Using PSEXEC and VBS script with WSUS

[scj6771]

I am in the process of putting a batch file together to detect and force microsoft updates to a machine or a group of machines using PSEXEC.exe and a VBS script created by Rob Dunn and posted over at the forums at www.wsus.info.

I have listed below the steps needed to complete this task and would like it put together (if possible) in a batch file, UPDATE.VBS is the name of the script that I copy over to the machine and the PSTOOLS dir is the directory that PSEXEC resides in.

If I run these commands one at a time everything runs well, I would just like to know if it is possible to make this a "one step process"?


Ok here are all the cmds I need in order to run the script

1. net use \\TARGETMACHINE\C$ /user:"DOMAIN\DOMAIN USER"

2. copy update.vbs \\TARGETMACHINE\C$\update.vbs

3. exit back into PSTOOLS directory

3. psexec.exe \\TARGETMACHINE -u "DOMAIN\DOMAIN USER" -p PASSWORD -e -i cmd.exe /c cscript.exe //B C:\UPDATE.vbs


I have tested this on multiple machines and everything is running well. Any suggestions on how to set this up in one batch file? Of course I will eventually setup the PSTOOLS dir on a network drive instead of my local machine.

 

[scj6771]

Ok after a few weeks of playing around with the script and lots of help from Karlchen over at http://forum.sysinternals.com/default.asp I got it running, it goes a little something like this:

@echo off
:: Programme: remoteupd.bat
:: Function : copy update.vbs to \\target
:: launch update.vbs on \\target using psexec
:: &nbs p; will read computerlist.txt and launch update.vbs on each
:: &nbs p; of the hostnames\IPs inside the file
:: Status : third draft, arguments given on commandline, uses a listfile
:: Note : we will assume "computerlist.txt" is located in F:\Work Applications\WSUS Force Update, too.
:: Usage : remoteupd.bat adminuser password
::
:: Check that 2 arguments have been given on the commandline
if "%2"=="" (
echo usage: remoteupd.bat adminuser password
echo Try again.
exit /b 1
)
set ADMUSER="ADMIN USER\DOMAIN"
set ADMPASS="PASSWORD"
set LISTFILE=computerlist.txt

:: go to the source folder
f:
cd \Work Applications\WSUS Force Update

:: check that the listfile is there
if not exist %LISTFILE% (
echo Listfile %LISTFILE% not found. Create it and try again.
exit /b 1
)

:: Finally, all checks done, let us do our work in a for loop
for /F %%i in (%LISTFILE%) do (
REM 1. net use if ADMPASS has got no space character the
REM double quotes may be removed
net use \\%%i\C$ /user:"ADMIN USER\DOMAIN" "PASSWORD"

REM 2. copy update.vbs
copy update.vbs \\%%i\C$\update.vbs

REM 3. disconnect from \\%TARGET%
net use \\%%i\C$ /dele

REM 4. psexec.exe, make sure this command is in 1 line!
psexec.exe \\%%i -u "ADMIN USER\DOMAIN" -p "PASSWORD" -e cscript.exe //B C:\UPDATE.vbs
)

:: 5. Done, delete variables
set admuser=
set admpass=
set listfile=

This will force any updates to the machines located in the "COMPUTERLIST.TXT" from my WSUS server by running the "UPDATE.VBS" script.

I however now have a few more questions for any WSUS people out there.

1. How can I keep duplicate computer names out of my WSUS server? I ran a "WSUS /DETECTNOW" script on a bunch of machines with positive results but of course a whole bunch of duplicates, is it possible to get them removed in a quick fashion?

2. New machines that are imaged and deployed? most effictive way to get them onto WSUS.

3. Machines that are no longer in production but still show up in AD? Therfore showing up in WSUS, how do I "cleanup" WSUS and get rid of machines that are no longer in production?

Thanks for your help.