with more flexibility than the current MS updates commands. The program works well with PDQ Deploy too.

    0
    Comment actions Permalink
  • Don Chino

    WSUS is not very friendly and you can run some scripts to force check-in but what about the problem with the shutdown command?

    All my machines get updated but they NEVER get updated, why? Because a user has to select "Install Updates and Shutdown" and NO, there is no option to do RESTART and NO, there is no option to GPO this option and NO, there is no script to do this other than forcing a check-in with WSUS and manually doing this check-in through some script magic. 

    AA probably never heard of them but I will post the link here so you can all see what CAN be done:

    http://batchpatch.com/screenshots

     

    Once again, AA has the interface and the ability, so now it is just about building the WSUS functionality to do things like "Install Updates and Shutdown" and look at the screenshots. BatchPatch even has a scheduler and "reboot if required" option, so they probably incorporate all these other "hack and slash" options that SelfMan describes because I would rather have a Swiss Army Tool like AA versus paying for 10-20 programs or fiddling with my own scripts.

    :) 

    0
    Comment actions Permalink
  • SelfMan

    @Don Chino

    it is not necessary to cross post the same info in multiple threads, thanks.

    0
    Comment actions Permalink
  • Len Russo

    I have similar issues with WSUS. Workstations get updates, but they get applied late as the computers are frequently left on ( I work in a High School) Forced reboots for updates from a policy seldom work at better than 80%. I'd loved to be able to shutdown remotely in a way that "Installs Updates and Shutdown" or better yet check for updates from WSUS then do the prior. 

    0
    Comment actions Permalink
  • Pushpak Patil

    working for me!

    Run as Logged on User

    check attached jpg.

     

    0
    Comment actions Permalink
  • Joe Perryman

    I have a WSUS server.  My updates are already downloaded to my clients.  How do I kick off the install on machines that are not logged in?

    Is there a script or command to tell Windows 7 clients to install whether a user is logged in or not?

     

    0
    Comment actions Permalink
  • Joe Perryman

    EDIT -

    I have a WSUS server.  My updates are already downloaded to my clients and scheduled to install on a specific day every week.  I would like the option to kick off updates on demand.

    How do I kick off the install on machines that are not logged in?

    Is there a script or command to tell Windows 7 clients to install whether a user is logged in or not?

    0
    Comment actions Permalink
  • Terrence

    Hi Joe,

    Please try WUInstall and ABC Deploy creator has a similar app (I forgot the name). Both have free versions that can perform your tasks remotely or via scripts.

    0
    Comment actions Permalink
  • Terrence

    It's called ABC Update.

    0
    Comment actions Permalink
  • Joe Perryman
    Thanks for the info. I tried ABC Update, but it only works half the time. Pretty sure I finally got the script right. I've spent the last 6 hours trying to get one of my locations updated...and it's still not 100%. LoL I am getting a weird error in the abc log on some of the machines. WUInstall isn't free anymore. :(
    0
    Comment actions Permalink
  • Terrence

    Unfortunately, I no longer work in a company where I do the Windows' updates anymore and cannot test either program. Have you also tried BatchPatch? I have one of the last free versions of WUinstall if you would like to try that (setup a Dropbox-or some other public access) and I will send it to you. The AA guys did help me perfect the WUInstall package.

    0
    Comment actions Permalink
  • Joe Perryman

    That would be great.  I have looked at batch patch and used the trial.  It's awesome, but I am having a a difficult time getting support for purchasing another deployment software. 

    0
    Comment actions Permalink
  • Terrence

    What, you are having a difficult time as well purchasing software that an admin should never be without to perform his or her duties efficiently? Do not even get me started down that road. I tried to purchase the PDQ Suites at my new company along with WUinstall and was resoundingly rejected. Heck, I tried to implement a free tool (WDS) and they had a conniption about that!

    I do not want to post any free tools here. Create a bogus email (one you do not need to use again) or temporary Dropbox (or similar) online storage of your choosing and I will email or upload it.

    0
    Comment actions Permalink
  • Joe Perryman

    Hi Terrence,

    I found the free version 1.1 of WuInstall.  I think we had actually downloaded it years ago.  I have solved my Windows Update problem.  I convinced my organization to purchase another third party solution.

    Thanks for the help!

    0
    Comment actions Permalink
  • Terrence

    Glad you got them all patched. I have some later versions of WUinstall if you would like them. They are free too.

    What was the other third party solution you convinced your company to purchase?

    0
    Comment actions Permalink
  • Iwański, Wojciech

    Same here, I've got over 30 machines running automated tests and I need to update them "bulk mode".

    Downloaded WuInstall 1.1 and I'm doing tests with it now, would be great if Admin Arsenal added such functionality to PDQ Deploy so we wouldn't have to use 3rd party software for that...

    0
    Comment actions Permalink
  • Joe Perryman

    We went with BatchPatch.  The real time monitoring of downloads and installs was the kicker.  I can see everything.

    0
    Comment actions Permalink
  • Iwański, Wojciech

    FYI, WuInstall 1.1 works with Windows 7 well I deploy it as "Install" step with "/install" parameter, success codes "0,1,2,3,10,11", second step "CMD" with simple "shutdown /r /t 0"

    0
    Comment actions Permalink
  • Bryant Beers

    I'd like to throw in here for adding Windows Update functions to PDQ! BatchPatch looks like it does all of what I'd like to do with Windows Updates on remote computers, but I feel like PDQ should include functions like this too. 

    0
    Comment actions Permalink
  • Claus Jensen

    I Second Bryant. I would also love to have some WSUS functions in PDQ.
    I love PDQ more and more everyday, but Windows updates are still a pain.

    So ability to run WSUS/WU functions from PDQ are top of my list.
    Could be to force WU runs ad hoc. Run WU and boot now
    Could be to scan for missing patches and force deploy of those.

    But mostly some kind on reporting or inventory collection in PDQ inventory.  if I could overview what is patched properly and whats missing. WSUS suck on this.

    Shawn mentioned some considerations was done in the thread linked below, I wonder if there are any progress? Please, pretty please :-)

    https://community.spiceworks.com/topic/396087-i-love-pdq-software-you-guys-ever-consider-a-windows-update-type-of-software

     

    Reason for my comment is that I'm in the market for a patch now to patch 100servers/400clients based on WSUS and GPOs, and looks like batch patch is the best way for us to go unless AA bring something to the table.

    0
    Comment actions Permalink

Please sign in to leave a comment.