edwin3333
June 5th, 2008, 01:54 PM
The power of the Nod32 scheduler;
I have remote machines that I am somewhat responsible for. Some I don't have a way to remote into due to their location, firewall settings, etc.
I have about 40 machines that should be using my LAN WSUS server, but due to the site to site communications I can't manage these settings on them as I would most sites.
So Nod32 scheduler along with the RA communications comes to the rescue. What I do is create several new scheduled items to run. I can set these to run once, or at system startup, or other times.
The key is the parameters. The three parameters for the first setting should look like this;
%comspec%
c:\
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 1 /f
Now what you want to do is add all these that way;
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 1 /f
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoUpdate /t REG_DWORD /d 0 /f
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AUOptions /t REG_DWORD /d 4 /f
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v ScheduledInstallDay /t REG_DWORD /d 0 /f
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v ScheduledInstallTime /t REG_DWORD /d 1 /f
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v RescheduleWaitTime /t REG_DWORD /d 60 /f
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v UseWUServer /t REG_DWORD /d 1 /f
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /v WUServer /d "http://wsus.yourserver.com:8080" /f
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /v WUStatusServer /d "http://wsus.yourserver.com:8080" /f
Of course, replace the wsus server http://wsus.yourserver.com:8080 with your settings. As well as the rest.
It does take a restart of Automatic Updates to get this change in effect. You need to also do
/c net stop "Automatic Updates"
/c net start "Automatic Updates"
and
/c wuauclt.exe /resetauthorization /detectnow
I'm not sure at this point how to sequence these tasks so they run in the order I want. If this runs out of order, your station may not show up into WSUS until the person reboots.
A sample XML file is below. Be sure to modify the WSUS server to be yours.
200467
I have remote machines that I am somewhat responsible for. Some I don't have a way to remote into due to their location, firewall settings, etc.
I have about 40 machines that should be using my LAN WSUS server, but due to the site to site communications I can't manage these settings on them as I would most sites.
So Nod32 scheduler along with the RA communications comes to the rescue. What I do is create several new scheduled items to run. I can set these to run once, or at system startup, or other times.
The key is the parameters. The three parameters for the first setting should look like this;
%comspec%
c:\
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 1 /f
Now what you want to do is add all these that way;
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 1 /f
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoUpdate /t REG_DWORD /d 0 /f
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AUOptions /t REG_DWORD /d 4 /f
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v ScheduledInstallDay /t REG_DWORD /d 0 /f
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v ScheduledInstallTime /t REG_DWORD /d 1 /f
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v RescheduleWaitTime /t REG_DWORD /d 60 /f
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v UseWUServer /t REG_DWORD /d 1 /f
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /v WUServer /d "http://wsus.yourserver.com:8080" /f
/c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /v WUStatusServer /d "http://wsus.yourserver.com:8080" /f
Of course, replace the wsus server http://wsus.yourserver.com:8080 with your settings. As well as the rest.
It does take a restart of Automatic Updates to get this change in effect. You need to also do
/c net stop "Automatic Updates"
/c net start "Automatic Updates"
and
/c wuauclt.exe /resetauthorization /detectnow
I'm not sure at this point how to sequence these tasks so they run in the order I want. If this runs out of order, your station may not show up into WSUS until the person reboots.
A sample XML file is below. Be sure to modify the WSUS server to be yours.
200467