• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Wsus sample scripts
 

Wsus sample scripts

on

  • 3,257 views

 

Statistics

Views

Total Views
3,257
Views on SlideShare
3,257
Embed Views
0

Actions

Likes
0
Downloads
57
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Greg Shields
  • Greg Shields
  • Greg Shields Very useful web site: Navigate to http://www.microsoft.com/technet/community/columns/scripts/default.mspx and search for the July, 2005 issue of the Scripting Guys Newsletter “Tales from the Script”. This issue gives some good, but basic scripts you can use. We ’ll expand on those scripts shortly – and add to them the ability to use them on remote machines! There are a number of objects that can be created on the client, but only a few that can be interfaced through VBScript. Below is the mapping between the objects you can interface in VBScript and their associated COM object: Microsoft.Update.AgentInfo iWindowsUpdateAgentInfo Microsoft.Update.AutoUpdate iAutomaticUpdates Microsoft.Update.Downloader iUpdateDownloader Microsoft.Update.Installer iUpdateInstaller Microsoft.Update.Searcher iUpdateSearcher Microsoft.Update.ServiceManager iUpdateServiceManager Microsoft.Update.Session iUpdateSession Microsoft.Update.StringColl iStringCollection Microsoft.Update.SystemInfo iSystemInformation Microsoft.Update.UpdateColl iUpdateCollection Microsoft.Update.WebProxy iWebProxy Information about all of these can be found at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wua_sdk/wua/interfaces.asp
  • Greg Shields '========================================================================== ' ' VBScript Source File ' ' NAME: techmentor_wsus-install-client.vbs ' ' WARNING: This script is provided as-is with no implied or expressed ' warranties or guarantees of functionality. Use at your own risk. ' This script could lead to system problems or a system crash and ' the author of this script is not responsible or liable for any problems ' or errors associated with its use. Use of this script constitutes ' agreement with this warning. ' ' NOTE: This script installs the WUA client and its necessary pre-requisites ' onto a list of computers and reboots the computer. The individual ' pre-requisites noted below must be in the same folder as where the script is run. ' ' INPUTS: A filename of a text file that includes the computers you want ' to scan. One computer per line. ' ' OUTPUTS: None ' ' SYNTAX: techmentor_wsus-install-client.vbs computers.txt ' '==========================================================================
  • Greg Shields strComputerList = WScript.Arguments.Item(0) strPreReq = "Windows2000-KB842773-x86-ENU.EXE" strPreReq2 = "WindowsInstaller-KB893803-v2-x86.exe" strAgent = "WindowsUpdateAgent20-x86.exe" Set objShell = CreateObject("WScript.Shell") Set fso = CreateObject("Scripting.FileSystemObject") Set f = fso.OpenTextFile(strComputerList, 1, True) Do While f.AtEndOfLine <> True strComputer = f.ReadLine objShell.Run("psexec.exe \\\\" & strComputer & " -c " & strPreReq & " /quiet /norestart"), 0, True objShell.Run("psexec.exe \\\\" & strComputer & " -c " & strPreReq2 & " /quiet /norestart"), 0, True objShell.Run("psexec.exe \\\\" & strComputer & " -c " & strAgent & " /wuforce /quiet"), 0, True Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\\\" & strComputer & "\\root\\cimv2") Set colOperatingSystems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem") For Each objOperatingSystem in colOperatingSystems objOperatingSystem.Reboot() Next Loop WScript.Echo "Done!"
  • Greg Shields '========================================================================== ' ' VBScript Source File ' ' NAME: techmentor_wsus-detectinstalled.vbs ' ' WARNING: This script is provided as-is with no implied or expressed ' warranties or guarantees of functionality. Use at your own risk. ' This script could lead to system problems or a system crash and ' the author of this script is not responsible or liable for any problems ' or errors associated with its use. Use of this script constitutes ' agreement with this warning. ' ' NOTE: This script leverages the WUA client to identify the updates ' currently installed on a list of computers. ' ' INPUTS: A filename of a text file that includes the computers you want ' to scan. One computer per line. ' ' OUTPUTS: A .CSV file that includes each computer and the currently installed ' updates on that computer. ' ' SYNTAX: techmentor_wsus_detectinstalled.vbs computers.txt ' '==========================================================================
