WSUS Update and Reboot
From espinola.net
This script prepares the Windows Automatic Updates service on a specific or a supplied list of multiple target systems to perform an immediate update check against a WSUS server of your choosing - regardless of the use of Active Directory. The script can make use of Target Groups for specific sets of updates from a WSUS server.
- If you wish to fix/patch WSUS 3.0 clients for SVCHOST and other CPU utilization issues, check out So you want to fix all your WSUS clients. Patching functionality has been removed from this script because of mixed x86 and x64 requirements.
On This Page |
Requirements of this script
- Administrator access to target system. Services will be restarted and registry keys will be modified.
- Five (5) command-line parameters.
- You must modify the MSCUTILDIR variable located at the beginning of the script to indicate where the required utilities are located. The script root is the default location specified.
Utilities used with this script
- CMD (native)
- IF (native)
- FOR (native)
- NET (native)
- START (native)
- PSEXEC (free from Microsoft as part of the SysInternals PsTools suite)
- PSSHUTDOWN (free from Microsoft as part of the SysInternals PsTools suite)
Example Usage
- C:\Scripts> WSUSUR wsusserver:8530 testpc Test 19 1
This example will force automatic updates on the 'testpc' computer, checking for and pulling updates from the 'wsusserver' WSUS server, connecting on port 8530. The update target group for specific updates is set to 'Test'. The computer will begin the update process at 19:00 (7PM). The computer will automatically reboot in '1' hour.
Simply type WSUSUR alone at the command prompt for a description of how to use the command-line parameters.
Code
WSUSUR.CMD
@ECHO OFF ECHO. ECHO [WSUSUR] WSUS Update and Reboot 4.0 ECHO.=============================================================================== ECHO. :SET_ENVIRONMENT SETLOCAL SET MSCUTILDIR=.\ IF NOT EXIST "%MSCUTILDIR%\PSEXEC.EXE" GOTO :POOP IF NOT EXIST "%MSCUTILDIR%\PSSHUTDOWN.EXE" GOTO :POOP IF "%1" EQU "" GOTO :NOOP IF "%2" EQU "" GOTO :NOOP IF "%3" EQU "" GOTO :NOOP IF "%4" EQU "" GOTO :NOOP IF "%5" EQU "" GOTO :NOOP SET WSUSSERVER=%1 SET WSUSGROUP=%3 SET WSUSMESSAGE=WSUSUR initiated reboot for installation of security patches and other software maintenance. IF %4 LEQ 9 ( SET WSUSINSTALLHOUR=0%4 ) ELSE ( SET WSUSINSTALLHOUR=%4 ) SET WSUSREBOOTHOURS=%5 IF %WSUSREBOOTHOURS% NEQ 0 ( SET /A WSUSREBOOTSECONDS=SUSREBOOTHOURS*60*60 ) ELSE ( SET WSUSREBOOTSECONDS=0 ) SET WSUSFIX=%6 :BUILD_SYSTEM_LIST IF /I "%2" EQU "WSUSUR.LST" ( COPY /Y WSUSUR.LST %TEMP%\WSUSME.LST>NUL: GOTO :BUILD_REG_FILE ) ECHO %2>%TEMP%\WSUSME.LST :BUILD_REG_FILE ECHO Windows Registry Editor Version 5.00> %TEMP%\WSUSME.REG ECHO.>> %TEMP%\WSUSME.REG ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]>> %TEMP%\WSUSME.REG IF /I "%WSUSGROUP%" EQU "none" ( ECHO "TargetGroup"="">> %TEMP%\WSUSME.REG ECHO "TargetGroupEnabled"=dword:00000000>> %TEMP%\WSUSME.REG ) ELSE ( ECHO "TargetGroup"="%WSUSGROUP%">> %TEMP%\WSUSME.REG ECHO "TargetGroupEnabled"=dword:00000001>> %TEMP%\WSUSME.REG ) ECHO "WUServer"="http://%WSUSSERVER%">> %TEMP%\WSUSME.REG ECHO "WUStatusServer"="http://%WSUSSERVER%">> %TEMP%\WSUSME.REG ECHO "AccountDomainSid"=->> %TEMP%\WSUSME.REG ECHO "PingID"=->> %TEMP%\WSUSME.REG ECHO "SusClientId"=->> %TEMP%\WSUSME.REG ECHO.