Automatically update Windows fully - windows

I'm working on a project where the goal is to be able to update a windows computer 100%. That means a program or a script that updates windows automatically with no user interaction at all. Ideally a standalone script that can be run from another script.
The reason: I need to update a lot of computers in my line of work. They can be at any patch level and everything from Windows XP to Windows 8. My goal is to start a script, wait/do something else and then find a fully patched computer.
I've solved a lot by finding ZTIWindowsUpdate.wsf in the MDT Task Sequence.
This can be used like this from an admin cmd:
cssript.exe ZTIWindowsUpdate.wsf
My problem so far is that the computer requires a reboot between some of the updates. Probably because of dependencies. ZTIWindowsUpdate.wsf needs to be run as administrator and i can't seem to find a solution to start it as administrator at reboot. Additionally if I get the script to run on startup, how do I stop it, and how do I know when its time to stop it?
Can someone help med with a foolproof solution to this problem?
Thanks!

Don't need to FULL update a Windows OS, most of the updates are not needed, most updates are not relationated with security and we can survive without they, you need to read the description of each update to understand what changes made. FULLY updating a Windows can be negative point of performance in several scenarios.
All that you need is to download your desired updates, then store it in a folder with this batch script:
#Echo off
For %%# in (*.msu) Do (
Echo: Installing update: %%#
Wusa "%%#" /quiet /norestart
)
Echo Windows Update finished.
Pause&Exit
Also you can compress the folder (the updates + the script) into a Self executable with winrar to distribute it as a standalone file.
Info:
Wusa.exe is the Windows Update commandline application.
The files are processed one by one, not all at once.
The quiet switch makes the installation silent.
The norestart switch don't restart after installing the update even if needed.
If a update is installed in the OS then is not installed again, without getting an error window or stopping the execution of the script.
PS: See Wusa /? for more switches.
I hope this helps.
UPDATE:
Another alternative is to download and install ALL the updates with WSUS utility.
http://download.wsusoffline.net/
The updates for Win7 x64 (for example) are stored here: "...\wsusoffline\client\w61-x64\glb"
PS: The "DoUpdate.cmd" batch file in the "CMD" dir of the application is what you need if need to automate the task in "background".

The simplest solution to the problem you're describing is to get your script to configure automatic logon for the built-in Administrator account, then add itself to the Startup folder. You do need to know (or reset) the Administrator account password to use this option.
There are many other possibilities, some examples are: use a startup script and psexec; use srvany to create a service that runs your script; use task scheduler to schedule your script to run automatically, either interactively or non-interactively; disable WUA, configure automatic logon for the account you're using, and add your script to the Startup folder.
Note that you'll save time and bandwidth if you can set up a WSUS server or (even simpler, and cheaper if you don't already have a Windows server) a transparent caching proxy. However this won't avoid the need to reboot during the update sequence.
You may find my script useful as an alternative starting point to ZTIWindowsUpdate.wsf, if only because it is smaller and simpler to understand.

The moast time consuming thing of a WindowsUpadate procedere is the download of the Setupfiles for the Updates. You should look into a lokaly in the network installed WUS (Window Update Server) and make sure the PC updates from the WUS. If the PCs are all in a ActiveDirectory Domain then the needed settings are very easy to manage. But if not this setting could make a simple batch-script which uses the normal windows update routine.
Another solution would be to make batch-scripts where you install the predownloaded updateFiles with the silent-switch. Allmoast every setup.exe has such a silent switch. If a update isn't needed the update stops for this upload automatically. I'm using such a batch-script wizzardy now for quiet a time now.
PS: If the Computer were from one/your compagny you should "thank" your predecessor for many hours of work to the far future.
PPS: By the way XP and Vista should be phased out. They are now realy old and for XP the already extended supporttime is axed by Microsoft next year and should only used if it is realy realy needed for one small situation where a Windows 7 isn't a solution in any way possible.

