1

I need to schedule an unattended weekly out of hours download & install of windows updates and then reboot of a Windows Server 2016 box. How can I do this? Can it be done from the command line?

Similar question regarding Windows 2003 Schedule Windows Updates exclusively on a specific work day (and time)?

userSteve
  • 1,573
  • 4
  • 23
  • 33
  • Most in an enterprise environment use SCCM or similar management software. – Colyn1337 Jun 21 '17 at 19:58
  • The trick is in controlling the reboot that most updates require. You could certainly use a third party utility for this, which is what one of my clients does. – joeqwerty Jun 21 '17 at 20:00

2 Answers2

1

You should be able to do it via Group Policy, under "Computer Configuration"->"Administrative Templates"->"Windows Components"->"Windows Update", changing the policy setting there.

Alternatively, you can do it by running wuauclt /detectnow to check if there are any Microsoft Updates outstanding for installation. Putting that into a scheduled task should give you what you want.

Edit: It seems that wuauclt no longer works in Windows 10 (and presumably Server 2016). Instead, you can either create a script based on %windir%\System32\en-US\WUA_SearchDownloadInstall.vbs, which is used by sconfig, or you can download the script from https://gallery.technet.microsoft.com/scriptcenter/VB-Script-to-Check-and-620579cd and check if it works for you. (Note that the latter will skip any updates that require user input as that won't be possible during an unattended update.)

Pak
  • 919
  • 5
  • 10
  • This has no effect in Windows Server 2016, could be related to similar problem in Windows 10? https://answers.microsoft.com/en-us/windows/forum/windows_10-update/wuaucltexe-detectnow-command-doesnt-work-in/43dc5e35-6efa-432e-8256-d30096678849?auth=1 – userSteve Jun 22 '17 at 11:13
  • Thanks, I have set the Local Policy to update and reboot once a week. Hopefully it will work. – userSteve Jun 22 '17 at 11:33
  • 1
    Thanks for the note about wuauclt not working in Windows Server 2016...I've made a change to reference something that should work. – Pak Jun 22 '17 at 12:07
  • BTW, it does seem strange to get a downvote for an answer (albeit one with an incorrect component), but I'll live with it. – Pak Jun 22 '17 at 12:14
  • Pak - the downvote was accidental! Sorry. Couldnt seem to reverse it ? – userSteve Jun 23 '17 at 08:25
  • No worries; it happens. Good luck! – Pak Jun 23 '17 at 23:20
  • Update - The `Group Policy` setting didn't work either! But the VBS script does. I have changed the critieria from `IsInstalled=0 and Type='Software'` to `IsInstalled=0 and IsHidden=0` and also added a line at the end to force a reboot, it's now working great as a scheduled task. – userSteve Jun 26 '17 at 15:44
  • @userSteve I made the changes you mentioned and tried running the script but I get an error `WindowsUpdate.vbs(18, 1) (null): 0x80240438` any ideas? Also on that URL to the script, what does `and in the "Start In" select the package where the script's source directory lives.` mean? Where should I do the start in? – ScottN May 30 '19 at 18:51
0

There is indeed a command line tool that is exactly built for your use case - have a look at WuInstall (http://www.wuinstall.com) - it is a commercial product intended for companies with 50 machines and more but you can always download a free trial version to test in your environment

You can put wuinstall.exe in a batch script on the same machine or you can call it remotely via psexec

In the simplest case (you will also probably need a few more options for pruction environments) just write your batch script calling

wuInstall /install /reboot_if_needed

and kick it of with a task scheuduler of your choice at the time you want to update.

With the /reboot_if_needed option it is possible to reboot the machine unattended after the update, and the /rebootcylce option even reboots multiple times until all updates are installed.

WuInstall basically puts the whole Windows Update API and its most common use cases in one central command line tool - There are quite a few more options to script and select windows updates, check out the technical documentation under: https://wuinstall.atlassian.net/wiki/display/WD/WuInstall+HowTo

GeraldDC
  • 31
  • 2