IT guys constantly ask me, “Is there a way to use WSUS to patch a computer immediately?” They’re tired of waiting for WSUS time-based updates. They want immediate control over when computers get patched, especially with servers.
There is a way, although it’s not exposed within the WSUS GUI. WSUS also has scripting exposure through an API. Using that API and your favorite scripting language, you can instruct any client’s Windows Update Agent to gather and install approved updates from the WSUS server. The agent will even reboot the computer immediately if updates require a reboot for installation.
The hard part is in constructing a script that’ll accomplish the task. You’ll find two scripts at concentratedtech.com/download. The first executes on the computer needing updates. It will download approved updates, install them and reboot the computer if necessary. The second uses the nifty Microsoft tool PSExec to remotely launch the first script on multiple computers across your network.
These two scripts come in handy for patching servers. You can tell your servers to patch and reboot themselves immediately, without having to wait around for the WSUS clock-on-the-wall timer to begin.
There is a way, although it’s not exposed within the WSUS GUI. WSUS also has scripting exposure through an API. Using that API and your favorite scripting language, you can instruct any client’s Windows Update Agent to gather and install approved updates from the WSUS server. The agent will even reboot the computer immediately if updates require a reboot for installation.
The hard part is in constructing a script that’ll accomplish the task. You’ll find two scripts at concentratedtech.com/download. The first executes on the computer needing updates. It will download approved updates, install them and reboot the computer if necessary. The second uses the nifty Microsoft tool PSExec to remotely launch the first script on multiple computers across your network.
These two scripts come in handy for patching servers. You can tell your servers to patch and reboot themselves immediately, without having to wait around for the WSUS clock-on-the-wall timer to begin.
0 comments:
Post a Comment