0

I've looked at a few similar posts however I believe my issue to be different.

I have just finished configuring a 2012 WSUS server whereby servers are configured to use client side targeting via GPO's.

I have opted for the default option - auto download and notify user of updates - as I need to first check that a snapshot has been taken prior to installing the updates on each server.

My plan is to approve updates on the 1st of each month then by the 4th all updates should have downloaded from the WSUS server to clients and a scheduled task will run (over kill on time it will take to distribute updates, I know).

I then plan for the scheduled task to run a script that first kicks off a VMWare snapshot of the server, verifies that the snapshot has successfully been created and then kicks off the updates.

Does this plan seem feasible and if so what would the command be to install downloaded updates from powershell or cmd line?

Z Holt
  • 219
  • 1
  • 6
  • 19
  • Do you want to do this or your other question because there are some big differences – Drifter104 Oct 22 '15 at 11:28
  • From the information that you have given on the other question, I have it currently set up as 5 computer groups only downloading critical, security and definition updates. I'm then going to manually approve the previous months updates so that only those are downloaded by the clients. The reason i don't want to auto approve is because i suspect this will approve all updates not the previous months - correct me if i'm wrong – Z Holt Oct 22 '15 at 11:44
  • Well it will approve all known updates the trick would be to do the approval but then sync to get the newest updates after the approval has run – Drifter104 Oct 22 '15 at 14:01

1 Answers1

1

For the script install of updates part check out the command line tool Wuinstall (http://www.wuinstall.com) - with for example the command wuinstall /download you can just download pending updates without installing and with wuinstall /install you can install downloaded updates (which is what you are searching for I guess)

If you have a WSUS, Wuinstall gets the updates from there, otherwise the Microsoft update site is taken, but you can also do it either way with various command line switches like /bypass_wsus. More details you can find in the documentation.

We use it to push pre-selected updates to our machines at a scheduled time, from a central script in combination with our wsus and psexec. Also works on Virtual Machines.

lfaraone
  • 1,581
  • 2
  • 17
  • 22
user5455430
  • 11
  • 1
  • Can you clarify for me - As I have configured each server with the download but don't install option, does this download the updates locally from the WSUS server once I approve them within WSUS. So if I update on the 1st, by the 3rd/4th they will most likely be on all the servers ready for me to set off the installation? – Z Holt Oct 26 '15 at 14:21
  • Yes, wuinstall /download downloads (but not installs) the approved updates from the local WSUS - with wuinstall /install you can kick of installation whenever you are ready – user5455430 Oct 27 '15 at 08:31