Commandes pour le patching automatisé WSUS

pansemant, patch, sécurité

Information pour les clients Windows lié à votre serveur de mise à jour WSUS

 

Voici les commandes de bases pour le diagnostique de mise à jour des postes Windows

wuauclt /detectnow
wuauclt /updatenow
wuauclt.exe /resetauthorization /detectnow
net stop wuauserv
Supprimer la clé SusClientId
redémarrer le service si necessaire

wuauclt /reportnow.

%WinDir%\WindowsUpdate.log

PsExec.exe @MyListFile.txt -d wuauclt /reportnow
https://support.microsoft.com/en-us/help/971058/how-do-i-reset-windows-update-components

 

Microsoft uses the following Critical update

Definition: A widely released fix for a specific problem that addresses a critical, non-security-related bug.update mise à jour horloge

      • Definition updateDefinition: A widely released and frequent software update that contains additions to a product’s definition database. Definition databases are often used to detect objects that have specific attributes, such as malicious code, phishing websites, or junk mail.
      • DriverDefinition: Software that controls the input and output of a device.
      • Feature packDefinition: New product functionality that is first distributed outside the context of a product release and that is typically included in the next full product release.
      • Security updateDefinition: A widely released fix for a product-specific, security-related vulnerability. Security vulnerabilities are rated by their severity. The severity rating is indicated in the Microsoft security bulletin as critical, important, moderate, or low.Additional information: Microsoft security updates are available for customers to download and are accompanied by two documents: a security bulletin and a Microsoft Knowledge Base article. For more information about the format of Microsoft Knowledge Base articles for Microsoft security updates, click the following article number to view the article in the Microsoft Knowledge Base:
      • 824689 Description of the format of Microsoft Knowledge Base articles for Microsoft Security Updates
      • Service packDefinition: A tested, cumulative set of all hotfixes, security updates, critical updates, and updates. Additionally, service packs may contain additional fixes for problems that are found internally since the release of the product. Service packs my also contain a limited number of customer-requested design changes or features.
      • ToolDefinition: A utility or feature that helps complete a task or set of tasks.
      • UpdateDefinition: A widely released fix for a specific problem. An update addresses a noncritical, non-security-related bug.
      • Update rollupDefinition: A tested, cumulative set of hotfixes, security updates, critical updates, and updates that are packaged together for easy deployment. A rollup generally targets a specific area, such as security, or a component of a product, such as Internet Information Services (IIS).
      • Security-only updateDefinition: An update that collects all the new security updates for a given month and for a given product, addressing security-related vulnerabilities and distributed through Windows Server Update Services (WSUS), System Center Configuration Manager and Microsoft Update Catalog. Security vulnerabilities are rated by their severity. The severity rating is indicated in the Microsoft security bulletin as critical, important, moderate, or low. This Security-only update would be displayed under the title Security Only Quality Update when you download or install the update and will be classified as an « Important » update.
      • Monthly RollupDefinition: A tested, cumulative set of updates. They include both security and reliability updates that are packaged together and distributed over Windows Update, WSUS, System Center Configuration Manager and Microsoft Update Catalog for easy deployment. The Monthly Rollup is product specific, addresses both new security issues and nonsecurity issues in a single update and will proactively include updates that were released in the past. Security vulnerabilities are rated by their severity. The severity rating is indicated in the Microsoft security bulletin as critical, important, moderate, or low. This Monthly Rollup would be displayed under the title Security Monthly Quality Rollup when you download or install. This Monthly Rollup will be classified as an « Important » update on Windows Update and will automatically download and install if your Windows Update settings are configured to automatically download and install Important updates.
      • Preview of Monthly RollupDefinition: A tested, cumulative set of new updates that are packaged together and distributed over Windows Update, WSUS, System Center Configuration Manager and Microsoft Update Catalog ahead of the release of the next Monthly Rollup for customers to proactively download, test and provide feedback. The Preview of Monthly Rollup is product specific and addresses new non-security updates, and includes fixes from the latest Monthly Rollup. This Preview of Monthly Rollup would be displayed under the title Preview of Monthly Quality Rollup when you download or install and will be classified as an « Optional » update.

fingerprint sécurité

 

Script 1 commandes de base pour relancer le client vers WSUS

Lancez ses commandes pour forcer le client WU (Windows Update) à se connecter au WSUS, pour envoyer ses dernières informations, récupérer la liste des patchs restant à  installer et commencer l’installation.

 

wuauclt /reportnow
wuauclt /detectnow
wuauclt /Installnow


Script 2 Reset du client 

Le script ci dessous permet de réinitialiser le client si le premier script n’a pas suffit.

net stop wuauserv
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientIDValidation /f
net start wuauserv
wuauclt.exe /resetauthorization /detectnow
pause

 

 

Script 3 nettoyer entièrement la configuration WU client

Le script suviant est le dernier et nécessite un reboot puis une attente d’une demi journée minimum pour l’enregistrement au WSUS et la récupération de la configuration et des lots de patch à installer.

 

@echo off
cls
@echo Please read:
@echo -----------------------------------------
@echo:
@echo This totally resets all of your Windows Update Agent settings.
@echo:
@echo Many times, the computer will do a full reset and will not be able to
@echo install updates for the rest of the day. This is so that the server
@echo does not get overutilized because of the reset.
@echo:
@echo If you don't receive any updates after this script runs, please
@echo wait until tomorrow.
@echo:
@echo Re-running this script will reset the PC again and it will have
@echo to wait again.
@echo:
PING 1.1.1.1 -n 1 -w 30000 >NUL
cls
net stop bits
cls
net stop wuauserv
cls
regsvr32 /u wuaueng.dll /s
cls
@echo Deleting AU cache...
del /f /s /q %windir%\SoftwareDistribution\*.* del /f /s /q %windir%\windowsupdate.log
cls
@echo Registering DLLs...
regsvr32 wuaueng.dll /s
REGSVR32 MSXML.DLL /s
REGSVR32 MSXML2.DLL /s
REGSVR32 MSXML3.DLL /s
regsvr32.exe %windir%\system32\wups2.dll /s
regsvr32.exe %windir%\system32\wuaueng1.dll /s
regsvr32.exe %windir%\system32\wuaueng.dll /s
regsvr32.exe %windir%\system32\wuapi.dll /s
%windir%\system32\regsvr32.exe /s %windir%\system32\atl.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\jscript.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\msxml3.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\softpub.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuapi.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuaueng.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuaueng1.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wucltui.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wups.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuweb.dll
cls
@Cleaning registry...
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
cls
net start bits
cls
net start wuauserv
cls
@echo Checking in...
@echo:
@echo It's possible the server will not release the updates in
@echo just one session, so it's ok if this script does not immediately
@echo install updates.
@echo:
@echo This is due to the full reset on this PC. Just let it be for a few
@echo hours and updates should resume as normal.
wuauclt.exe /resetauthorization /detectnow
PING 1.1.1.1 -n 1 -w 30000 >NUL
cls
@echo Script has completed. Please restart your PC.
@echo:
PING 1.1.1.1 -n 1 -w 30000 >NUL
exit

 

 

logo2 itconsult

Laisser un commentaire