To run
cssript.exe ZTIWindowsUpdate.wsf
as Administrator after reboots, you can create a Task in the Task Scheduler with the proper permissions and to run on boot. =]

An automated way is, WuInstall. I'm using it for 1 year now and it's perfect, it actually does what it should. It's a command line tool which automatically searches, downloads and installs the updates. There are several "switches" that let you allow to customize the process. Thanks to the rebootcycle-switch for instance, updating a newly setup PC is done with ease - in one go.

Here's another way ------
Perform instructions below at your own risk:
To automate windows update these instructions may or may not work for your system however it appears to work to an extent for Windows 7 as these instructions were tested on Windows 7.
MUST READ: 1. If the step below does not work verify then you are most likely part of a domain and your security policy may not allow you to perform steps below! 2. UAC prompts were also disabled for the duration of the windows updates so the batch files can run without interruption; be careful to restore this to default when done
Caution this step will make your computer less secure, immediately remove this after your computer is completely up to date. Set a reminder for 24 hours later if need be:
1.
First you will have to make sure your computer automatically logs into a user. You can do this by clicking start menu, type "netplwiz", press enter or open the wizard, under the users tab, select your username, and un-check "require password", type your password, close this window.
2.
Create 3 batch files to start the automated process. (Open notepad paste each code into a separate notepad and perform a save as corresponding_file_name.bat)
One. Save as: any_name.bat then copy this batch file to your startup folder for the user you made auto login. (Click start > All Programs > Startup)
start "" c:\autoupdate1.bat
exit
Two. Save as: autoupdate1.bat then copy this to C:\ drive
wuauclt /detectnow
wuauclt /updatenow
reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired" > nul && shutdown -r -t 0
start "" c:\autoupdate2.bat
exit
Three. Save as: autoupdate2.bat then copy this to C:\ drive
ping 127.0.0.1 -n 61 > nul
start "" c:\autoupdate1.bat
exit
Restart or open the batch file in the startup folder and watch the magic begin!
3.
When it is completely done updating just delete the batch files from the startup folder & c:\ drive
Once again follow these instructions at your own risk as it can create an endless loop if you do not know how to stop this process by removing it from the startup folder or going into windows under safe-mode to remove the batch files
Final notes: If you run into issues running the batch files chances are you may have to look up how to disable UAC prompts for your Windows version

Related

TeamCity - Setting up additional agent on same Win VM

How do I install another agent on the same Windows VM? I ran the MSI and installed it into another folder but it just unregistered the old one and the latest one took over.
What you've done so far is good, but its not the full story. For some God-forsaken reason, JetBrains made this super common thing, hard.
So you've one agent in D:\Agent-A and another in D:\Agent-B and during install you ensured they don't share any folders or ports etc.
Okay, now you have to open Notepad.exe as Administrator (to bypass the world's most annoying software 'feature', UAC) and edit:
D:\Agent-B\launcher\conf\wrapper.conf and near the bottom, append " B" to all the wrapper.console.title and wrapper.ntservice.* property values.
Now, open a Command Prompt as Administrator (to bypass the world's most annoying software 'feature', UAC) and CD into the following folder:
D:\Agent-B\bin
Now run:
service.install.bat
Check the outcome. Check that the new service appears in Windows. Start it. Wait for it to come online and authorize it in TC web UI if needed.
Done.

How do I disable Windows reboot regardless of install state?

I am currently writing a batch file that, among other things, performs an unattended install of .net, IIS, MSSQL, MSSQL SP2, flash, installs some proprietary software, and lastly makes a ton of environment changes on a Windows server 2008 or 2012 platform. All of this is done in one shot.
The script works awesome except in one situation: if Windows is in a partially updated state, perhaps needing a reboot, .net or IIS will force me to reboot regardless of whether I have the /norestart switch to DISM or not.
Is there a way to, within the batch file, disable any need for a reboot to the point that DISM and/or SQL install will not ask or require it? Or, less favorable, the means to determine from a batch file if a reboot is needed? I don't like it but I could do a check and force a shutdown -r if needed.
Thanks for your help.
Different programs detect the necessity to restart OS differently, one of the most popular methods is checking HKLM\SYSTEM\CurrentControlSet\Control\Session Manager -> PendingFileRenameOperations value.
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v PendingFileRenameOperations >nul
if errorlevel 1 (
echo OK
....proceed with stuff
) else (
echo Restart is required
pause
exit
)
Although you can temporarily delete this value after dumping its contents to a reg file and later reimporting but this is very likely to break your system unless you combine the old contents with the freshly added one in historic sequence (the old, the new, maintaining versions and stuff), which would require a vbs or powershell code or some utility.

