Automatic Updates

From WPKG | Open Source Software Deployment and Distribution
Jump to: navigation, search
<package
 id="winupdates"
 name="Automatic Updates"
 revision="8"
 reboot="false"
 priority="100">


   <variable name="Mode" value="4" />
   <variable name="ScheduledInstallDay" value="1" />
   <variable name="ScheduledInstallTime" value="23" />


 <check type="logical" condition="or">
   <check type="logical" condition="and">
     <check type="registry" condition="equals" path="HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\AUOptions" value="%Mode%" />
     <check type="registry" condition="equals" path="HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ScheduledInstallDay" value="%ScheduledInstallDay%" />
     <check type="registry" condition="equals" path="HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ScheduledInstallTime" value="%ScheduledInstallTime%" />
   </check>
 </check>

 <install cmd='reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /f' />
 <install cmd='reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v AUOptions /t REG_DWORD /d %Mode% /f' />
 <install cmd='reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v ScheduledInstallDay /t REG_DWORD /d %ScheduledInstallDay% /f' />
 <install cmd='reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v ScheduledInstallTime /t REG_DWORD /d %ScheduledInstallTime% /f' />

 <upgrade cmd='reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /f' />
 <upgrade cmd='reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v AUOptions /t REG_DWORD /d %Mode% /f' />
 <upgrade cmd='reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v ScheduledInstallDay /t REG_DWORD /d %ScheduledInstallDay% /f' />
 <upgrade cmd='reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v ScheduledInstallTime /t REG_DWORD /d %ScheduledInstallTime% /f' />

 <remove  cmd='reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /f' />

</package>

Automatic updates with Unattended[edit]

If you deployed Windows workstations using Unattended, you had the opportunity to configure Automatic Updates.

If you didn't do it, or want to change it for some reason (i.e., Microsoft introduced a "patchday", and it makes too great impact on your network and/or workstations), you can use WPKG.

The below setting (auconfig.pl 3) will download updates automatically and notify the user before install. Other choices are possible:

1 | off         Disable automatic updates
2 | notify      Notify user before download
3 | download    Download automatically; notify user before install
4 | install     Download and install automatically

For more options, see auconfig.pl help.

<?xml version="1.0" encoding="UTF-8"?>
<packages>
  <package
    id="windowsupdates"
    name="Windows Updates"
    revision="1"
    reboot="false"
    priority="10"
    execute="once">
 
    <install cmd='C:\Perl\bin\perl %SERVER%\unattended\bin\auconfig.pl 3' />
  
    <upgrade cmd='C:\Perl\bin\perl %SERVER%\unattended\bin\auconfig.pl 3' />
 
  </package>
</packages>

Note that you will need Unattended on your server, and Perl on your workstations (it comes by default if you deploy Windows with Unattended).

Automatic updates with vbs[edit]

put this in disableupdate.vbs:

 
'part that disables auto update

Const AU_DISABLED = 1
Set objAutoUpdate = CreateObject("Microsoft.Update.AutoUpdate")
Set objSettings = objAutoUpdate.Settings

objSettings.NotificationLevel = AU_DISABLED
objSettings.Save

' part that creates a file c:\disableupdate.txt to do wpkg install check
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.CreateTextFile("c:\disableupdate.txt")

normal version that runs by increasing wpkg revision number and does check

<?xml version="1.0" encoding="UTF-8"?>
<packages>
 <package
     id="disableupdate"
     name="disablewindowsupdate"
     revision="1"
     reboot="false"
     priority="2">
 
  <check type="file" condition="exists" path="C:\disableupdate.txt" />
 <install cmd='W:\tools\disableupdate.vbs' />
 
</package>
</packages>


execute once version:

<?xml version="1.0" encoding="UTF-8"?>
<packages>
 <package
     id="disableupdate"
     name="disablewindowsupdate"
     revision="1"
     execute="once"
     reboot="false"
     priority="2">
 <install cmd='%software%\tools\disableupdate.vbs' />
 
</package>
</packages>