[Unattended] Shared repository with WSUS Offline Update?

Discussion:

Sean M. Pappalardo

2011-07-28 21:25:59 UTC

Hello again.

I also use WSUS Offline Update (http://download.wsusoffline.net/) which
is basically a complex scripting system to download all of the Windows,
Office, etc. updates for use offline or over a network. I was wondering
if it would be possible to combine the repositories of this program and
Unattended? (This way, the stuff need only be stored in one place but
could be used for new installs as well as maintenance.) WSUS Offline can
store its items on a Linux server via Samba (that's what I do,) so
that's not a limitation.

Let me know what you all think.

Sincerely,
Sean M. Pappalardo
Sr. Networks Engineer
Renegade Technologies
***@renegadetech.com
Office: (630) 631-6188
http://www.renegadetech.com

<<--------------------------------------------------------------------------------->>
This E-Mail message has been scanned for viruses & content
and cleared by >>smaRTmail<< from Renegade Technologies
http://www.renegadetech.com/
<<--------------------------------------------------------------------------------->>

Juanjo Pablos

2011-07-30 09:53:30 UTC

Permalink

Post by Sean M. Pappalardo
I also use WSUS Offline Update (http://download.wsusoffline.net/) which
is basically a complex scripting system to download all of the Windows,
Office, etc. updates for use offline or over a network. I was wondering
if it would be possible to combine the repositories of this program and
Unattended? (This way, the stuff need only be stored in one place but
could be used for new installs as well as maintenance.) WSUS Offline can
store its items on a Linux server via Samba (that's what I do,) so
that's not a limitation.
Let me know what you all think.

I think that maybe they take some work out from us as they update, that
is the only benefit that we get.

Pierre Bourgin

2011-08-23 05:39:21 UTC

Permalink

Post by Sean M. Pappalardo
Hello again.

Hello,

I also use a lot WSUSOffline for Windows patches, DotNet,
InternetExplorer 8, Office patches and co.

In order to not duplicate storage of patches, I've simply removed the
updates patches provided by Unattended.

"It's working fine for me" ;-)
See my scripts below.

Integrate WSUSOffline into Unattended code could be possible.
But it also means to be abble to call the update of WSUSOffline from the
usual scripts dedicated to this task in Unattended ...

my Unattended base.bat script looks like this:
(sorry, I have some text wrap troubles these days with TB)

------- base.bat -----------------------------------------------
:: MASTER: OS only with patches, tiny customisations
::
:: 20110117 - rewrite: use WSUSOffline for OS patches, IE8 installation,
DOTnet 3.5 installation.

@Echo off

SET LOC=\\server\a_share
SET DOM=myDOMAIN
SET USER=aUSER

:: REMINDER - todo.pl is a stack in reverse order.

:: disable System Restore
todo.pl "srconfig.pl --disable"

:: Set Automatic Updates to download and update automatically (SP2 behavior)

todo.pl "auconfig.pl --day 0 --time 3 --wait 10 4"

:: microsoft patches from WSUSoffline
todo.pl ".reboot-on 195 PUSHD %LOC%\system\wsus-offline & custom.cmd
/silent"

:: hardware platform support (bluetooth stack for instance)
:: reminder: more and more requires DotNET
todo.pl .reboot
todo.pl "PUSHD %LOC%\hardware & custom.cmd /silent"

:: Install DotNet 3.5
todo.pl ".reboot-on 195 PUSHD %LOC%\system\wsus-offline\files\client\cmd
& CMD /C DoUpdate.cmd /nobackup /instdotnet35"

:: Defragment the drive to collect the free space.
:: *** FIXME disabled for tests ***
::todo.pl defrag.bat

:: Update windows and turn off annoying stuff.
todo.pl .reboot
todo.pl winxpsp3-Mine-defaults.pl

:: Install IE8 then patch it
todo.pl ".reboot-on 195 PUSHD %LOC%\system\wsus-offline & custom.cmd
/silent"
todo.pl ".reboot-on 195 PUSHD %LOC%\system\wsus-offline\files\client\cmd
& CMD /C DoUpdate.cmd /nobackup /instie8"

:: Windows patches via WSUSoffline
:: - wsus-offline/ is a symlink to pkg/system/wsus-offline/
:: - called 2 times since some patches may require a reboot.
todo.pl ".reboot-on 195 PUSHD %LOC%\system\wsus-offline & custom.cmd
/silent"
todo.pl ".reboot-on 195 PUSHD %LOC%\system\wsus-offline & custom.cmd
/silent"

