Se abbiamo un server WSUS e vogliamo installare a nostro piacimento le
patch sui client sopprimendo il relativo restart dei pc possiamo usare
lo script seguente combinato con a monte psexec ed un
.vbs principale che esegui il patching ad un ora stabilita su un
insieme di client anche questo stabilito a priori.
Ecco la sintassi per lanciare lo script con PSEXEC (da me testata)
psexec \\nome_wks -i cscript.exe /nologo \\192.168.x.x\share\nome_script.vbs
Un prodotto similare è WuInstall:
Questo prodotto ha una sua versione gratuita ed una a pagamento.
Tale programma può essere eseguito su macchine remote con il seguente comando:
psexec \\server -c -s
-u domain\administrator -p password \\share\path_to_wuinstall\WUInstall.exe /search
- \\server → the remote Windows machine
- \\share\path_to_wuinstall\ → path to WuInstall executable
- -u domain\administrator → local admin oder domain admin user on the machine \\server
- -p password → password of the user
- -c → copies WuInstall on the remote system
Di seguito il relativo prezzo:
- up to 150 points: USD 390 – WuInstall PRO Basic
- 151 to 500 points: USD 590 – WuInstall PRO Small
- 501 to 1000 points: USD 990 – WuInstall PRO Medium
- 1001 to 2000 points: USD 1.790 – WuInstall PRO Large
- more than points: USD 2.990 – WuInstall PRO Unlimited
Si tratta di cifre abbordabilissime per le realtà aziendali, con il grosso beneficio di avere tutti i client patchati.
Esiste anche una versione FREE di WuInstall 1.1 il cui link di download è il seguente:
| WuInstall 1.1 | download |
WuInstall enforces Windows updates and makes the entire updating
process user friendly. The basic version WuInstall 1.1. is freeware.
Basic functions
- Searching for updates:
/search → lists all update which are available. It either searches on the Windows Update Server in the Internet, or, if configured, on your WSUS. It has no impact on your system at all, it just does a search ans lists what was found. - download updates:
/download → does the same search as WuInstall /search and then downloads the updates which were found. WuInstall itself does not download anything, but it triggers the Microsoft Windwos Update Engine, which downloads the updates - install updates:
/install → searches the updates, downloads them (if they have not already been downloaded by a previous wuInstall /download command) and then installs them
New features in version 1.1:
- /reboot [nseconds] possible in combination with other parameters, reboot is done after executing WuInstall with a delay of nseconds (default: 10) seconds
- /criteria "query string" → searches for updates, which match the query string. For query strings see MSDN. The default criteria is "IsInstalled=0 and Type='Software'".
- /match "search string" → searches for updates which match the search string (no regular expressions posible so far!)
All commands: WuInstall on one Page (PDF)
Further information: WuInstall Documentation
Further information: WuInstall Documentation
Per approfondire psexec visionare i seguenti due articoli del blog:
[update 16 maggio 2012]
Esiste anche la versione di script in Power Shell:
http://blogs.technet.com/b/heyscriptingguy/archive/2009/03/11/how-can-i-search-for-download-and-install-an-update.aspx
Questa permette di installare le patch, cercarle ed installarle
