вторник, 26 ноября 2019 г.

Windows: CMD-скрипт для настройки на сервер WSUS службы обновлений Windows

Данный скрипт предназначен для быстрого конфигурирования службы обновлений ОС Windows компьютеров, работающих вне домена Active Directory. Перед использованием отредактируйте вносимые в реестр параметры под вашу организацию.

@ECHO OFF
VER |>NUL FIND /v "5." && IF "%~1"=="" (
ECHO CreateObject^("Shell.Application"^).ShellExecute WScript.Arguments^(0^),"1","","runas",1 >"%temp%\Elevating.vbs"
 cscript.exe //nologo "%temp%\Elevating.vbs" "%~f0"& GOTO :EOF
)
DEL /s /q /f "%temp%\Elevating.vbs" > nul 2>&1
ECHO.
ECHO Do you want to configure Windows Update service on your computer for WSUS server?
ECHO.
SET /P AREYOUSURE=Are you sure (Y/[N])?
IF /I "%AREYOUSURE%" NEQ "Y" GOTO :EOF

ECHO.
ECHO 1. Stopping Windows Update Services...
bitsadmin /reset
sc config bits start=disabled
net stop bits
ECHO Checking the Background Intelligent Transfer Service status.
sc query bits | findstr /I /C:"STOPPED"
IF NOT %errorlevel%==0 (
ECHO Failed to stop the Background Intelligent Transfer Service.
sc config bits start=delayed-auto
PAUSE
GOTO :EOF
)
sc config wuauserv start=disabled
net stop wuauserv
ECHO Checking the Windows Update AutoUpdate Service status.
sc query wuauserv | findstr /I /C:"STOPPED"
IF NOT %errorlevel%==0 (
ECHO Failed to stop the Windows Update AutoUpdate Service.
sc config bits start=delayed-auto
sc config wuauserv start=demand
PAUSE
GOTO :EOF
)

ECHO.
ECHO 2. Setup WSUS client settings...
rem Specify intranet Microsoft update service location
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /f /v WUServer /t REG_SZ /d http://wsus.mycompany.com:8530
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /f /v WUStatusServer /t REG_SZ /d http://wsus.mycompany.com:8530
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /f /v UpdateServiceUrlAlternate /t REG_SZ /d ""
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /f /v UseWUServer /t REG_DWORD /d 1
rem Configure Automatic Updates
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /f /v AUOptions /t REG_DWORD /d 4
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /f /v NoAutoUpdate /t REG_DWORD /d 0
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /f /v ScheduledInstallDay /t REG_DWORD /d 0
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /f /v ScheduledInstallEveryWeek /t REG_DWORD /d 1
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /f /v ScheduledInstallTime /t REG_DWORD /d 11
rem Install updates for other Microsoft products
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /f /v AllowMUUpdateService /t REG_DWORD /d 1
rem Turn on recommended updates via Automatic Updates
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /f /v IncludeRecommendedUpdates /t REG_DWORD /d 1
rem Delay Restart for scheduled installations
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /f /v RebootWarningTimeoutEnabled /t REG_DWORD /d 1
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /f /v RebootWarningTimeout /t REG_DWORD /d 30
rem Do not include drivers with Windows Updates
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /f /v ExcludeWUDriversInQualityUpdate /t REG_DWORD /d 1
rem Do not connect to any Windows Update Internet locations
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /f /v DoNotConnectToWindowsUpdateInternetLocations /t REG_DWORD /d 1
rem Allow Automatic Updates immediate installation
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /f /v AutoInstallMinorUpdates /t REG_DWORD /d 1
rem Allow signed updates from an intranet Microsoft update service location
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /f /v AcceptTrustedPublisherCerts /t REG_DWORD /d 1
rem Automatic Updates detection frequency
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /f /v DetectionFrequencyEnabled /t REG_DWORD /d 1
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /f /v DetectionFrequency /t REG_DWORD /d 8
rem Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /f /v NoAUShutdownOption /t REG_DWORD /d 1
rem No auto-restart with logged on users for scheduled automatic updates installations
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /f /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 1
rem Do not allow update defferal policies to cause scans against Windows Update
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /f /v DisableDualScan /t REG_DWORD /d 1

ECHO.
ECHO 3. Starting Windows Update Services...
sc config bits start=delayed-auto
sc config wuauserv start=demand
net start bits
net start wuauserv

ECHO.
ECHO 4. Forcing discovery updates...
wuauclt /detectnow

ECHO.
ECHO Task completed sucessfully! Press any key to exit...
PAUSE >NUL
Автор: на
Ярлыки: ,

Комментариев нет:

Отправить комментарий

Подписаться на: Комментарии к сообщению (Atom)