>> %TEMP%\WSUSME.REG ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]>> %TEMP%\WSUSME.REG ECHO "AUOptions"=dword:00000004>> %TEMP%\WSUSME.REG ECHO "AutoInstallMinorUpdates"=dword:00000001>> %TEMP%\WSUSME.REG ECHO "NoAutoUpdate"=dword:00000000>> %TEMP%\WSUSME.REG ECHO "NoAutoRebootWithLoggedOnUsers"=dword:00000001>> %TEMP%\WSUSME.REG ECHO "ScheduledInstallDay"=dword:00000000>> %TEMP%\WSUSME.REG ECHO "ScheduledInstallTime"=dword:000000%WSUSINSTALLHOUR%>> %TEMP%\WSUSME.REG ECHO "UseWUServer"=dword:00000001>> %TEMP%\WSUSME.REG :QUEUE FOR /F "tokens=1" %%a IN (%TEMP%\WSUSME.LST) DO CALL :PROCESS %%a GOTO :CLEANUP :PROCESS FOR %%a IN (%1) DO ECHO Forcing AutoUpdate of %%a: FOR %%a IN (%1) DO ECHO - Stopping Automatic Updates service.. & START /MIN /WAIT %MSCUTILDIR%\PSEXEC.EXE \\%%a CMD /C NET STOP "Automatic Updates" /Y FOR %%a IN (%1) DO ECHO Importing registry settings.. & START /MIN /WAIT CMD /C COPY %TEMP%\WSUSME.REG \\%%a\C$\WSUSME.REG FOR %%a IN (%1) DO START /MIN /WAIT %MSCUTILDIR%\PSEXEC.EXE \\%%a CMD /C REGEDIT /S C:\WSUSME.REG FOR %%a IN (%1) DO START /MIN /WAIT CMD /C IF EXIST \\%%a\C$\WSUSME.REG DEL \\%%a\C$\WSUSME.REG FOR %%a IN (%1) DO ECHO - Starting Automatic Updates service.. & START /MIN /WAIT %MSCUTILDIR%\PSEXEC.EXE \\%%a CMD /C NET START "Automatic Updates" /Y FOR %%a IN (%1) DO START /MIN /WAIT %MSCUTILDIR%\PSSHUTDOWN.EXE -a \\%%a IF /I %WSUSREBOOTHOURS% NEQ 0 ( FOR %%a IN (%1) DO ECHO - Forcing immediate detection cycle.. & START /MIN /WAIT %MSCUTILDIR%\PSEXEC.EXE \\%%a -s CMD /C WUAUCLT.EXE /RESETAUTHORIZATION /DETECTNOW ) IF /I "%WSUSREBOOTHOURS%" EQU "none" GOTO :EOF IF /I %WSUSREBOOTHOURS% EQU 0 ( FOR %%a IN (%1) DO ECHO - Scheduling shutdown of %%a immediately.. ) ELSE ( FOR %%a IN (%1) DO ECHO - Scheduling shutdown of %%a in %WSUSREBOOTSECONDS% seconds.. ) FOR %%a IN (%1) DO START /MIN /WAIT %MSCUTILDIR%\PSSHUTDOWN.EXE -t %WSUSREBOOTSECONDS% -m "%WSUSMESSAGE%" -r \\%%a GOTO :EOF :CLEANUP IF EXIST %TEMP%\WSUSME.LST DEL /Q %TEMP%\WSUSME.LST IF EXIST %TEMP%\WSUSME.REG DEL /Q %TEMP%\WSUSME.REG GOTO :END :POOP ECHO ERROR: PSEXEC.EXE or PSSHUTDOWN.EXE files not found. These are required. ECHO. ECHO Please specify a directory location for PSEXEC.EXE and PSSHUTDOWN.EXE. ECHO This directory location variable is labeled MSCUTILDIR and is located at ECHO the beginning of this script in the SET_ENVIRONMENT section. If you need ECHO to download these utilities, you can download them individually or as ECHO a part of the PSTOOLS package from Microsoft/Sysinternals: ECHO. ECHO http://download.sysinternals.com/Files/PsTools.zip ECHO. ECHO These tools are free. GOTO :END :NOOP ECHO ERROR: Command-line parameter(s) missing. ECHO. ECHO Five (5) command-line parameter *must* be passed in order for this script to ECHO function. Please use the following syntax: ECHO. ECHO WSUSUR [SERVER] [COMPUTER] [GROUP] [#] [#] ECHO. ECHO. ECHO [SERVER] - WSUS server to check for updates. ECHO [COMPUTER] - Target computer for AU. Use 'WSUSUR.LST' for a static ECHO list of computers. ECHO [GROUP] - WSUS target group. Use 'none' to disable. ECHO [#] - Scheduled install time of day (24 hour format, 0-23). ECHO [#] - Hours until automatic reboot. Use 'none' to disable. ECHO Use '0' for an immediate reboot. ECHO. ECHO. ECHO EXAMPLE: ECHO. ECHO WSUSUR wsusserver:8530 testpc Test 19 1 ECHO. ECHO. ECHO This example will force automatic updates on the 'testpc' computer, checking ECHO for and pulling updates from the 'susserver' WSUS server, connecting on port ECHO 8530. The update target group for specific updates is set to 'Test'. The ECHO computer will begin the update process at 19:00 (7PM). The computer will ECHO automatically reboot in '1' hour. :END REM [WSUSUR] WSUS Update and Reboot 4.0 REM Copyright 2004-*, Santeria Systems REM Micheal Espinola Jr (michealespinola@gmail.com) REM REM Extra special thanks to Michael Smith, Bob Free and Martin Blackstone for REM concepts and code information used in this script! REM REM This script is free to USE & MODIFY for individual use, but not in a REM 3rd-party contracting situation. This script is not free for REDISTRIBUTION. ECHO. ECHO.=============================================================================== ECHO. ENDLOCAL
Thanks
Extra special thanks to Michael Smith, Bob Free and Martin Blackstone from the Sunbelt Software NTSYSADMIN list for concepts and registry code information used in this script.
