operationsIT
asked on
I am configuring Automatic Updates on my servers via GPO however I would prefer to install once a month rather than "Every" monday, tuesday, etc?
Hello EE,
I would like to limit my server reboots and schedule them around our maintenance window.
Currently I have GPO set to 4 to auto download and schedule the install, but my only options are "every" (select day of week) and I'd like to schedule it the last x of the month type of thing. Is this possible?
I would like to limit my server reboots and schedule them around our maintenance window.
Currently I have GPO set to 4 to auto download and schedule the install, but my only options are "every" (select day of week) and I'd like to schedule it the last x of the month type of thing. Is this possible?
Gabriel Clifton
What I do is I have a scheduled task that runs one script that installs updates and another one that checks if an update needs a reboot and reboots my servers at scheduled times if needed. I am not in my office right now to post the scripts.
ASKER
@Gabriel so every server you have created 2 tasks (or using same 2 scripts)?
I would be interested if you wouldn't mind sharing the scripts when you are in to see if this would work for me as well. The weekly thing on my servers is just to much troubleshooting of what updates are breaking the next day :-)
I would be interested if you wouldn't mind sharing the scripts when you are in to see if this would work for me as well. The weekly thing on my servers is just to much troubleshooting of what updates are breaking the next day :-)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you so much I will test now. As for Control Panel > Windows Updates what do you have this set to?
I have it set to "Download updates but let me choose whether to install them"
ASKER
I am testing it now but it's been at "searching for updates" for 2 hours. How long did yours take?
2 hours can be a little long, but it usually depends on how many updates there are. I have had a little as 15 minutes for one update and around 1 hour to 1-1/2 hour for many.
ASKER
Let it run all night and still sitting at searching for updates...
How long does it take for the server to search for updates manually? You are running it with cscript.exe and not wscript.exe right. I have tested the code posted on a few systems and workstations and it appears to be working fine. I have attached the same script that I use just in case of some weird copy paste problem on posting. I find these scripts to be invaluable and I want it to work the same for you.
ServerUpdate.vbs
ServerUpdate.vbs
ASKER
Thanks I will try that. Can you share how I can confirm it is with cscript as I believe I did set it up right.
ASKER
I am starting a program C:\windows\system32\cscrip
Have you tried manually running the script from command line? Have you tried with other systems? How long does it take to search for Windows updates when you manually check without script?
ASKER
runs find from command line. Are you running cscript as a program and the .vbs as an argument??
I do have
Run with hightest privileges checked
Action: Start a program
Program/script: cscript.exe
Add arguments: "PathToVBS\ServerUpdate.vb
Run with hightest privileges checked
Action: Start a program
Program/script: cscript.exe
Add arguments: "PathToVBS\ServerUpdate.vb
ASKER
This is fabulous thank you so much for sharing!
No problem, I enjoy it as well.
ASKER
@Gabriel, I am trying to run this on other servers and getting an error on line 8 field 1. Any ideas?
The script is a modified version of this one from MSN https://msdn.microsoft.com/en-us/library/windows/desktop/aa387102(v=vs.85).aspx, you can try the original to see if it work for you and modify from there.
Testing the script a bit, I have found that "IsAssigned=1 and " in line 9 can cause an error. This usually works for me with it there but you may see this as your issue. Just remove that part. Also, you can change the "Type='Software'" to "Type='Driver'" to download drivers, or remove that to search for both. The "IsHidden=0" will not install updates that you have manually hidden.
ASKER
Ok tried that and it actually is the line before it actually where it is failing (line 8 character 1)
I've tried the suggestions you made and the one direct off line. Just curious if you would have any thoughts. I"ll continue to poke as I feel I'm close and you've been so helpful!
I've tried the suggestions you made and the one direct off line. Just curious if you would have any thoughts. I"ll continue to poke as I feel I'm close and you've been so helpful!
ASKER
One note is we use a WSUS server so don't actually go to windows online for updates
I have been working on this one, give it a try. On line 15 you can specify WSUS (ssManagedServer), Microsoft (ssWindowsUpdate), or anything else from lines 2-5.