  • Greg Shields strComputerList = WScript.Arguments.Item(0) Set fso = CreateObject("Scripting.FileSystemObject") Set f = fso.OpenTextFile(strComputerList, 1, True) Set objTextFile = fso.OpenTextFile("OUTPUT.csv", 2, True) objTextFile.WriteLine("Computer Name,Update Title") Do While f.AtEndOfLine <> True strComputer = f.ReadLine Set objSession = CreateObject("Microsoft.Update.Session", strComputer) Set objSearcher = objSession.CreateUpdateSearcher() intHistoryCount = objSearcher.GetTotalHistoryCount Set colHistory = objSearcher.QueryHistory(0, intHistoryCount) For Each objHistory in colHistory objTextFile.WriteLine(strComputer & "," & Replace(objHistory.Title, ",", "")) Next Loop WScript.Echo "Done!"
  • Greg Shields '========================================================================== ' ' VBScript Source File ' ' NAME: techmentor_wsus-detectNotInstalled.vbs ' ' WARNING: This script is provided as-is with no implied or expressed ' warranties or guarantees of functionality. Use at your own risk. ' This script could lead to system problems or a system crash and ' the author of this script is not responsible or liable for any problems ' or errors associated with its use. Use of this script constitutes ' agreement with this warning. ' ' NOTE: This script leverages the WUA client to identify the updates ' not installed on a list of computers. ' ' INPUTS: A filename of a text file that includes the computers you want ' to scan. One computer per line. ' ' OUTPUTS: A .CSV file that includes each computer and the currently ' uninstalled updates on that computer. ' ' SYNTAX: techmentor_wsus_detectNotInstalled.vbs computers.txt ' '==========================================================================
  • Greg Shields strComputerList = WScript.Arguments.Item(0) Set fso = CreateObject("Scripting.FileSystemObject") Set f = fso.OpenTextFile(strComputerList, 1, True) Set objTextFile = fso.OpenTextFile("OUTPUT.csv", 2, True) objTextFile.WriteLine("Computer Name,Update Title") Do While f.AtEndOfLine <> True strComputer = f.ReadLine Set objSession = CreateObject("Microsoft.Update.Session", strComputer) Set objSearcher = objSession.CreateUpdateSearcher() Set objResults = objSearcher.Search("Type='Software'") Set colUpdates = objResults.Updates For i = 0 to colUpdates.Count - 1 If colUpdates.Item(i).IsInstalled = FALSE Then objTextFile.WriteLine(strComputer & "," & colUpdates.Item(i).Title) End If Next Loop WScript.Echo "Done!"
  • Greg Shields '========================================================================== ' ' VBScript Source File ' ' NAME: techmentor_wsus-install.vbs ' ' WARNING: This script is provided as-is with no implied or expressed ' warranties or guarantees of functionality. Use at your own risk. ' This script could lead to system problems or a system crash and ' the author of this script is not responsible or liable for any problems ' or errors associated with its use. Use of this script constitutes ' agreement with this warning. ' ' NOTE: This script leverages PSExec to remotely launch the 'install agent' ' on a list of remote computers. ' ' INPUTS: A filename of a text file that includes the computers you want ' to scan. One computer per line. Also, the username and password ' of the administrator in "domain\\username" format ' ' OUTPUTS: None ' ' SYNTAX: wsus-install.vbs computers.txt domain\\username PassWord! ' '==========================================================================
  • Greg Shields strComputerList = WScript.Arguments.Item(0) strUserName = WScript.Arguments.Item(1) strPassword = WScript.Arguments.Item(2) strAgent = "techmentor_wsus-install-agent.vbs" Set objShell = CreateObject("WScript.Shell") Set fso = CreateObject("Scripting.FileSystemObject") Set f = fso.OpenTextFile(strComputerList, 1, True) Do While f.AtEndOfLine <> True strComputer = f.ReadLine fso.CopyFile strAgent, "\\\\" & strComputer & "\\admin$\\system32\\", True WScript.Echo ("psexec.exe \\\\" & strComputer & " -u " & strUserName & " -p " & strPassword & " " & strAgent) Set objExecObject = objShell.Exec("psexec.exe \\\\" & strComputer & " -u " & strUserName & " -p " & strPassword & " cscript " & strAgent) Loop WScript.Echo "Done! “ '========================================================================== ' ' VBScript