Solved

SUS Script

Posted on 2004-10-19
8
317 Views
Last Modified: 2006-11-17
Is there a sc ript that I can run on my clients to pull the updates from my SUS SERVER?

I have them scheduled for 3:00 am. I am doing some testing and from the looks of it Windows update is done on the whole whole hour...
12:00
1:00
2:00
etc:

How can I just force this connection?


Also......... after the SUS has an update that has to restart will it restart and continue pulling the remaining updates?
0
Comment
Question by:zyanj
  • 4
  • 3
8 Comments
 
LVL 6

Expert Comment

by:mslunecka
ID: 12349869
You can't with SUS.  There is a built in "wiggle room" in the timeframe for when clients download and install patches from SUS.  You can set it in group policy along with your other SUS settings.  You must already have a policy that sets the time and enforcement level for SUS to be working at all.  SUS is already a scripted pull...what it sounds like you want is an automated push...which is tricky without a desktop management suite (SMS, landesk, altiris)...because you can't just say "execute this file" without first determining whether it has already been installed, what OS it relates to, whether the user even has the software package it is updating.  Those are the things that you get for free with SUS, but it happens on the client's schedule, not yours.

What you can do is to change your policy to enforce download and installation at a certain time.  What are your current GPO settings for SUS?
0
 
LVL 17

Accepted Solution

by:
Microtech earned 50 total points
ID: 12586815
you can ...
Force the application of the group policy. Computers reapply group policies every 90 minutes, with a random offset of up to 30 minutes. So, you might have to wait as long as 2 hours for computers in your domain to start checking the SUS server for approved updates. To force the immediate application of the group policy on a Win2K machine, log on to the computer, open a command shell window, and run the command

secedit /refreshpolicy machine_policy

That computer should now start downloading any updates you've approved. If you're on an XP machine, run Gpupdate instead with no parameters.

Because you configured the SUS server to synchronize only the catalog, your AU clients will download the updates from a Windows Update server. When you come in the next morning, log on to one of your computers and open the Control Panel Add/Remove Programs applet. You should see the updates you approved earlier.
0
 

Expert Comment

by:ras2247
ID: 14010680
Is it possible to force a group policy from the server to all workstations in the OU?? Rather than using GPUDATE at every PC Console...
0
Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

 
LVL 17

Expert Comment

by:Microtech
ID: 14010781
open your own question and you may get an answer, this one is closed
0
 
LVL 6

Expert Comment

by:mslunecka
ID: 14010784
All group policies are "forced" on workstations.  I think what you're asking is if there is a way to force a gpupdate from the server to every workstation.  The answer to that is yes, but it's not a push-button kind of thing.  It requires extra software and/or scripting ability.  

The simplest thing to do is simply to tell everyone to reboot their computers.  Certain GPOs only apply at startup.  Others apply at logon and some others will apply while the computer is running.  In your default domain policy there is a setting for the group policy refresh rate.  I think the default is like 16 hours or something like that.  You can change that on the domain controllers and force it to refresh more frequently.  On my network it's 90 minutes.  Then just tell everyone to reboot before they go home and they'll be all set.
0
 
LVL 17

Expert Comment

by:Microtech
ID: 14010787
the answer is yes btw... but open and i will tell you how
0
 
LVL 6

Expert Comment

by:mslunecka
ID: 14010868
Oh, and also remember that the IIS user accounts need to be renamed.  THey are specific to the name of the server.

IUSR_SERVERNAME
and
IWAM_SERVERNAME

0
 
LVL 6

Expert Comment

by:mslunecka
ID: 14010901
whoops, wrong window
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction How to create multiboot configuration with XP\Vista and Windows 7 on it? And most important question - how to do this correctly so not to have any kind of nightmares we get when system gets screwed? First of all one should realize t…
Sometimes a user will call me frantically, explaining that something has gone wrong and they have tried everything (read - they have messed it up more and now need someone to clean up) and it still does no good, can I help them?!  Usually the standa…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question