locked
Manually install WSUS updates in script RRS feed

  • Question

  • Hi All,

    I am looking at creating a script that will take a snapshot of our virtual machines before installing downloaded WSUS updates.

    I'm knew to WSUS so would like the following clarified:

    1) I have added computers into WSUS groups via client side targeting set in a GPO which also sets updates to be downloaded but not installed - If i approve updates in WSUS, do these approved updates automatically download to the computers (over the next 24 hours) or do I need to do anything else to download the files to each computer?

    2) If so, what would be the command to use in a script to then install the downloaded updates from a script?

    REgards

    Monday, October 26, 2015 2:51 PM

Answers

  • You cannot push install updates with WSUS only.

    Push installation of updates is possible with System Center Configuration Manager.

    • Proposed as answer by Steven_Lee0510 Wednesday, October 28, 2015 6:07 AM
    • Marked as answer by Steven_Lee0510 Monday, November 9, 2015 7:59 AM
    Monday, October 26, 2015 2:56 PM
  • if you create a set time for installing updates, such as every saturday at 3AM, WSUS will install all the necessary updates and reboot the systems

    regarding snapshots, that has nothing to do with wsus

    if you want snapshots, you will have to create a script or job in hyper-v or vmware or whatever hypervisor you're using to snap your systems at let's say 2AM before the patching is set to begin

    you will probably also need another script to delete the snapshots after you have verified everything

    • Proposed as answer by Steven_Lee0510 Wednesday, October 28, 2015 6:06 AM
    • Marked as answer by Steven_Lee0510 Monday, November 9, 2015 7:59 AM
    Tuesday, October 27, 2015 1:23 PM

All replies

  • You cannot push install updates with WSUS only.

    Push installation of updates is possible with System Center Configuration Manager.

    • Proposed as answer by Steven_Lee0510 Wednesday, October 28, 2015 6:07 AM
    • Marked as answer by Steven_Lee0510 Monday, November 9, 2015 7:59 AM
    Monday, October 26, 2015 2:56 PM
  • if you create a set time for installing updates, such as every saturday at 3AM, WSUS will install all the necessary updates and reboot the systems

    regarding snapshots, that has nothing to do with wsus

    if you want snapshots, you will have to create a script or job in hyper-v or vmware or whatever hypervisor you're using to snap your systems at let's say 2AM before the patching is set to begin

    you will probably also need another script to delete the snapshots after you have verified everything

    • Proposed as answer by Steven_Lee0510 Wednesday, October 28, 2015 6:06 AM
    • Marked as answer by Steven_Lee0510 Monday, November 9, 2015 7:59 AM
    Tuesday, October 27, 2015 1:23 PM
  • Hi,

    >> If i approve updates in WSUS, do these approved updates automatically download to the computers (over the next 24 hours) or do I need to do anything else to download the files to each computer?

    WSUS doesn't push the updates. WSUS provides a internal site which allows clients to pull the updates from it. Therefore, the installation behavior depends on the AU settings of client. And this setting is also able to be controlled by group policy.

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, October 28, 2015 6:11 AM