Source File ' ' NAME: techmentor_wsus-Install-agent.vbs ' ' WARNING: This script is provided as-is with no implied or expressed ' warranties or guarantees of functionality. Use at your own risk. ' This script could lead to system problems or a system crash and ' the author of this script is not responsible or liable for any problems ' or errors associated with its use. Use of this script constitutes ' agreement with this warning. ' ' NOTE: This script is the agent that actually downloads and installs the ' individual updates on each computer. This script leverages WUA to ' determine the necessary updates, install them, and reboot. A ' wuauclt /detectnow may be needed for the machine to upload its status ' back to the WSUS server. This script can either be run directly on ' a machine console or can be remotely run via techmentor_wsus-install.vbs. ' ' INPUTS: A filename of a text file that includes the computers you want ' to scan. One computer per line. ' ' OUTPUTS: None ' '========================================================================== Set fso = CreateObject("Scripting.FileSystemObject") Set objAutomaticUpdates = CreateObject("Microsoft.Update.AutoUpdate") objAutomaticUpdates.EnableService objAutomaticUpdates.DetectNow Set objSession = CreateObject("Microsoft.Update.Session") Set objSearcher = objSession.CreateUpdateSearcher() Set objResults = objSearcher.Search("IsInstalled=0 and Type='Software'") Set colUpdates = objResults.Updates
  • Greg Shields Set objUpdatesToDownload = CreateObject("Microsoft.Update.UpdateColl") intUpdateCount = 0 For i = 0 to colUpdates.Count - 1 intUpdateCount = intUpdateCount + 1 Set objUpdate = colUpdates.Item(i) objUpdatesToDownload.Add(objUpdate) Next If intUpdateCount = 0 Then WScript.Quit Else Set objDownloader = objSession.CreateUpdateDownloader() objDownloader.Updates = objUpdatesToDownload objDownloader.Download() Set objInstaller = objSession.CreateUpdateInstaller() objInstaller.Updates = objUpdatesToDownload Set installationResult = objInstaller.Install() Set objSysInfo = CreateObject("Microsoft.Update.SystemInfo") If objSysInfo.RebootRequired Then Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\\\localhost\\root\\cimv2") Set colOperatingSystems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem") For Each objOperatingSystem in colOperatingSystems objOperatingSystem.Reboot() Next End If End If
  • Greg Shields '========================================================================== ' ' VBScript Source File ' ' NAME: techmentor_WSUS-QtoMSMatch.vbs ' ' WARNING: This script is provided as-is with no implied or expressed ' warranties or guarantees of functionality. Use at your own risk. ' This script could lead to system problems or a system crash and ' the author of this script is not responsible or liable for any problems ' or errors associated with its use. Use of this script constitutes ' agreement with this warning. ' ' NOTE: For this script to function when not run on the WSUS server, you will ' need to enable TCP/IP and/or Named Pipes connections. Configuring the ' WSUS server for mixed mode authentication may also be likely. ' ' INPUTS: None ' ' OUTPUTS: A .CSV file with the update title matched with the MS number. ' '==========================================================================
  • Greg Shields strWSUSServer = “" Set fso = CreateObject("Scripting.FileSystemObject") Set objTextFile = fso.OpenTextFile("OUTPUT.csv", 2, True) objTextFile.WriteLine("MS Number,Q Number") Set conn = CreateObject("ADODB.Connection") Set rs = CreateObject("ADODB.Recordset") dbconn = "Driver={SQL Server};Server=" & strWSUSServer & ";Database=SUSDB" conn.open dbconn strSQLQuery = "SELECT dbo.tbSecurityBulletinForRevision.SecurityBulletinID, dbo.tbLocalizedProperty.Title FROM dbo.tbLocalizedPropertyForRevision INNER JOIN dbo.tbLocalizedProperty ON dbo.tbLocalizedPropertyForRevision.LocalizedPropertyID = dbo.tbLocalizedProperty.LocalizedPropertyID INNER JOIN dbo.tbSecurityBulletinForRevision ON dbo.tbLocalizedPropertyForRevision.RevisionID = dbo.tbSecurityBulletinForRevision.RevisionID WHERE (dbo.tbLocalizedPropertyForRevision.LanguageID = 1033) ORDER BY dbo.tbSecurityBulletinForRevision.SecurityBulletinID" rs.Open strSQLQuery, conn, 3, 3 While Not rs.EOF objTextFile.WriteLine(rs.Fields(0).Value & "," & Replace(rs.Fields(1).Value, ",", "")) rs.MoveNext Wend WScript.Echo "Done!"

