Automatically update Windows fully

Question

I'm working on a project where the goal is to be able to update a windows computer 100%. That means a program or a script that updates windows automatically with no user interaction at all. Ideally a standalone script that can be run from another script.

The reason: I need to update a lot of computers in my line of work. They can be at any patch level and everything from Windows XP to Windows 8. My goal is to start a script, wait/do something else and then find a fully patched computer.

I've solved a lot by finding ZTIWindowsUpdate.wsf in the MDT Task Sequence.

This can be used like this from an admin cmd:

cssript.exe ZTIWindowsUpdate.wsf

My problem so far is that the computer requires a reboot between some of the updates. Probably because of dependencies. ZTIWindowsUpdate.wsf needs to be run as administrator and i can't seem to find a solution to start it as administrator at reboot. Additionally if I get the script to run on startup, how do I stop it, and how do I know when its time to stop it?

Can someone help med with a foolproof solution to this problem?

Thanks!

ElektroStudios · Answer 1 · 2013-04-24T07:02:10.987

8

Don't need to FULL update a Windows OS, most of the updates are not needed, most updates are not relationated with security and we can survive without they, you need to read the description of each update to understand what changes made. FULLY updating a Windows can be negative point of performance in several scenarios.

All that you need is to download your desired updates, then store it in a folder with this batch script:

@Echo off
For %%# in (*.msu) Do (
    Echo: Installing update: %%#
    Wusa "%%#" /quiet /norestart
)
Echo Windows Update finished.
Pause&Exit

Also you can compress the folder (the updates + the script) into a Self executable with winrar to distribute it as a standalone file.

Info:

Wusa.exe is the Windows Update commandline application.

The files are processed one by one, not all at once.

The quiet switch makes the installation silent.

The norestart switch don't restart after installing the update even if needed.

If a update is installed in the OS then is not installed again, without getting an error window or stopping the execution of the script.

PS: See Wusa /? for more switches.

I hope this helps.

UPDATE:

Another alternative is to download and install ALL the updates with WSUS utility.

http://download.wsusoffline.net/

The updates for Win7 x64 (for example) are stored here: "...\wsusoffline\client\w61-x64\glb"

PS: The "DoUpdate.cmd" batch file in the "CMD" dir of the application is what you need if need to automate the task in "background".

enter image description here

edited Apr 24 '13 at 07:02

answered Apr 24 '13 at 00:53

ElektroStudios

19,105
33
200
417

It seems like a huge task to manually download all updates and maintain dem (delete ones noe needed). Does not Wusa.exe automatically detect whats needed and not? – aeinstein Apr 24 '13 at 06:12
That looks very promising. I will se how this can be used for my benefits as soon as possible. Still, what if som updates need a reboot to install the next ones? – aeinstein Apr 24 '13 at 07:55
4

I disagree. With a few exceptions, it is preferable to install all updates distributed via Windows Update, so that your system is identical to the millions of millions of systems out there that are configured to automatically install. Microsoft can't test every possible combination of updates you might choose to install, so by being selective you're increasing the risk of running into a rare or unique problem. (Of course, there are special cases, such as servers, where some updates are best left out.) – Harry Johnston Apr 25 '13 at 23:50
Thanks for your comment, but I will add: any "unique rare problem" can be solved if unique errorcode :P – ElektroStudios Apr 25 '13 at 23:59
@aeinstein I only tested WSUS for downloading updates not for installing them, but you can combine the downloaded files with my first script so stop Rebooting don't need to be a big problem. – ElektroStudios Apr 26 '13 at 00:02
Please note that the "offline WSUS utility" is a third-party product not directly related to Microsoft's WSUS. – Harry Johnston Apr 26 '13 at 00:06
@ElektroHacker: uh ... rare or unique problems don't usually produce rare or unique error codes. And if you run across a problem that nobody has had before, how is an error code going to help you anyway? – Harry Johnston Apr 26 '13 at 00:07
@Harry maybe but your perspective is too negative ... that's a (LOW) risk wich one need if prefer to be selective, I only would say that. sorry for my english. – ElektroStudios Apr 26 '13 at 00:16
Oh, certainly it's a low risk. But so is installing all updates, though I admit this isn't the best month to make that argument. Why go to the trouble of working out which updates you really need and which you don't when it's so easy to just install them all? – Harry Johnston Apr 26 '13 at 00:26
1

Exists a lot of reasons for me like for example: extra amount of disk space, extra little amount of RAM consumition (not for the updates that only make changes in files of course), corrupted updates (I mean bugged), amount of time to update the system with unnecessary updates, and... The pleasure to know what are you really installing/updating. I think that's all :P – ElektroStudios Apr 26 '13 at 01:16
Thanks for the link to WSUS Offline Update generator. I just bought a new Win7/64 PC; when I had it check for updates, it'd stall forever. Judging by the number of google hits, it's a common enough problem but none of the suggestions helped in my case. WSUS Offline did the job seamlessly. And now Windows is even able to update itself further. Again, THANKS! – Steve Rindsberg Dec 07 '16 at 16:22

score 2 · Accepted Answer · answered Apr 25 '13 at 23:59

The simplest solution to the problem you're describing is to get your script to configure automatic logon for the built-in Administrator account, then add itself to the Startup folder. You do need to know (or reset) the Administrator account password to use this option.

