Link to home
Start Free TrialLog in
Avatar of zyanj
zyanj

asked on

SUS Script

Is there a sc ript that I can run on my clients to pull the updates from my SUS SERVER?

I have them scheduled for 3:00 am. I am doing some testing and from the looks of it Windows update is done on the whole whole hour...
12:00
1:00
2:00
etc:

How can I just force this connection?


Also......... after the SUS has an update that has to restart will it restart and continue pulling the remaining updates?
Avatar of mslunecka
mslunecka
You can't with SUS.  There is a built in "wiggle room" in the timeframe for when clients download and install patches from SUS.  You can set it in group policy along with your other SUS settings.  You must already have a policy that sets the time and enforcement level for SUS to be working at all.  SUS is already a scripted pull...what it sounds like you want is an automated push...which is tricky without a desktop management suite (SMS, landesk, altiris)...because you can't just say "execute this file" without first determining whether it has already been installed, what OS it relates to, whether the user even has the software package it is updating.  Those are the things that you get for free with SUS, but it happens on the client's schedule, not yours.

What you can do is to change your policy to enforce download and installation at a certain time.  What are your current GPO settings for SUS?
ASKER CERTIFIED SOLUTION
Avatar of Microtech
Microtech
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ras2247
ras2247
Is it possible to force a group policy from the server to all workstations in the OU?? Rather than using GPUDATE at every PC Console...
Avatar of Microtech
Microtech
Flag of United Kingdom of Great Britain and Northern Ireland image
open your own question and you may get an answer, this one is closed
Avatar of mslunecka
mslunecka
All group policies are "forced" on workstations.  I think what you're asking is if there is a way to force a gpupdate from the server to every workstation.  The answer to that is yes, but it's not a push-button kind of thing.  It requires extra software and/or scripting ability.  

The simplest thing to do is simply to tell everyone to reboot their computers.  Certain GPOs only apply at startup.  Others apply at logon and some others will apply while the computer is running.  In your default domain policy there is a setting for the group policy refresh rate.  I think the default is like 16 hours or something like that.  You can change that on the domain controllers and force it to refresh more frequently.  On my network it's 90 minutes.  Then just tell everyone to reboot before they go home and they'll be all set.
Avatar of Microtech
Microtech
Flag of United Kingdom of Great Britain and Northern Ireland image
the answer is yes btw... but open and i will tell you how
Avatar of mslunecka
mslunecka
Oh, and also remember that the IIS user accounts need to be renamed.  THey are specific to the name of the server.

IUSR_SERVERNAME
and
IWAM_SERVERNAME

Avatar of mslunecka
mslunecka
whoops, wrong window