Solved

forcing a windows update to download now using group policy

Posted on 2009-07-15
12
400 Views
Last Modified: 2012-05-07
I am using group policy to handle windows updates - some groups I have download and auto install.  ANother group I have Download but wait to install.

In this second group some of the updates are dowloaded some are not - this accurding to WSUS tool.

How can I tell what is in queue to download ?

and more importantly

How can I download it now.

I have tries wsauclt /detectnow and that seems to work sometimes.
0
Comment
Question by:bestfriends
  • 4
  • 3
  • 3
  • +1
12 Comments
 
LVL 4

Expert Comment

by:andrewc2189
ID: 24862475
You should go to Updates and highlight "all updates". From there you should choose Approval: "Approved" and for  Status: "Failed or Needed"

This will list all of the updates that are approved to be in line to install or ones that are in line but have failed.

The second group will only auto-install if it is setup to do so like the first group. It will download the updates, but not install them without user interaction. You could only change that by doing so in group policy to be like the first group.

Secondly, make sure that the updates you want installed are approved for the second group. You may have only approved them for the first and that is why they haven't all downloaded.
0
 

Author Comment

by:bestfriends
ID: 24862593
Thanks for respondiong but you did not get my question.

I have everything working - I just want to see the download queue.  What update will be downloaded next to what PC - surely that info is somewhere.

I also would like to force one machine to download now not wait for it to happen.  Jump the queue.

0
 
LVL 4

Expert Comment

by:andrewc2189
ID: 24862704
Honestly, I do not believe you can force any once machine, or even a group of machines, to download immediately. I would appreciate other experts to weigh in on that because I've never seen a way to do so.

The closest thing I know to a download queue is what I said earlier. A list of approved updates for computers with a status of needed/failed. I don't know of any other way to see what updates a computer will download next. I just don't believe the software is that far along yet.

This is just from my own experience with it, if any other experts know different I would appreciate being corrected!
0
 
LVL 27

Expert Comment

by:michko
ID: 24863099
I don't know how to see what is in the queue - but you can do a gpupdate command specifying the target computer - this will force the target computer to refresh all local and AD based gp settings - so if there are updates waiting, they would get installed.

This link has the specific syntax for gpupdate:
http://technet.microsoft.com/en-us/library/cc739112(WS.10).aspx

0
 
LVL 4

Expert Comment

by:andrewc2189
ID: 24863148
Michko, that would update the GP for the Auto-update settings, but it's within those settings that determine when the updates get downloaded and installed. From what I understand you can only specify a time of day for windows updates to be installed under the GP, so the only way to "force" an update would be to change the group policy to the nearest time, update the GP (gpupdate /force in cmd like you said) and then hope it downloads it.
0
 

Author Comment

by:bestfriends
ID: 24863229
I have done the gpupdate but that just gets the group policy

wuauclt /detectnow helps.

Microsoft please help - I think this is a valid request :)
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 27

Expert Comment

by:michko
ID: 24863876
Okay, I'll defer to someone who has actual experience using gpupdate.  I sat through a conference class a couple of weeks ago on AD that talked about using gpupdate to force group policy changes - including updates.  I must have misunderstood something.  Wouldn't be the first time, lol.  
0
 
LVL 4

Expert Comment

by:andrewc2189
ID: 24863931
Ha, well you're not wrong about the policy getting forced to change automatically, but that isn't the issue. The issue is windows updates from the WSUS server getting downloaded automatically upon command. Did your conference say you could do that? If so cool, but I don't see how.
0
 
LVL 27

Expert Comment

by:michko
ID: 24864156
Nope, conference didn't specify that.  My mistake for extrapolating gpupdate to also forcing any pending WSUS updates.
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 24866054

WSUS Client FAQ
Q. How to forcibly install a patch on all WSUS clients immediately?


A. To install the patches immediately, you have to do the following: Set a deadline on patch in the WSUS admin UI for any date in the past. This will cause all clients to immediately download and install the patch, rebooting if needed, as soon as they receive it on next scan) From the command line on each client, run "wuauclt.exe /detectnow". This will cause AU to immediately do that "next scan" on that client.


Client Behavior with Update Deadline
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24866087
BTW.....LOL Gpupdate has nothing to with updates. It should have been named "GPReplicate"  or  "GPSynch" . All GPUdate does is refresh  Group Policies which are normally done every 90 minutes by default.
0
 

Author Comment

by:bestfriends
ID: 24880873
Here is update - no where can you actually look at the queue to be downloaded and no where can you say force now.  As sysadmin this is useful information.

dstewartjr gave most info - setting date in past helps to force it but don't know when.

I do have some pcs on network that want to install updates and shut down - whch is annoying because they are remote and how can I get them back on.  However most are ok and all have same group policy.  I will continue to look at those install and shut dow ones.  What I do to get around is to log off and log on as admin and then I can install and restart/re login or whatever necessary.

IMO - gpupdate /Force is always worth doing to Force the latest policies - otherwise only changes are sent - and one never knows.

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

by Nathan Brom/Bromy2004 Introduction There are numerous websites out there for any different type of program you can imagine.  Of those, you'll need to decide which ones are legitimate and aren't trying to steal your money or infect your comput…
This article describes how to set permissions to allow a limited-permissions user to start and stop a particular System Service.   It is always best to give users only the permissions that they need to perform their job, so tweaking particular permi…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now