sunhux
asked on
batch script to download patches & silent install
I'll need a Windows .bat script (not a PowerShell script).
This batch script could call powershell.exe though as
shown below the === lines.
Lately with most staff working from home, patchings from
WSUS (somehow our WSUS often has instability issues
that our Wintel guys just can't fix it despite reinstalling) &
possibly WSUS can't push patches down via VPN to our
staffs' laptops (heard SCCM can't push patches via VPN).
Plan to run the script daily under local admin's Task Scheduler
so if the script find that current patches on the PC is already
up-to-date, it won't pull down/install the patches. If can
make this script run as service/background, will be better.
Script further below (extracted from spiceworks) is close to what I need:
https://community.spiceworks.com/topic/1951749-script-to-install-patches
just that I need help to enhance it such that it'll check between what're
the patches missing in the laptop vs what's available in MS:
Will also need to make the script as a service that runs under local
admin to regularly check for connectivity to Internet (we use split
VPN tunnel, such that only proxy-aware apps such as browsers
& Outlook will hv to take the route back to office corporate network
while I presume 'wusa' tool is not proxy-aware app.
This is a supplementary method to our WSUS : our Wintel guys run
into issue getting WSUS to patch for 6-12 months so I'll need an
alternative. We don't have SCCM but have Desktop Central.
===================================
@echo off
cd/
echo "Downloading Patches; This will take several minutes depends on your Internet speed"
powershell -Command "(New-Object Net.WebClient).DownloadFile('http://download.windowsupdate.com/c/msdownload/update/software/uprl/2020/03/windows-kb000000-x64-v5.81_74132082f1421c2217b1b07673b671ceddba20fb.exe', ' kb000000_Scan.exe')"
echo "1 out of 4 downloaded"
echo "****"
powershell -Command "(New-Object Net.WebClient).DownloadFile('http://download.windowsupdate.com/c/msdownload/update/software/secu/2020/03/windows10.0- kb000000-x64_5db6cfc57a8bda4d13107ad24b3fe8fd790219cf.msu', ' kb000000.msu')"
echo "2 out of 4 downloaded"
echo "****"
powershell -Command "(New-Object Net.WebClient).DownloadFile('http://download.windowsupdate.com/c/msdownload/update/software/secu/2020/04/windows10.0- kb000000-x64_705fda69935538eab5054d9d616e1761742816ec.msu', ' kb000000.msu')"
echo "3 out of 4 downloaded"
echo "****"
powershell -Command "(New-Object Net.WebClient).DownloadFile('http://download.windowsupdate.com/d/msdownload/update/software/secu/2020/04/windows10.0- kb000000-x64_5411f88ea08bfc0ac98f388f5a3bdc8bcfea3261.msu', ' kb000000.msu')"
echo "4 out of 4 are downloaded, Now installing patches!"
echo "****"
@echo off
cd/
wusa.exe C:\ kb000000.msu /quiet /norestart
echo " kb000000 is installed, processing the next one"
echo "****"
wusa.exe C:\ kb000000.msu /quiet /norestart
echo " kb000000 is installed, processing the next one"
echo "****"
echo "This will take 5-10 mins for installing"
echo "****"
wusa.exe C:\ kb000000.msu /quiet /norestart
===================================
I presume the script above hardcode specific patch/
update but would need to make it generic : we don't
have anymore Win7 nor Win 8 but various builds of
Windows 10.
Script will need to patch Windows, MS Office (incl
Outlook), MS Edge & Chrome.
This batch script could call powershell.exe though as
shown below the === lines.
Lately with most staff working from home, patchings from
WSUS (somehow our WSUS often has instability issues
that our Wintel guys just can't fix it despite reinstalling) &
possibly WSUS can't push patches down via VPN to our
staffs' laptops (heard SCCM can't push patches via VPN).
Plan to run the script daily under local admin's Task Scheduler
so if the script find that current patches on the PC is already
up-to-date, it won't pull down/install the patches. If can
make this script run as service/background, will be better.