Wsus sample scripts Wsus sample scripts Presentation Transcript

  • WSUS Sample Scripts
    • These scripts were originally developed for WSUS 3.0, and have been lingering around my script quiver for years.
    • They ’re yours to use, but are offered with no warranties, express or implied
    • Use at your own risk!
      • Because, well, I have to say that… 
  • This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it within your own organization however you like. For more information on our company, including information on private classes and upcoming conference appearances, please visit our Web site, www.ConcentratedTech.com . For links to newly-posted decks, follow us on Twitter: @concentrateddon or @concentratdgreg This work is copyright ©Concentrated Technology, LLC
  • So, why scripting?
    • There ’s a lot you can do with WSUS and the GUI console, but sometimes you have very specific needs.
      • The WSUS GUI is slow
      • Exporting compliance data isn ’t often user-friendly
      • Some items not available or easy in the GUI
      • No On-Demand patching engine!
      • Scripting is just so darn fun…
  • What Can I Script?
    • Although the WSUS server itself is mostly managed .NET code…
    • … there are 11 COM objects on the client that can be interfaced with VBScript
      • More, if you know COM and VB
    • All are documented in the WSUS SDK.
    • However, for those inexperienced in COM (like me), the WSUS SDK is cryptic at best.
      • (Thank you Don Jones for your help with translation!)
    • There is no central repository of script recipes to steal!
  • What Can I Script?
    • All scriptable interfaces can be found on MSDN:
      • http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wua_sdk/wua/interfaces.asp
    • The ones we can script in VBScript are:
      • Microsoft.Update.AgentInfo
      • Microsoft.Update.AutoUpdate
      • Microsoft.Update.Downloader
      • Microsoft.Update.Installer
      • Microsoft.Update.Searcher
      • Microsoft.Update.ServiceManager
      • Microsoft.Update.Session
      • Microsoft.Update.StringColl
      • Microsoft.Update.SystemInfo
      • Microsoft.Update.UpdateColl
      • Microsoft.Update.WebProxy
  • Remote WUA Client Install
    • This script takes as input a text file with computer names, one per line.
    • This script has no output.
    • When run, the WUA client is installed with the /force switch to force the installation
    • Additionally, BITS 2.0 and WinHTTP 5.1 are installed.
      • These are prerequisites for the next scripts to work properly.
  • Enumerate Installed Patches
    • This script takes as input a text file with computer names, one per line.
    • This script outputs a .CSV file showing each computer and the installed patches on that computer.
    • Useful for auditing and compliance verification.
    • Easy to generate.
  • Enumerate Patches Not Installed
    • This script takes as input a text file with computer names – one per line.
    • This script outputs a .CSV file showing each computer and the patches not installed on that computer.
      • If the computer is connected to a WSUS server, it will show those patches where the Action is set to Install.
      • If the computer is not connected to a WSUS server, it will verify its patch status against WU.
        • … where all patches have Action = “Install”
    • Also easier than GUI tool.
    • Slow.
  • Multi-Machine On-Demand Patching (You Patch Now!)
    • This script takes as input a text file with computer names, one per line.
    • This script outputs a .CSV file showing each patch installed on that computer.
    • The Microsoft.Update.UpdateColl object cannot be remotely created on the client.
      • Thus, the download and install methods won ’t work.
    • So, to fix this, the WSUS-install.vbs script actually launches the WSUS-install-agent.vbs script on each remote computer.
      • Using PSExec! Man, I love PSExec!
    • You can either run WSUS-install-agent.vbs directly on a machine or use WSUS-install.vbs to push it to a list of machines.
  • Match q-Numbers to MS0x-0xx Numbers
    • This script takes no input (but you ’ll need to point it to your WSUS server)
    • This script outputs a .CSV file showing each Security update and the mapping between the knowledgebase article number (the q number) and the Microsoft advisory number (the MS number)
  • This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it within your own organization however you like. For more information on our company, including information on private classes and upcoming conference appearances, please visit our Web site, www.ConcentratedTech.com . For links to newly-posted decks, follow us on Twitter: @concentrateddon or @concentratdgreg This work is copyright ©Concentrated Technology, LLC