There are many other possibilities, some examples are: use a startup script and psexec; use srvany to create a service that runs your script; use task scheduler to schedule your script to run automatically, either interactively or non-interactively; disable WUA, configure automatic logon for the account you're using, and add your script to the Startup folder.

Note that you'll save time and bandwidth if you can set up a WSUS server or (even simpler, and cheaper if you don't already have a Windows server) a transparent caching proxy. However this won't avoid the need to reboot during the update sequence.

You may find my script useful as an alternative starting point to ZTIWindowsUpdate.wsf, if only because it is smaller and simpler to understand.

score 1 · Answer 3 · answered Apr 23 '13 at 22:57

The moast time consuming thing of a WindowsUpadate procedere is the download of the Setupfiles for the Updates. You should look into a lokaly in the network installed WUS (Window Update Server) and make sure the PC updates from the WUS. If the PCs are all in a ActiveDirectory Domain then the needed settings are very easy to manage. But if not this setting could make a simple batch-script which uses the normal windows update routine.

Another solution would be to make batch-scripts where you install the predownloaded updateFiles with the silent-switch. Allmoast every setup.exe has such a silent switch. If a update isn't needed the update stops for this upload automatically. I'm using such a batch-script wizzardy now for quiet a time now.

PS: If the Computer were from one/your compagny you should "thank" your predecessor for many hours of work to the far future.

PPS: By the way XP and Vista should be phased out. They are now realy old and for XP the already extended supporttime is axed by Microsoft next year and should only used if it is realy realy needed for one small situation where a Windows 7 isn't a solution in any way possible.

None of the computeres are in AD. It is a computer repair shop that gets in all different computers. WSUS sounds smart, I will look into it. — aeinstein, Apr 24 '13 at 06:10

score 1 · Answer 4 · answered Nov 14 '14 at 02:47

1

To run

cssript.exe ZTIWindowsUpdate.wsf

as Administrator after reboots, you can create a Task in the Task Scheduler with the proper permissions and to run on boot. =]

answered Nov 14 '14 at 02:47

Jeffrey L. Roberts

2,844
5
34
69

score 1 · Answer 5 · answered Jul 29 '15 at 09:32

1

An automated way is, WuInstall. I'm using it for 1 year now and it's perfect, it actually does what it should. It's a command line tool which automatically searches, downloads and installs the updates. There are several "switches" that let you allow to customize the process. Thanks to the rebootcycle-switch for instance, updating a newly setup PC is done with ease - in one go.

answered Jul 29 '15 at 09:32

Julia Ambrews

11
1

This is a paid service, but still looks nice. – aeinstein Nov 09 '15 at 13:52

score 1 · Answer 6 · answered Oct 28 '15 at 14:36

Here's another way ------ Perform instructions below at your own risk: To automate windows update these instructions may or may not work for your system however it appears to work to an extent for Windows 7 as these instructions were tested on Windows 7.

MUST READ: 1. If the step below does not work verify then you are most likely part of a domain and your security policy may not allow you to perform steps below! 2. UAC prompts were also disabled for the duration of the windows updates so the batch files can run without interruption; be careful to restore this to default when done

Caution this step will make your computer less secure, immediately remove this after your computer is completely up to date. Set a reminder for 24 hours later if need be:

1. First you will have to make sure your computer automatically logs into a user. You can do this by clicking start menu, type "netplwiz", press enter or open the wizard, under the users tab, select your username, and un-check "require password", type your password, close this window.

2. Create 3 batch files to start the automated process. (Open notepad paste each code into a separate notepad and perform a save as corresponding_file_name.bat)

One. Save as: any_name.bat then copy this batch file to your startup folder for the user you made auto login. (Click start > All Programs > Startup)

start "" c:\autoupdate1.bat
exit

Two. Save as: autoupdate1.bat then copy this to C:\ drive

wuauclt /detectnow
wuauclt /updatenow
reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired" > nul && shutdown -r -t 0
start "" c:\autoupdate2.bat
exit

Three. Save as: autoupdate2.bat then copy this to C:\ drive

ping 127.0.0.1 -n 61 > nul
start "" c:\autoupdate1.bat
exit

Restart or open the batch file in the startup folder and watch the magic begin!

3. When it is completely done updating just delete the batch files from the startup folder & c:\ drive

Once again follow these instructions at your own risk as it can create an endless loop if you do not know how to stop this process by removing it from the startup folder or going into windows under safe-mode to remove the batch files

Final notes: If you run into issues running the batch files chances are you may have to look up how to disable UAC prompts for your Windows version

Automatically update Windows fully

6 Answers6