Script further below (extracted from spiceworks) is close to what I need:
https://community.spiceworks.com/topic/1951749-script-to-install-patches
just that I need help to enhance it such that it'll check between what're
the patches missing in the laptop vs what's available in MS:
Will also need to make the script as a service that runs under local
admin to regularly check for connectivity to Internet (we use split
VPN tunnel, such that only proxy-aware apps such as browsers
& Outlook will hv to take the route back to office corporate network
while I presume 'wusa' tool is not proxy-aware app.
This is a supplementary method to our WSUS : our Wintel guys run
into issue getting WSUS to patch for 6-12 months so I'll need an
alternative. We don't have SCCM but have Desktop Central.
===================================
@echo off
cd/
echo "Downloading Patches; This will take several minutes depends on your Internet speed"
powershell -Command "(New-Object Net.WebClient).DownloadFile('http://download.windowsupdate.com/c/msdownload/update/software/uprl/2020/03/windows-kb000000-x64-v5.81_74132082f1421c2217b1b07673b671ceddba20fb.exe', ' kb000000_Scan.exe')"
echo "1 out of 4 downloaded"
echo "****"
powershell -Command "(New-Object Net.WebClient).DownloadFile('http://download.windowsupdate.com/c/msdownload/update/software/secu/2020/03/windows10.0- kb000000-x64_5db6cfc57a8bda4d13107ad24b3fe8fd790219cf.msu', ' kb000000.msu')"
echo "2 out of 4 downloaded"
echo "****"
powershell -Command "(New-Object Net.WebClient).DownloadFile('http://download.windowsupdate.com/c/msdownload/update/software/secu/2020/04/windows10.0- kb000000-x64_705fda69935538eab5054d9d616e1761742816ec.msu', ' kb000000.msu')"
echo "3 out of 4 downloaded"
echo "****"
powershell -Command "(New-Object Net.WebClient).DownloadFile('http://download.windowsupdate.com/d/msdownload/update/software/secu/2020/04/windows10.0- kb000000-x64_5411f88ea08bfc0ac98f388f5a3bdc8bcfea3261.msu', ' kb000000.msu')"
echo "4 out of 4 are downloaded, Now installing patches!"
echo "****"
@echo off
cd/
wusa.exe C:\ kb000000.msu /quiet /norestart
echo " kb000000 is installed, processing the next one"
echo "****"
wusa.exe C:\ kb000000.msu /quiet /norestart
echo " kb000000 is installed, processing the next one"
echo "****"
echo "This will take 5-10 mins for installing"
echo "****"
wusa.exe C:\ kb000000.msu /quiet /norestart
===================================
I presume the script above hardcode specific patch/
update but would need to make it generic : we don't
have anymore Win7 nor Win 8 but various builds of
Windows 10.
Script will need to patch Windows, MS Office (incl
Outlook), MS Edge & Chrome.
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Possibly the WSUS has issue pushing updates via VPN as well.
wsus doesn't push updates; clients pull from it
can clients reach the wsus server over the vpn?
ASKER
>wsus doesn't push updates; clients pull from it
>can clients reach the wsus server over the vpn?
Can only ping the WSUS but not pull updates via
VPN: there's concern our ISP WAN link can't
sustain it. Even when our laptops are on Corp
LAN, there's frequent errors updating: Wintel
guys have rebuilt a new WSUS but still facing
issue (which may be a new issue).
>can clients reach the wsus server over the vpn?
Can only ping the WSUS but not pull updates via
VPN: there's concern our ISP WAN link can't
sustain it. Even when our laptops are on Corp
LAN, there's frequent errors updating: Wintel
guys have rebuilt a new WSUS but still facing
issue (which may be a new issue).
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
VB Script
VBScript (Visual Basic Scripting Edition) is an interpreted scripting language developed by Microsoft that is modeled on Visual Basic, but with some important differences. VBScript is commonly used for automating administrative and other tasks in Windows operating systems (by means of the Windows Script Host) and for server-side scripting in ASP web applications. It is also used for client-side scripting in Internet Explorer, specifically in intranet web applications.
39K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
Our VPN is a split tunnel so could pull direct from MS if we use a script.
>if office 2019, it will update itself - along with edge and chrome
The script may skip Ofc2019 then as we're on o365 & likely will
move on to Ofc2019 end of the year