'ServerSelection values
ssDefault = 0
ssManagedServer = 1
ssWindowsUpdate = 2
ssOthers = 3
'InStr values
intSearchStartChar = 1
dim strTitle
Set updateSession = CreateObject("Microsoft.Update.Session")
Set updateSearcher = updateSession.CreateupdateSearcher()
updateSearcher.ServerSelection = ssManagedServer
Set searchResult = updateSearcher.Search("IsInstalled=0 and IsHidden=0")
WScript.Echo "List of applicable items on the machine:"
For I = 0 To searchResult.Updates.Count-1
Set update = searchResult.Updates.Item(I)
WScript.Echo I + 1 & "> " & update.Title
Next
If searchResult.Updates.Count = 0 Then
WScript.Echo "There are no applicable updates."
WScript.Quit
End If
WScript.Echo vbCRLF & "Creating collection of updates to download:"
Set updatesToDownload = CreateObject("Microsoft.Update.UpdateColl")
For I = 0 to searchResult.Updates.Count-1
Set update = searchResult.Updates.Item(I)
addThisUpdate = False
Select Case update.Title
Case "Internet Explorer 11 for Windows 7"
WScript.Echo I + 1 & "> skipping: " & update.Title & _
" because of specified requirements"
addThisUpdate = False
Case "Internet Explorer 10 for Windows 7"
WScript.Echo I + 1 & "> skipping: " & update.Title & _
" because of specified requirements"
addThisUpdate = False
Case Else
If update.InstallationBehavior.CanRequestUserInput = true Then
WScript.Echo I + 1 & "> skipping: " & update.Title & _
" because it requires user input"
Else
If update.EulaAccepted = false Then
WScript.Echo I + 1 & "> note: " & update.Title & _
" has a license agreement that must be accepted:"
WScript.Echo update.EulaText
' WScript.Echo "Do you accept this license agreement? (Y/N)"
''strInput = WScript.StdIn.ReadLine
strInput = "Y"
WScript.Echo
If (strInput = "Y" or strInput = "y") Then
update.AcceptEula()
addThisUpdate = true
Else
WScript.Echo I + 1 & "> skipping: " & update.Title & _
" because the license agreement was declined"
End If
Else
addThisUpdate = true
End If
End If
End Select
If addThisUpdate = true Then
WScript.Echo I + 1 & "> adding: " & update.Title
updatesToDownload.Add(update)
End If
Next
If updatesToDownload.Count = 0 Then
WScript.Echo "All applicable updates were skipped."
WScript.Quit
End If
WScript.Echo vbCRLF & "Downloading updates..."
Set downloader = updateSession.CreateUpdateDownloader()
downloader.Updates = updatesToDownload
downloader.Download()
Set updatesToInstall = CreateObject("Microsoft.Update.UpdateColl")
rebootMayBeRequired = false
WScript.Echo vbCRLF & "Successfully downloaded updates:"
For I = 0 To searchResult.Updates.Count-1
set update = searchResult.Updates.Item(I)
If update.IsDownloaded = true Then
WScript.Echo I + 1 & "> " & update.Title
updatesToInstall.Add(update)
If update.InstallationBehavior.RebootBehavior > 0 Then
rebootMayBeRequired = true
End If
End If
Next
If updatesToInstall.Count = 0 Then
WScript.Echo "No updates were successfully downloaded."
WScript.Quit
End If
If rebootMayBeRequired = true Then
WScript.Echo vbCRLF & "These updates may require a reboot."
End If
'WScript.Echo vbCRLF & "Would you like to install updates now? (Y/N)"
'strInput = WScript.StdIn.ReadLine
strInput = "Y"
WScript.Echo
If (strInput = "Y" or strInput = "y") Then
WScript.Echo "Installing updates..."
Set installer = updateSession.CreateUpdateInstaller()
installer.Updates = updatesToInstall
Set installationResult = installer.Install()
'Output results of install
WScript.Echo "Installation Result: " & _
installationResult.ResultCode
WScript.Echo "Reboot Required: " & _
installationResult.RebootRequired & vbCRLF
WScript.Echo "Listing of updates installed " & _
"and individual installation results:"
For I = 0 to updatesToInstall.Count - 1
WScript.Echo I + 1 & "> " & _
updatesToInstall.Item(i).Title & _
": " & installationResult.GetUpdateResult(i).ResultCode
Next
End If ASKER
Ok giving it a go...
ASKER
It seems to run
Installing updates....
Installation Result: 3
Re Reboot Required: False
Listing of updates installed and individual installation results:
1. Adobe 2
2. Security 4
3. Security 4
4. Security 4
Installing updates....
Installation Result: 3
Re Reboot Required: False
Listing of updates installed and individual installation results:
1. Adobe 2
2. Security 4
3. Security 4
4. Security 4