:: Windows2003: install R2 components before setting user's profile
:: (as it was launched in [GuiRunOnce] section of unattend.txt)
if "%WINVER%" == "ws2k3sp2" todo.pl "CMD /C
%LOC%\system\ws2003-install-r2\custom.cmd /silent"

:: UNC path have to be mounted to get a prompt
:: if user/password does not match.
todo.pl "NET USE %LOC% /user:%DOM%\%USER% /persistent:no"

:: Set IIS startup type to manual and ignore if not installed.
:: reminder: IIS is not installed (disabled in unattend.txt)
::todo.pl ".ignore-err 255 startup-type.pl Manual IISADMIN" ".ignore-err
255 startup-type.pl Manual W3SVC"

:: Turn off Windows Messenger service
todo.pl "startup-type.pl Disabled Messenger"
-------------------------------------------------------------------------

--------- wsus-offline/custom.cmd -------------------------------

REM mount a temporary network share if called from an UNC path
PUSHD %0\..

ECHO.
ECHO # Install last important Microsoft patches
ECHO # thanks to WSUS Offline (http://wsusofline.net)
ECHO # log file: %windir%\wsusofflineupdate.log
ECHO.

ECHO # - launch update...
ECHO # Updates as of:
TYPE files\client\builddate.txt

PUSHD files\client\cmd
REM CMD /C DoUpdate /nobackup /instie8
REM CMD /C DoUpdate.cmd /nobackup /instie8 /instdotnet
CMD /C DoUpdate.cmd /nobackup
SET ret=%ERRORLEVEL%
ECHO # ret=%ret%
POPD

ECHO #
ECHO # End of installation.
ECHO # log file: %windir%\wsusofflineupdate.log
ECHO #
ECHO # Please restart your system.
ECHO #

:end
IF NOT "%1" == "/silent" PAUSE
--------------------------------------------------------------------

Regards,

Pierre

Knoll, Bernhard

2011-08-23 09:55:38 UTC

Permalink

Hello,

why not use a wsus for unattended installs?
I just run the force wsus script from here multiple times after OS and Office install

http://www.vistaheads.com/forums/microsoft-public-windowsupdate/467253-need-vbscript-update-local-machine.html

Best regards

-----Ursprüngliche Nachricht-----
Von: Pierre Bourgin [mailto:***@free.fr]
Gesendet: Dienstag, 23. August 2011 07:39
An: All things concerning http://unattended.sourceforge.net/
Betreff: Re: [Unattended] Shared repository with WSUS Offline Update?

Post by Sean M. Pappalardo
Hello again.

Hello,

Post by Sean M. Pappalardo
I also use WSUS Offline Update (http://download.wsusoffline.net/)
which is basically a complex scripting system to download all of the
Windows, Office, etc. updates for use offline or over a network. I was
wondering if it would be possible to combine the repositories of this
program and Unattended? (This way, the stuff need only be stored in
one place but could be used for new installs as well as maintenance.)
WSUS Offline can store its items on a Linux server via Samba (that's
what I do,) so that's not a limitation.
Let me know what you all think.
Sincerely,
Sean M. Pappalardo

I also use a lot WSUSOffline for Windows patches, DotNet, InternetExplorer 8, Office patches and co.

In order to not duplicate storage of patches, I've simply removed the updates patches provided by Unattended.

"It's working fine for me" ;-)
See my scripts below.

Integrate WSUSOffline into Unattended code could be possible.
But it also means to be abble to call the update of WSUSOffline from the usual scripts dedicated to this task in Unattended ...

my Unattended base.bat script looks like this:
(sorry, I have some text wrap troubles these days with TB)

------- base.bat -----------------------------------------------
:: MASTER: OS only with patches, tiny customisations
::
:: 20110117 - rewrite: use WSUSOffline for OS patches, IE8 installation,
DOTnet 3.5 installation.

@Echo off

SET LOC=\\server\a_share
SET DOM=myDOMAIN
SET USER=aUSER

:: REMINDER - todo.pl is a stack in reverse order.

