Announcement

Collapse
No announcement yet.

Script to remotely install Windows Updates

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Script to remotely install Windows Updates

    Hi There,

    I'm trying to write a script that remotely installs all existing non-installed Windows Updates on a server. The script I wrote works fine when run on the local machine, but does not work when run remotely or when run against a remote machine.

    I've tried two different methods to install updates remotely:

    1) Run the script against a remote machine. This involves passing the name of the computer to update when creating a Microsoft Update Session object (i.e. Set objUpdateSession = CreateObject("Microsoft.Update.Session", strComputerToUpdate) instead of Set objUpdateSession = CreateObject("Microsoft.Update.Session")). The problem with this method is that an error "unable to write" is generated when trying to create an Update Installer instance (i.e. Set objInstaller = objUpdateSession.CreateUpdateInstaller()).

    2) Copy the script to the machine and execute it remotely using psexec. The problem with this method is the same as above (i.e. an error "unable to write" is generated when trying to create an Update Installer instance at Set objInstaller = objUpdateSession.CreateUpdateInstaller()).

    This reeks of being a permissions problem, but when I check the remote machine it looks like the script/process is being run under my user account, which has Administrator rights.

    I'm sure that this topic has been covered time and time again, but I can't seem to be able to find a solution out there on the net. Does anybody have any ideas?

  • #2
    Re: Script to remotely install Windows Updates

    Could you post the whole script (as a text file)?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Script to remotely install Windows Updates

      Sure thing. *posted*
      Attached Files

      Comment


      • #4
        Re: Script to remotely install Windows Updates

        Mostlikey on the remote machines inbound network traffic using dynamic port ranges ('Dynamic RPC') is blocked by the firewall.

        On the target computer: When an incoming request from a remote computer is received by the RPC Endpoint Mapper service on port 135, the service assigns a dynamic port number to the request and replies to the remote computer by using that number (WinXP/2k3 uses the port range of 1024-65535 and WinVista/2k8 uses the port range of 49152-65535).

        If this is the case, consider using one of following two workarounds:
        - Use a GPO to disable the firewall on the target remote computers
        - Or, Restrict the RPC dynamic port ranges on the target remote computers


        Alternatively,
        When using PSEXEC to run the script remotely, leave "strComputerToUpdate" Empty.
        Set objUpdateSession = CreateObject("Microsoft.Update.Session")


        \Rems
        Last edited by Rems; 21st April 2010, 13:01.

        This posting is provided "AS IS" with no warranties, and confers no rights.

        __________________

        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts

        Comment


        • #5
          Re: Script to remotely install Windows Updates

          Thank you for your replies.

          > Mostlikey on the remote machines inbound network traffic using dynamic
          > port ranges ('Dynamic RPC') is blocked by the firewall.

          Sorry, I didn't give enough information. The computer that I am trying to update remotely is a Windows 2k3 R2 server, and it does not have any sort of firewall enabled. (For that matter, it does not have any IP security policy enabled, and there is no firewall between the server and the computer I am running the VB script from.)

          > Or, Restrict the RPC dynamic port ranges on the target remote computers

          I actually had already seen the link you provided but maybe I did not read it closely enough. It seems that the original poster set up the update installation script at a scheduled task and then ran the task remotely via a script? That seems like an awfully round-about way of doing things, but perhaps there is no alternative?

          > Alternatively, When using PSEXEC to run the script remotely, leave
          > "strComputerToUpdate" Empty.
          > Set objUpdateSession = CreateObject("Microsoft.Update.Session")

          That is actually what I've been doing. The error I receive is the same as I mentioned before: "unable to write" when trying to create an Update Installer instance with CreateUpdateInstaller().

          Comment


          • #6
            Re: Script to remotely install Windows Updates

            Okay, I checked out the script at the link you provided more closely. It looks like that the script creates a different script to install Windows updates that is then run as a one time scheduled task on the remote server. This is not a desirable method because there is no way to detect when the update installation has completed (i.e. so that the person running the script can be prompted as to whether or not they want to reboot the remote machine) or if any errors were generated during the installation.

            Back to my script: so what is the deal with the "unable to write" error being thrown during CreateUpdateInstaller()?

            Comment


            • #7
              Re: Script to remotely install Windows Updates

              No ideas at all?

              Comment


              • #8
                Re: Script to remotely install Windows Updates

                Please do not bounce your posts -- 22 hours is a reasonable time to wait for a response -- members have other lives outside these forums
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: Script to remotely install Windows Updates

                  ...But I waited 22 hours? (Okay, 21 1/2 hours). Is that bad? In any case, I did not mean to offend.

