How to remotely install updates and applications

Posted on by

As you know, System Center Essentials (SCE) provide you with both Update Management and Software Deployment. Since SCE uses Windows Server Update Services (WSUS) as underlying technology for both of these functions, the configuration of the client detection time and interval is done through Group Policy (this is done when you run the Feature Configuration Wizard in SCE and select domain policy). The default values for this is:

  • Schedule install time = 03:00
  • Automatic Updates detection frequency = Every 22 hour

Note that both of these can be changed to fit you environment.

So, if all of your machines are online at this time they will get all of the updates and all of the applications you approved for them. The problem I have seen is when you see (through the console) that one or more clients "Needs" updates or applications and you just want to "Click Install Now". As default, this is not possible in SCE and the option you have it to use Remote Desktop or visit the computer. The two tasks you have by default in SCE is:

  • Detect Software and Updates Now – This tasks only download the updates to the client and inform the user that they are available but the user need to click "Install" or wait for the schedule time to apear
  • Collect Inventory – This task actually do exactly the same as above

The solution to this problem is to build your own task that run a script that both download and install updates and software and then report back what’s been installed.

  1. Start the SCE console, click Authoring and then expand Management Pack Objects node
  2. Right-click Tasks and select to create a new task
  3. In the Create task wizard – Task Type, select Agent Task and Run a script and then select your destination management pack and click Next
  4. In the Create task wizard – General Properties, input a task name and a description and choose target (I would recommend to use the Windows Computers as target). Click Next
  5. In the Create task wizard – Script, select as below and then click Create:
    1. File Name = WSUS.vbs
    2. Time Out = This depend on the time it will take to install the updates. In my tests I have selected 1 hour
    3. Script = Se below
      ‘ Written in 2007 by Harry Johnston, University of Waikato, New Zealand.
      ‘ This code has been placed in the public domain. It may be freely
      ‘ used, modified, and distributed. However it is provided with no
      ‘ warranty, either express or implied.

      ‘ Exit Codes:

      ‘ 0 = scripting failure

      ‘ 1 = error obtaining or installing updates

      ‘ 2 = installation successful, no further updates to install

      ‘ 3 = reboot needed; rerun script after reboot

      ‘ Note that exit code 0 has to indicate failure because that is what

      ‘ is returned if a scripting error is raised.

      Set updateSession = CreateObject("Microsoft.Update.Session")  

      Set updateSearcher = updateSession.CreateUpdateSearcher() 

      Set updateDownloader = updateSession.CreateUpdateDownloader() 

      Set updateInstaller = updateSession.CreateUpdateInstaller()  

      Do

      WScript.Echo 

      WScript.Echo "Searching for approved updates …"

      WScript.Echo  

      Set updateSearch = updateSearcher.Search("IsInstalled=0")  

      If updateSearch.ResultCode <> 2 Then

      WScript.Echo "Search failed with result code", updateSearch.ResultCode 

      WScript.Quit 1  

      End If

      If updateSearch.Updates.Count = 0 Then

      WScript.Echo "There are no updates to install."

      WScript.Quit 2  

      End If

      Set updateList = updateSearch.Updates  

      For I = 0 to updateSearch.Updates.Count – 1  

      Set update = updateList.Item(I)  

      WScript.Echo "Update found:", update.Title  

      Next

      WScript.Echo  

      updateDownloader.Updates = updateList 

      updateDownloader.Priority = 3  

      Set downloadResult = updateDownloader.Download()  

      If downloadResult.ResultCode <> 2 Then

      WScript.Echo "Download failed with result code", downloadResult.ResultCode 

      WScript.Echo  

      WScript.Quit 1  

      End If

      WScript.Echo "Download complete. Installing updates …"

      WScript.Echo  

      updateInstaller.Updates = updateList  

      Set installationResult = updateInstaller.Install()  

      If installationResult.ResultCode <> 2 Then

      WScript.Echo "Installation failed with result code", installationResult.ResultCode  

      For I = 0 to updateList.Count – 1  

      Set updateInstallationResult = installationResult.GetUpdateResult(I) 

      WScript.Echo "Result for " & updateList.Item(I).Title & " is " & installationResult.GetUpdateResult(I).ResultCode  

      Next

      WScript.Quit 1  

      End If

      If installationResult.RebootRequired Then

      WScript.Echo "The system must be rebooted to complete installation."

      WScript.Quit 3  

      End If

      WScript.Echo "Installation complete."

      Loop

  6. Open the Computer or Monitoring View and select the client/server you want to update and then select the task that you created above.

Example of the result of the task on a computer that needs one update and the installation is successfull and the computer needs to be restarted

Example of the result of the task on a computer that doesn’t have any updates

 

Credit to Harry Johnston, University of Waikato, New Zealand that has written the script.

Leave a Reply

Your email address will not be published. Required fields are marked *