Discussion Forums/PDQ Deploy/Questions
Answered
Actions: Forcing windows update and installation
SelfMan
asked this on April 09, 2011 16:16
A while ago I came across a VB script from Rob Dunn. I am using it successfully for years now. With PDQ Deploy you can "upload" and run the script on all machines connected to your WSUS server and this way force them to download and install all the patches/fixes from WSUS server and send a final report to your e-mail address.
The script (version 2.6a), including documentation, can be found at http://www.theitoolbox.com/?p=13
I highly recommend it.
Comments
Thanks for posting this, Servis. I'll check this out in my environment.
Can anyone please elaborate on this procedure? I cannot figure out how the original poster was able to "upload" and run the script. I am in a similar situation trying to run the WSUS script on numerous computers in my domain.
Thank you,
Michael
First of all you have to configure the script. Everything is documented within the file.
'~~[usage]~~
'Install updates silently, email you a logfile, then restart the computer ->
'updatehf.vbs action:install mode:silent email:you@yourdomain.com restart:1
'*******************************************************************************
'You need to edit the following variables:
'sExePath - this is the location of the WindowsUpdateAgent20-x86.exe. Download
' it from http://go.microsoft.com/fwlink/?LinkId=43264
'strMailFrom - arbitrary reply-to address
'strMailto - email address you want the report to mail to (this is for manual
' mode
' - or if the command-line switch isn't specified).
'strSMTPServer - the IP address of the email server you are sending the reports
' through.
'
'*******************************************************************************
'Optional variables:
'Silent - 0 = verbose, 1 = silent (no windows or visible information)
'Intdebug - 0 = off, 1 = 1 (see some variables that are being passed)
'strAction - prompt|install|detect. Prompt gives users opportunity to install
' updates or not, install just installs them, detect updates the WU collection
' and downloads the updates (but does not install them) - useful if you want to
' have the computer refresh its stats to the stat server but not install the
' updates.
'blnEmail - 0 = off|1 = on. If set to 0, the script will not email a log file.
' If you specify an email address in the command-line, this will force the
' script to switch blnEmail to '1'.
'strRestart - 0 = Do nothing|1 = restart|2 = shutdown. Command-switch 'restart:'
' supercedes this variable.
'
'*******************************************************************************
'Command line switches:
'action: prompt|install|detect
'mode: silent|verbose
'email: you@yourdomain.com
'restart: 0 (do nothing)| 1 (restart) | 2 (shutdown)
'force: 0 (do not enforce restart action - this is optional, by default it is
' set to 0) | 1 (enforce restart action).
'SMTPServer: x.x.x.x or hostname; overrides strSMTPServer above.
'emailsubject: "this is a subject" Overrides default subject. Server name is appended to this text. Use quotes if spaces exist.
'emailifallok: 0|1, where 0 = dont send email if server up to date and no
' reboot pending, and 1 = always send email
'fulldnsname: 0|1, where 0 = use server name only in subject, and 1 = use full
' dns name in email subject
'
'Finally, rename the file with .vbs
'*******************************************************************************
Don't forget to set the strSMTPServer variable.
Deployment is easy. Create a new Installer.
Set name,
Set installer file (choose wuforce.vbs or UpdateHF.vbs one which you are using),
Set aditional parameters I.E.: action:install mode:silent restart:0
(final line should look like: cscript.exe //b "wuforce.vbs" action:install mode:silent restart:0)
Click OK and deploy.
Remember the file MUST BE accessible over the network and WSUS MUST BE Already configured.
Hi SelfMan
Thanks for posting!! I guess I've found myself in a situation of counting my chickens before there even hatched. I am having the "usual" problems of getting all my machines checked into WSUS in the first place. I've been using the following script for that...
net stop bits
net stop wuauserv
regsvr32 /u wuaueng.dll /s
del /f /s /q %windir%\SoftwareDistribution\*.*
del /f /s /q %windir%\windowsupdate.log
regsvr32 wuaueng.dll /s
REGSVR32 MSXML.DLL /s
REGSVR32 MSXML2.DLL /s
REGSVR32 MSXML3.DLL /s
regsvr32.exe %windir%\system32\wups2.dll /s
regsvr32.exe %windir%\system32\wuaueng1.dll /s
regsvr32.exe %windir%\system32\wuaueng.dll /s
regsvr32.exe %windir%\system32\wuapi.dll /s
%windir%\system32\regsvr32.exe /s %windir%\system32\atl.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\jscript.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\msxml3.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\softpub.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuapi.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuaueng.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuaueng1.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wucltui.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wups.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuweb.dll
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
net start bits
exit
...I suppose once I get my machines all in the WSUS console, I can move onto using the above script.
Thanks again,
Michael
I prefere the GPO way - less hassle
http://technet.microsoft.com/en-us/library/cc720539(WS.10).aspx
http://support.microsoft.com/kb/328010
Right, I have all that in place. It's just that I am not getting 100% compliance with all of my workstations checking into WSUS. Once the machines get into WSUS, I'm golden.
Thanks again!
Michael
It takes time before all the computers connect to the server properly. You can allways use gpupdate /force + reboot. Then wuforce.vbs and you are done.
Yup, that too. Sometimes they just refuse to check in. This script has usually worked best for me...
http://community.spiceworks.com/scripts/show/297-reset-wsus-authori...
Regards,
Michael
Yeah, I know about the WSUS ID reset. That is usually necessary after you deploy computers using harddrive image.
I am using a batch (found on net) for this purpose:
rem Fixes problem with client machines not showing up on the server due to imaging method
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
cls
@echo Triggering detection after resetting WSUS client identity
net stop "Automatic Updates"
net start "Automatic Updates"
wuauclt /resetauthorization /detectnow
gpupdate /force /boot
You might find this tool to be very usefull:
http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE
I quote:
Download this tool, which has been designed to aid the WSUS administrator in troubleshooting client machines that are failing to report back to the WSUS Server. The tool will conduct preliminary checks and test the communication between the WSUS Server and the client machine. Once the tool has completed the tests it will display the results in the console window. The Windows Server Update Services Client Diagnostic tool is provided AS IS. No product support is available for this tool
For more information check the readme file http://download.microsoft.com/download/e/4/b/e4bc4153-be1f-460f-800e-69c6a1857d68/readme.htm