                  Comment


                  • #10
                    Re: Script to remotely install Windows Updates

                    Originally posted by grittyminder View Post
                    Okay, I checked out the script at the link you provided more closely. It looks like that the script creates a different script to install Windows updates that is then run as a one time scheduled task on the remote server. This is not a desirable method because there is no way to detect when the update installation has completed (i.e. so that the person running the script can be prompted as to whether or not they want to reboot the remote machine) or if any errors were generated during the installation.

                    Back to my script: so what is the deal with the "unable to write" error being thrown during CreateUpdateInstaller()?
                    In that case, I would suggest using WSUS. You can check the status of updates on computers, and whether they have failed or not, need a reboot, etc.

                    Comment


                    • #11
                      Re: Script to remotely install Windows Updates

                      Ah, but I am already using WSUS. I have updates scheduled to be installed automatically at a specific date/time for clients, but manually for servers because I need more flexibility in terms of when the server should be rebooted. Isn't it frowned upon to install updates automatically on servers anyways?

                      Comment


                      • #12
                        Re: Script to remotely install Windows Updates

                        How many servers do you have?
                        I just remote in and install the updates
                        Tom Jones
                        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                        PhD, MSc, FIAP, MIITT
                        IT Trainer / Consultant
                        Ossian Ltd
                        Scotland

                        ** Remember to give credit where credit is due and leave reputation points where appropriate **

                        Comment


                        • #13
                          Re: Script to remotely install Windows Updates

                          Originally posted by grittyminder View Post
                          Ah, but I am already using WSUS. I have updates scheduled to be installed automatically at a specific date/time for clients, but manually for servers because I need more flexibility in terms of when the server should be rebooted. Isn't it frowned upon to install updates automatically on servers anyways?
                          Yes you normally do not want to automatically install updates on servers and have them reboot...but that's not what you were asking. You can still have the updates install with the script, and schedule them to reboot a little while after.

                          But to be honest, what you are trying to automate is a double edged sword. I've also tried what you are doing...and you can force the updates on a remote server, but like you said you need to make sure the updates completed successfully. And almost every time you have to reboot the server, then you have to make sure the server comes back up =)

                          To me it's not worth the trouble of not "really" knowing if it has worked or not...so the processes of doing it manually does suck, but in a production environment I'd rather keep my job =)

                          Comment


                          • #14
                            Re: Script to remotely install Windows Updates

                            > Yes you normally do not want to automatically install updates on servers and
                            > have them reboot...but that's not what you were asking.

                            Alright, let me elaborate a bit on what I was thinking or maybe change my question around a bit. I had this idea in my head about an awesome script that would do the following:

                            1) Show all the updates available for installation on a remote server defined in a list in a text file.
                            2) Prompt the person running the script as to whether or not they want to install the listed updates. Proceed if 'Y' is selected.
                            3) Install the updates on the remote server. (While the updates are being installed on the server I perform a series of tests on the server for which updates were just installed--if applicable--to verify that all server services/functions are working properly). If an error is detected generate a message alerting the user.
                            4) Prompt the person running the script as to whether or not they want to reboot the server. Proceed if 'Y' is selected.
                            5) Reboot the server.
                            6) Repeat steps 1-5 for the next server defined in the text file.

                            I wrote a script that can do all of the above if run locally. However, when run remotely I get the error I described in previous posts.

                            > But to be honest, what you are trying to automate is a double edged sword.
                            > I've also tried what you are doing...and you can force the updates on a
                            > remote server, but like you said you need to make sure the updates
                            > completed successfully. And almost every time you have to reboot the
                            > server, then you have to make sure the server comes back up =)

                            Yes, everything you just mentioned is very important stuff. That's why the script I wrote will wait until the installation process is completed and displays the result code to the user.

                            Oh, any all my servers are virtual, so I always roll back a server snapshot if things really go to hell.

                            > To me it's not worth the trouble of not "really" knowing if it has worked or
                            > not...so the processes of doing it manually does suck, but in a production
                            > environment I'd rather keep my job =)

                            Yes, I agree with you. Which is why if I an unable resolve the error I mentioned previously, I probably will end up doing the entire process manually. But why is the error being generated, and is there no way to resolve it? :/

                            Comment


                            • #15
                              Re: Script to remotely install Windows Updates

                              Originally posted by grittyminder View Post
                              >
                              Yes, I agree with you. Which is why if I an unable resolve the error I mentioned previously, I probably will end up doing the entire process manually. But why is the error being generated, and is there no way to resolve it? :/
                              I do not know why it doesn't work...I have never gotten that method to work. Other than the workarounds Rems and I have already listed, I don't know any other way to do it remotely.

                              Comment

                              Working...
                              X