:: disable System Restore
todo.pl "srconfig.pl --disable"

:: Set Automatic Updates to download and update automatically (SP2 behavior)

todo.pl "auconfig.pl --day 0 --time 3 --wait 10 4"

:: microsoft patches from WSUSoffline
todo.pl ".reboot-on 195 PUSHD %LOC%\system\wsus-offline & custom.cmd
/silent"

:: hardware platform support (bluetooth stack for instance)
:: reminder: more and more requires DotNET
todo.pl .reboot
todo.pl "PUSHD %LOC%\hardware & custom.cmd /silent"

:: Install DotNet 3.5
todo.pl ".reboot-on 195 PUSHD %LOC%\system\wsus-offline\files\client\cmd
& CMD /C DoUpdate.cmd /nobackup /instdotnet35"

:: Defragment the drive to collect the free space.
:: *** FIXME disabled for tests ***
::todo.pl defrag.bat

:: Update windows and turn off annoying stuff.
todo.pl .reboot
todo.pl winxpsp3-Mine-defaults.pl

:: Install IE8 then patch it
todo.pl ".reboot-on 195 PUSHD %LOC%\system\wsus-offline & custom.cmd
/silent"
todo.pl ".reboot-on 195 PUSHD %LOC%\system\wsus-offline\files\client\cmd
& CMD /C DoUpdate.cmd /nobackup /instie8"

:: Windows patches via WSUSoffline
:: - wsus-offline/ is a symlink to pkg/system/wsus-offline/
:: - called 2 times since some patches may require a reboot.
todo.pl ".reboot-on 195 PUSHD %LOC%\system\wsus-offline & custom.cmd
/silent"
todo.pl ".reboot-on 195 PUSHD %LOC%\system\wsus-offline & custom.cmd
/silent"

:: Windows2003: install R2 components before setting user's profile
:: (as it was launched in [GuiRunOnce] section of unattend.txt)
if "%WINVER%" == "ws2k3sp2" todo.pl "CMD /C
%LOC%\system\ws2003-install-r2\custom.cmd /silent"

:: UNC path have to be mounted to get a prompt
:: if user/password does not match.
todo.pl "NET USE %LOC% /user:%DOM%\%USER% /persistent:no"

:: Set IIS startup type to manual and ignore if not installed.
:: reminder: IIS is not installed (disabled in unattend.txt)
::todo.pl ".ignore-err 255 startup-type.pl Manual IISADMIN" ".ignore-err
255 startup-type.pl Manual W3SVC"

:: Turn off Windows Messenger service
todo.pl "startup-type.pl Disabled Messenger"
-------------------------------------------------------------------------

--------- wsus-offline/custom.cmd -------------------------------

REM mount a temporary network share if called from an UNC path
PUSHD %0\..

ECHO.
ECHO # Install last important Microsoft patches
ECHO # thanks to WSUS Offline (http://wsusofline.net)
ECHO # log file: %windir%\wsusofflineupdate.log
ECHO.

ECHO # - launch update...
ECHO # Updates as of:
TYPE files\client\builddate.txt

PUSHD files\client\cmd
REM CMD /C DoUpdate /nobackup /instie8
REM CMD /C DoUpdate.cmd /nobackup /instie8 /instdotnet
CMD /C DoUpdate.cmd /nobackup
SET ret=%ERRORLEVEL%
ECHO # ret=%ret%
POPD

ECHO #
ECHO # End of installation.
ECHO # log file: %windir%\wsusofflineupdate.log
ECHO #
ECHO # Please restart your system.
ECHO #

:end
IF NOT "%1" == "/silent" PAUSE
--------------------------------------------------------------------

Regards,

Pierre

Pierre Bourgin

2011-08-24 04:53:09 UTC

Permalink

Post by Pierre Bourgin
Hello,
why not use a wsus for unattended installs?

WSUS (server) is a web service on a Windows server that you have to manage.
All your systems have to point it in order to use it.

WSUSOffline (www.wsusoffline.net) is a brunch of scripts that download
locally the most important updates.
These updates are then available locally, offline, as flat files.
Just run the its apply script to install them on a target computer.
The target computer can continue to run WindowsUpdate after with the
default configuration (ie point to Microsoft).

You can also store all its stuff on a cdrom or an USB drive in order to
use it if you do not have network access.

Since flat files, it's easy to rsync files accross various sites.

I feel more comfortable to use WSUSoffline.

Pierre