Open main menu

Automatic Updates

<package
 id="winupdates"
 name="Automatic Updates"
 revision="8"
 reboot="false"
 priority="100">


   <variable name="Mode" value="4" />
   <variable name="ScheduledInstallDay" value="1" />
   <variable name="ScheduledInstallTime" value="23" />


 <check type="logical" condition="or">
   <check type="logical" condition="and">
     <check type="registry" condition="equals" path="HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\AUOptions" value="%Mode%" />
     <check type="registry" condition="equals" path="HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ScheduledInstallDay" value="%ScheduledInstallDay%" />
     <check type="registry" condition="equals" path="HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ScheduledInstallTime" value="%ScheduledInstallTime%" />
   </check>
 </check>

 <install cmd='reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /f' />
 <install cmd='reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v AUOptions /t REG_DWORD /d %Mode% /f' />
 <install cmd='reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v ScheduledInstallDay /t REG_DWORD /d %ScheduledInstallDay% /f' />
 <install cmd='reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v ScheduledInstallTime /t REG_DWORD /d %ScheduledInstallTime% /f' />

 <upgrade cmd='reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /f' />
 <upgrade cmd='reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v AUOptions /t REG_DWORD /d %Mode% /f' />
 <upgrade cmd='reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v ScheduledInstallDay /t REG_DWORD /d %ScheduledInstallDay% /f' />
 <upgrade cmd='reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v ScheduledInstallTime /t REG_DWORD /d %ScheduledInstallTime% /f' />

 <remove  cmd='reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /f' />

</package>

Automatic updates with Unattended

If you deployed Windows workstations using Unattended, you had the opportunity to configure Automatic Updates.

If you didn't do it, or want to change it for some reason (i.e., Microsoft introduced a "patchday", and it makes too great impact on your network and/or workstations), you can use WPKG.

The below setting (auconfig.pl 3) will download updates automatically and notify the user before install. Other choices are possible: 

1 | off         Disable automatic updates
2 | notify      Notify user before download
3 | download    Download automatically; notify user before install
4 | install     Download and install automatically

For more options, see auconfig.pl help. 

<?xml version="1.0" encoding="UTF-8"?>
<packages>
  <package
    id="windowsupdates"
    name="Windows Updates"
    revision="1"
    reboot="false"
    priority="10"
    execute="once">
 
    <install cmd='C:\Perl\bin\perl %SERVER%\unattended\bin\auconfig.pl 3' />
  
    <upgrade cmd='C:\Perl\bin\perl %SERVER%\unattended\bin\auconfig.pl 3' />
 
  </package>
</packages>

Note that you will need Unattended on your server, and Perl on your workstations (it comes by default if you deploy Windows with Unattended).

Automatic updates with vbs

put this in disableupdate.vbs: 

 
'part that disables auto update

Const AU_DISABLED = 1
Set objAutoUpdate = CreateObject("Microsoft.Update.AutoUpdate")
Set objSettings = objAutoUpdate.Settings

objSettings.NotificationLevel = AU_DISABLED
objSettings.Save

' part that creates a file c:\disableupdate.txt to do wpkg install check
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.CreateTextFile("c:\disableupdate.txt")

normal version that runs by increasing wpkg revision number and does check 

<?xml version="1.0" encoding="UTF-8"?>
<packages>
 <package
     id="disableupdate"
     name="disablewindowsupdate"
     revision="1"
     reboot="false"
     priority="2">
 
  <check type="file" condition="exists" path="C:\disableupdate.txt" />
 <install cmd='W:\tools\disableupdate.vbs' />
 
</package>
</packages>


execute once version: 

<?xml version="1.0" encoding="UTF-8"?>
<packages>
 <package
     id="disableupdate"
     name="disablewindowsupdate"
     revision="1"
     execute="once"
     reboot="false"
     priority="2">
 <install cmd='%software%\tools\disableupdate.vbs' />
 
</package>
</packages>
Last modified on 20 February 2012, at 17:42