Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


SUS Script

Posted on 2004-10-19
Medium Priority
Last Modified: 2006-11-17
Is there a sc ript that I can run on my clients to pull the updates from my SUS SERVER?

I have them scheduled for 3:00 am. I am doing some testing and from the looks of it Windows update is done on the whole whole hour...

How can I just force this connection?

Also......... after the SUS has an update that has to restart will it restart and continue pulling the remaining updates?
Question by:zyanj
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3

Expert Comment

ID: 12349869
You can't with SUS.  There is a built in "wiggle room" in the timeframe for when clients download and install patches from SUS.  You can set it in group policy along with your other SUS settings.  You must already have a policy that sets the time and enforcement level for SUS to be working at all.  SUS is already a scripted pull...what it sounds like you want is an automated push...which is tricky without a desktop management suite (SMS, landesk, altiris)...because you can't just say "execute this file" without first determining whether it has already been installed, what OS it relates to, whether the user even has the software package it is updating.  Those are the things that you get for free with SUS, but it happens on the client's schedule, not yours.

What you can do is to change your policy to enforce download and installation at a certain time.  What are your current GPO settings for SUS?
LVL 17

Accepted Solution

Microtech earned 150 total points
ID: 12586815
you can ...
Force the application of the group policy. Computers reapply group policies every 90 minutes, with a random offset of up to 30 minutes. So, you might have to wait as long as 2 hours for computers in your domain to start checking the SUS server for approved updates. To force the immediate application of the group policy on a Win2K machine, log on to the computer, open a command shell window, and run the command

secedit /refreshpolicy machine_policy

That computer should now start downloading any updates you've approved. If you're on an XP machine, run Gpupdate instead with no parameters.

Because you configured the SUS server to synchronize only the catalog, your AU clients will download the updates from a Windows Update server. When you come in the next morning, log on to one of your computers and open the Control Panel Add/Remove Programs applet. You should see the updates you approved earlier.

Expert Comment

ID: 14010680
Is it possible to force a group policy from the server to all workstations in the OU?? Rather than using GPUDATE at every PC Console...
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 17

Expert Comment

ID: 14010781
open your own question and you may get an answer, this one is closed

Expert Comment

ID: 14010784
All group policies are "forced" on workstations.  I think what you're asking is if there is a way to force a gpupdate from the server to every workstation.  The answer to that is yes, but it's not a push-button kind of thing.  It requires extra software and/or scripting ability.  

The simplest thing to do is simply to tell everyone to reboot their computers.  Certain GPOs only apply at startup.  Others apply at logon and some others will apply while the computer is running.  In your default domain policy there is a setting for the group policy refresh rate.  I think the default is like 16 hours or something like that.  You can change that on the domain controllers and force it to refresh more frequently.  On my network it's 90 minutes.  Then just tell everyone to reboot before they go home and they'll be all set.
LVL 17

Expert Comment

ID: 14010787
the answer is yes btw... but open and i will tell you how

Expert Comment

ID: 14010868
Oh, and also remember that the IIS user accounts need to be renamed.  THey are specific to the name of the server.



Expert Comment

ID: 14010901
whoops, wrong window

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just about everyone has an old PC laying around.  Ask anyone in the IT industry, whether they are a professional or play in it as a hobby.  From outdated Desktops to cheap "throwaway" laptops, they are all around and not as hard to "fix up" as you m…
Windows 7 does not have the best desktop search built in. This is something Windows 7 users have struggled with. You type something in, and your search results don’t always match what you are looking for, or it doesn’t actually work at all. There ar…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question