Running wnidows update client via command line, in batch mode, etc?

[Colin Odden]

I'm doing RIS builds of Windows 2000 machines in public IP space. We've got
an SUS server on our LAN. Desktops are built with sp3 or sp4 in the image,
but getting patches at build-time is tricky. What are you (gentle reader)
using?

The most attractive method seemed to me something like this: In the .sif
file, add something like this to [GuiRunOnce]:

[GuiRunOnce]
command0=wuauclt.exe http://urlofsusserver /patchnow

.... or something like that. However, I can't tell whether this is possible.

Any suggestions / ideas for patching machines within the first 5-10 minutes
after that first reboot during RIS?

True, I could slipstream patches into the image, but we've got more than ten
different images and the process of slipstreaming is less automated than I
prefer.

Many thanks.
Colin Odden

 

[Oli Restorick [MVP]]

I would like to see some /patchnow functionality. Even more so, I'd like a
way of firewalling the network connection to just the SUS server until the
machine is fully-patched.

Anyway, the way I do this is to pre-populate the registry keys for Automatic
Updates such that the machine thinks it has missed an update. It will then
go and get the patches within the period you specify. If you drop this
period to 1 minute, you're pretty much there.

I don't have my exact script to hand, but I can post it for you tomorrow.
Basically, what you want to do is to set the settings by group policy on
just one machine and then export the keys. The date that gets recorded will
be in the past for all future builds, so the automatic updates client will
think it's time to go off to SUS to get patched.

Cheers

Oli