wsus sample scripts
DESCRIPTION
TRANSCRIPT
WSUS Sample Scripts
• These scripts were originally developed for WSUS 3.0, and have been lingering around my script quiver for years.
• They’re yours to use, but are offered with no warranties, express or implied
• Use at your own risk!– Because, well, I have to say that…
1
This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it
within your own organization however you like.
For more information on our company, including information on private classes and upcoming conference appearances, please
visit our Web site, www.ConcentratedTech.com.
For links to newly-posted decks, follow us on Twitter:@concentrateddon or @concentratdgreg
This work is copyright ©Concentrated Technology, LLC
3
So, why scripting?
• There’s a lot you can do with WSUS and the GUI console, but sometimes you have very specific needs.– The WSUS GUI is slow– Exporting compliance data isn’t often user-friendly– Some items not available or easy in the GUI– No On-Demand patching engine!– Scripting is just so darn fun…
4
What Can I Script?
• Although the WSUS server itself is mostly managed .NET code…
• …there are 11 COM objects on the client that can be interfaced with VBScript– More, if you know COM and VB
• All are documented in the WSUS SDK.
• However, for those inexperienced in COM (like me), the WSUS SDK is cryptic at best.– (Thank you Don Jones for your help with translation!)
• There is no central repository of script recipes to steal!
5
What Can I Script?
• All scriptable interfaces can be found on MSDN:– http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wua_sdk
/wua/interfaces.asp• The ones we can script in VBScript are:
– Microsoft.Update.AgentInfo– Microsoft.Update.AutoUpdate– Microsoft.Update.Downloader– Microsoft.Update.Installer– Microsoft.Update.Searcher– Microsoft.Update.ServiceManager– Microsoft.Update.Session– Microsoft.Update.StringColl– Microsoft.Update.SystemInfo– Microsoft.Update.UpdateColl– Microsoft.Update.WebProxy
6
Remote WUA Client Install
• This script takes as input a text file with computer names, one per line.
• This script has no output.
• When run, the WUA client is installed with the /force switch to force the installation
• Additionally, BITS 2.0 and WinHTTP 5.1 are installed.– These are prerequisites for the next scripts to work properly.
8
Enumerate Installed Patches
• This script takes as input a text file with computer names, one per line.
• This script outputs a .CSV file showing each computer and the installed patches on that computer.
• Useful for auditing and compliance verification.• Easy to generate.
10
Enumerate Patches Not Installed
• This script takes as input a text file with computer names – one per line.
• This script outputs a .CSV file showing each computer and the patches not installed on that computer.– If the computer is connected to a WSUS server, it will show
those patches where the Action is set to Install.– If the computer is not connected to a WSUS server, it will verify
its patch status against WU.• …where all patches have Action = “Install”
• Also easier than GUI tool.• Slow.
12
Multi-Machine On-Demand Patching(You Patch Now!)
• This script takes as input a text file with computer names, one per line.
• This script outputs a .CSV file showing each patch installed on that computer.
• The Microsoft.Update.UpdateColl object cannot be remotely created on the client.– Thus, the download and install methods won’t work.
• So, to fix this, the WSUS-install.vbs script actually launches the WSUS-install-agent.vbs script on each remote computer.– Using PSExec! Man, I love PSExec!
• You can either run WSUS-install-agent.vbs directly on a machine or use WSUS-install.vbs to push it to a list of machines.
15
Match q-Numbers to MS0x-0xx Numbers
• This script takes no input (but you’ll need to point it to your WSUS server)
• This script outputs a .CSV file showing each Security update and the mapping between the knowledgebase article number (the q number) and the Microsoft advisory number (the MS number)
This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it
within your own organization however you like.
For more information on our company, including information on private classes and upcoming conference appearances, please
visit our Web site, www.ConcentratedTech.com.
For links to newly-posted decks, follow us on Twitter:@concentrateddon or @concentratdgreg
This work is copyright ©Concentrated Technology, LLC