เพื่อให้จัดการเรื่อง Patch Update ที่แตกต่างกันในแต่ละ OS ให้ง่ายขึ้น (วิธีการ update patch เป็นแบบ Monthly Routine กรณีจะทำเป็น automatic update ก็ใช้ Policy Windows Update เพิ่มเติม)
Batch สำหรับกำหนดค่า Window update
*** แก้เรื่อง dualscan บน 2016/2019 ให้อับเดตผ่าน wsus เท่านั้นแล้ว
*** Windows Update GUI จะถูกปิดไม่ให้เข้าถึง ให้ใช้งานผ่าน คำสั่ง sconfig เท่านั้น เพื่อแก้ปัญหาบน 2016/2019 ที่ไม่สามารถเลือกติดตั้ง patch เป็นบางรายการได้
#### Setting Windows Update Client (copy content สีน้ำเงิน ไป save เป็นไฟล์ .bat เพื่อรันบนเครื่อง server ที่ต้องการจัดการ Patch)
@echo off
if not exist %SystemRoot%\system32\systeminfo.exe goto warnthenexit
systeminfo | find "OS Name" > %TEMP%\osname.txt
FOR /F "usebackq delims=: tokens=2" %%i IN (%TEMP%\osname.txt) DO set vers=%%i
echo %vers% | find "Microsoft Windows Server 2016" > nul
if %ERRORLEVEL% == 0 goto ver_ws2016
echo %vers% | find "Microsoft Windows Server 2019" > nul
if %ERRORLEVEL% == 0 goto ver_ws2019
echo %vers% | find "Microsoft Windows Server 2012" > nul
if %ERRORLEVEL% == 0 goto ver_ws2012
goto warnthenexit
:ver_ws2016
:Run Windows server 2016 specific commands here.
echo Windows server 2016
rem Target URL of the WSUS server
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "WUServer" /D "http://WSUSServer:8530"
rem Target URL of the server to which reporting information will be sent for client computers that use the WSUS server
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "WUStatusServer" /D "http://WSUSServer:8530"
rem Automatically download and notify of installation
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "AUOptions" /D 3 /t reg_dword
rem Enable Automatic Updates
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /D 0 /t reg_dword
rem The WSUS Server is not used unless this key is set
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "UseWUServer" /D 1 /t reg_dword
rem The Automatic Updates detection frequency
reg.exe add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "DetectionFrequencyEnabled" /D 1 /t reg_dword
rem Check for updates frequency
reg.exe add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "DetectionFrequency" /D 4 /t reg_dword
rem Do not connect to any Windows Update Internet locations
reg.exe add "Software\Policies\Microsoft\Windows\WindowsUpdate" /v "DoNotConnectToWindowsUpdateInternetLocations" /D 1 /t reg_dword
rem Do not include drivers with Windows Updates
reg.exe add "Software\Policies\Microsoft\Windows\WindowsUpdate" /v "ExcludeWUDriversInQualityUpdate" /D 1 /t reg_dword
rem Disable Windows Updates Dual Scan
reg.exe add "Software\Policies\Microsoft\Windows\WindowsUpdate" /v "DisableDualScan" /D 1 /t reg_dword
rem Do not search Windows Update for device drivers
reg.exe add "HKLM\Software\Policies\Microsoft\Windows\DriverSearching" /v "SearchOrderConfig" /D 0 /t reg_dword
rem search Managed server for device driver updates
reg.exe add "HKLM\Software\Policies\Microsoft\Windows\DriverSearching" /v "DriverServerSelection" /D 1 /t reg_dword
rem Turn off Windows Update device driver searching
reg.exe add "HKLM\Software\Policies\Microsoft\Windows\DriverSearching" /v "DontSearchWindowsUpdate" /D 1 /t reg_dword
rem Turn off access to the Store
reg.exe add "HKLM\Software\Policies\Microsoft\Windows\Explorer" /v "NoUseStoreOpenWith" /D 1 /t reg_dword
rem restart Windows Update service
net stop "Windows Update"
net start "Windows Update"
rem check for Windows Updates
wuauclt /resetauthorization /detectnow
wuauclt /reportnow /detectnow
goto exit
:ver_ws2019
:Run Windows server 2019 specific commands here.
echo Windows server 2019
rem Target URL of the WSUS server
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "WUServer" /D "http://WSUSServer:8530"
rem Target URL of the server to which reporting information will be sent for client computers that use the WSUS server
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "WUStatusServer" /D "http://WSUSServer:8530"
rem Automatically download and notify of installation
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "AUOptions" /D 3 /t reg_dword
rem Enable Automatic Updates
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /D 0 /t reg_dword
rem The WSUS Server is not used unless this key is set
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "UseWUServer" /D 1 /t reg_dword
rem The Automatic Updates detection frequency
reg.exe add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "DetectionFrequencyEnabled" /D 1 /t reg_dword
rem Check for updates frequency
reg.exe add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "DetectionFrequency" /D 4 /t reg_dword
rem Do not connect to any Windows Update Internet locations
reg.exe add "Software\Policies\Microsoft\Windows\WindowsUpdate" /v "DoNotConnectToWindowsUpdateInternetLocations" /D 1 /t reg_dword
rem Do not include drivers with Windows Updates
reg.exe add "Software\Policies\Microsoft\Windows\WindowsUpdate" /v "ExcludeWUDriversInQualityUpdate" /D 1 /t reg_dword
rem Disable Windows Updates Dual Scan
reg.exe add "Software\Policies\Microsoft\Windows\WindowsUpdate" /v "DisableDualScan" /D 1 /t reg_dword
rem Do not search Windows Update for device drivers
reg.exe add "HKLM\Software\Policies\Microsoft\Windows\DriverSearching" /v "SearchOrderConfig" /D 0 /t reg_dword
rem search Managed server for device driver updates
reg.exe add "HKLM\Software\Policies\Microsoft\Windows\DriverSearching" /v "DriverServerSelection" /D 1 /t reg_dword
rem Turn off Windows Update device driver searching
reg.exe add "HKLM\Software\Policies\Microsoft\Windows\DriverSearching" /v "DontSearchWindowsUpdate" /D 1 /t reg_dword
rem Turn off access to the Store
reg.exe add "HKLM\Software\Policies\Microsoft\Windows\Explorer" /v "NoUseStoreOpenWith" /D 1 /t reg_dword
rem restart Windows Update service
net stop "Windows Update"
net start "Windows Update"
rem check for Windows Updates
wuauclt /resetauthorization /detectnow
wuauclt /reportnow /detectnow
goto exit
:ver_ws2012
:Run Windows server 2012 specific commands here.
echo Windows server 2012
rem Target URL of the WSUS server
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "WUServer" /D "http://WSUSServer:8530"
rem Target URL of the server to which reporting information will be sent for client computers that use the WSUS server
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "WUStatusServer" /D "http://WSUSServer:8530"
rem Automatically download and notify of installation
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "AUOptions" /D 3 /t reg_dword
rem Enable Automatic Updates
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /D 0 /t reg_dword
rem The WSUS Server is not used unless this key is set
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "UseWUServer" /D 1 /t reg_dword
rem restart Windows Update service
net stop "Windows Update"
net start "Windows Update"
rem check for Windows Updates
wuauclt /resetauthorization /detectnow
wuauclt /reportnow /detectnow
goto exit
:warnthenexit
echo Machine undetermined.
:exit
วิธีการติดตั้ง Patch ที่เครื่อง server ปลายทาง
เปิด Command Prompt รันคำสั่ง sconfig
2
3.
4
No comments:
Post a Comment