Solved

SUS Script

Posted on 2004-10-19
8
306 Views
Last Modified: 2006-11-17
Is there a sc ript that I can run on my clients to pull the updates from my SUS SERVER?

I have them scheduled for 3:00 am. I am doing some testing and from the looks of it Windows update is done on the whole whole hour...
12:00
1:00
2:00
etc:

How can I just force this connection?


Also......... after the SUS has an update that has to restart will it restart and continue pulling the remaining updates?
0
Comment
Question by:zyanj
  • 4
  • 3
8 Comments
 
LVL 6

Expert Comment

by:mslunecka
Comment Utility
You can't with SUS.  There is a built in "wiggle room" in the timeframe for when clients download and install patches from SUS.  You can set it in group policy along with your other SUS settings.  You must already have a policy that sets the time and enforcement level for SUS to be working at all.  SUS is already a scripted pull...what it sounds like you want is an automated push...which is tricky without a desktop management suite (SMS, landesk, altiris)...because you can't just say "execute this file" without first determining whether it has already been installed, what OS it relates to, whether the user even has the software package it is updating.  Those are the things that you get for free with SUS, but it happens on the client's schedule, not yours.

What you can do is to change your policy to enforce download and installation at a certain time.  What are your current GPO settings for SUS?
0
 
LVL 17

Accepted Solution

by:
Microtech earned 50 total points
Comment Utility
you can ...
Force the application of the group policy. Computers reapply group policies every 90 minutes, with a random offset of up to 30 minutes. So, you might have to wait as long as 2 hours for computers in your domain to start checking the SUS server for approved updates. To force the immediate application of the group policy on a Win2K machine, log on to the computer, open a command shell window, and run the command

secedit /refreshpolicy machine_policy

That computer should now start downloading any updates you've approved. If you're on an XP machine, run Gpupdate instead with no parameters.

Because you configured the SUS server to synchronize only the catalog, your AU clients will download the updates from a Windows Update server. When you come in the next morning, log on to one of your computers and open the Control Panel Add/Remove Programs applet. You should see the updates you approved earlier.
0
 

Expert Comment

by:ras2247
Comment Utility
Is it possible to force a group policy from the server to all workstations in the OU?? Rather than using GPUDATE at every PC Console...
0
 
LVL 17

Expert Comment

by:Microtech
Comment Utility
open your own question and you may get an answer, this one is closed
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 6

Expert Comment

by:mslunecka
Comment Utility
All group policies are "forced" on workstations.  I think what you're asking is if there is a way to force a gpupdate from the server to every workstation.  The answer to that is yes, but it's not a push-button kind of thing.  It requires extra software and/or scripting ability.  

The simplest thing to do is simply to tell everyone to reboot their computers.  Certain GPOs only apply at startup.  Others apply at logon and some others will apply while the computer is running.  In your default domain policy there is a setting for the group policy refresh rate.  I think the default is like 16 hours or something like that.  You can change that on the domain controllers and force it to refresh more frequently.  On my network it's 90 minutes.  Then just tell everyone to reboot before they go home and they'll be all set.
0
 
LVL 17

Expert Comment

by:Microtech
Comment Utility
the answer is yes btw... but open and i will tell you how
0
 
LVL 6

Expert Comment

by:mslunecka
Comment Utility
Oh, and also remember that the IIS user accounts need to be renamed.  THey are specific to the name of the server.

IUSR_SERVERNAME
and
IWAM_SERVERNAME

0
 
LVL 6

Expert Comment

by:mslunecka
Comment Utility
whoops, wrong window
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now