Wsus Force Update Command Line

Posted on admin

I have WSUS Server that works great, however I have a couple of people who never remember to install the pushed updates. The PC has downloaded them but waiting on the EU to install. They LOCK their computers so I can't VNC into them and just install them after hours, they 'CLAIM' to be working on things and so I don't want them to lose anything Just in case they really are. My question is there a way using command line to get these updates to install? I know there are command lines out there other than detectnow and resetauth.

IF there is a command line for this what is the structure of the command e.g. Wuauclt,exe%Compname% /installnow?????????? Trivial from a technical aspect.

How can I force a wsus client to download all updates. How can I force a wsus client to download updates? That's the command to use, but it won't force. Jun 14, 2017 Command-line switches for Windows software update. When you run a Windows software update package without command-line. Force other programs to.

Create a new Computer Group in WSUS console. Throw the problem user's machine into it, and leave it there. From now on, set a deadline unique to that group, for. 2am, whatever. You can then force the local machine to apply at 2:15am with the help of a scheduled task that runs psexec (sysinternals.com) on your local machine, to execute wuauclt /detectnow on the jerk's machine. The patches will then apply and the reboot will take place, then, locked or not.

Wsus Command Prompt

As to user behavior. Their argument is pure straw. If stuff is important, and important files are left open. Those open files are likely not getting backed up, and the user is creating risk with zero value - for nothing more than the sake of arrogance and self-assertion. It's great that locking the desktop makes them feel good.

Wsus

Meanwhile, their doing so flatly contradicts their assertion of importance. Likewise, keeping all that trash open pretty much destroys any maintenance window on the server resources they're using, which costs real money, and real risk, again with zero value. If all the files are local to the machine, then the argument is even more straw - off the domain, clearly not part of the backup strategy, and clearly the stuff is anecdotal trash that you can reboot with prejudice. The easy fix is to set a GPO that disallows desktop locking; there is rarely a legit reason for most users to lock overnight, especially as the things they work on become less trivial. The more important the stuff is, the more critical they NOT lock the desktop, to reduce the number of points of failure that may occur over the 16+ hours that they're not at the desk. Seriously, power supplies fail, and that user needs to get over themselves; locking for overnights is a bad practice, and they are simply being arrogant and lazy.

Line

GPO - User Config - Admin Templates - System - CtrlAltDel - Remove Lock Computer. If assertion won't work, then you can rely on the a classic, irrefutable argument - 'the computer won't let me'. Inform the user that the new version of WSUS that you just got, right now as you're reading this post, forces you to reboot his machine overnight, and there is nothing you can do about it. Blame a new patching strategy that's required for Windows7 or some other such bull, if need be. If he leaves his stuff open, it'll be gone.

'The computer won't let me stop it, and you'll just have to adapt. I do have this user in a group, 'Developers' I also have them set up with GPO but in that GPO the updates are downloaded and if NOT critical then they reside on the local system until the end users clicks on install. I can force the update to install by placing a deadline on the update but this has had adverse affects in the past by installing the update and automaticlly restarting the PC with no warning. EVEN though the GPO and the group are set to NOT auto restart.downside to deadlines. I just have the ONE person who needs to have the updates installed now that they have been downloaded and this EU is a pain in my Arse.

They wre the type that wants total control and doesn't want anything going on they are doing. Trivial from a technical aspect. Create a new Computer Group in WSUS console. Throw the problem user's machine into it, and leave it there. From now on, set a deadline unique to that group, for. 2am, whatever.

You can then force the local machine to apply at 2:15am with the help of a scheduled task that runs psexec (sysinternals.com) on your local machine, to execute wuauclt /detectnow on the jerk's machine. The patches will then apply and the reboot will take place, then, locked or not. As to user behavior. Their argument is pure straw. If stuff is important, and important files are left open. Those open files are likely not getting backed up, and the user is creating risk with zero value - for nothing more than the sake of arrogance and self-assertion. It's great that locking the desktop makes them feel good.

Meanwhile, their doing so flatly contradicts their assertion of importance. Likewise, keeping all that trash open pretty much destroys any maintenance window on the server resources they're using, which costs real money, and real risk, again with zero value. If all the files are local to the machine, then the argument is even more straw - off the domain, clearly not part of the backup strategy, and clearly the stuff is anecdotal trash that you can reboot with prejudice. The easy fix is to set a GPO that disallows desktop locking; there is rarely a legit reason for most users to lock overnight, especially as the things they work on become less trivial. The more important the stuff is, the more critical they NOT lock the desktop, to reduce the number of points of failure that may occur over the 16+ hours that they're not at the desk.

Seriously, power supplies fail, and that user needs to get over themselves; locking for overnights is a bad practice, and they are simply being arrogant and lazy. GPO - User Config - Admin Templates - System - CtrlAltDel - Remove Lock Computer.

If assertion won't work, then you can rely on the a classic, irrefutable argument - 'the computer won't let me'. Inform the user that the new version of WSUS that you just got, right now as you're reading this post, forces you to reboot his machine overnight, and there is nothing you can do about it. Blame a new patching strategy that's required for Windows7 or some other such bull, if need be. If he leaves his stuff open, it'll be gone. 'The computer won't let me stop it, and you'll just have to adapt.