How do I schedule an install to happen on the next reboot using MSI?

We have an MSI installer (created using Wix) which is setup to be able to perform upgrades. Our clients are using it to upgrade our application on multiple machines at once using an SMS package running msiexec in silent mode.
The problem with this is that some of their users will still be running our application at the time the installer is run. We don't want to kick these users off, and running the install while they are using the app invariably breaks things.
Our ideal solution would be for the install to be scheduled to happen the next time the machine boots up.
This is a fairly hefty list of requirements, but does anyone know how I could achieve this or where I might look next?
You could add a value to the registry under HKLM\software\microsoft\windows\currentversion\RunOnce and it will run the next time a user logs on.
Windows Installer automatically detects files in use. Also, during a silent installation it handles them automatically:
files which are not in use are overwritten
files in use are scheduled for update after a reboot
As you can see, this is somewhat problematic because some files are updated and some file are not.
A good solution is to set REBOOTPROMPT property to "S". This way the target machine is automatically rebooted after install.
Unfortunately MSI packages cannot detect running processes, stop the install and schedule it at the next reboot. This could be done only with a custom EXE bootstrapper.

Why does InstallShield ask for a restart?

I have an installshield installer that works fine under normal circumstances. But when I run it while a particular software is running, the installer asks for a restart at the end.
Now on some research I have come to learn that a restart is asked only when the installer wants to modify files that are currently locked by other processes.
Is there anyway that I can find out which is the file installsheild wants to modify? (but cannot because it is locked by another process)
I would also like to know if it is only file modifications that affect the restart/no restart or is it also associated with registry key modifications.
You can use WhyReboot after the setup, it will show you pending reboot file and registry keys that could not be modified during the setup.
You tagged your question with "windows-installer", so I'm assuming you're using InstallShield to author an MSI installer.
Run the other software app, do a complete log of your install, like:
msiexec -i file.msi -l*vx test.log
In the resulting log, look for all lines containing "RESTART MANAGER". You will get more data on what is prompting for the reboot.
In my case, my installshield project had a "RebootPrompt" User Interface at the end of the Installation sequence with a condition "NOT INSTALLED". So all new installations would always show that Reboot prompt even if not needed.

How to uninstall a windows service and delete its files without rebooting

My current project involves deploying an upgraded .exe file that runs as a Windows Service. In order to overwrite the existing .exe with the new version, I currently need to:
Stop the service
Uninstall the service
Reboot the system (so Windows releases it's hold on the file)
Deploy the new .exe
Reinstall the service
Start the upgraded service.
I'd like to avoid the reboot, so that this can be a fully scripted/automated upgrade.
Is there any way to avoid rebooting? Maybe a command-line tool that will force Windows to give up it's death grip on the old .exe?
sc delete "service name"
will delete a service. I find that the sc utility is much easier to locate than digging around for installutil. Remember to stop the service if you have not already.
I had sort of the same problem as you. I have a system service that i want to uninstall and afterwards reinstall as part of an update. On certain systems this would not work without a reboot. The problem was that a call to DeleteService() would return ok, but the following call to CreateService() would tell me the service was still there, but marked for deletion (error code 1072). The registry would reflect that, since the subkey was still there (under HKLM\System\CurrentControlSet\Services), but "DeleteFlag" was set to 1. From that point on, only a reboot could fix the situation.
Some things that don't work:
Using "sc delete": it had the same problems as I. The call would return ok, but the service was not really gone and still in the registry with DeleteFlag = 1.
Deleting the key in the registry. The Service Manager seems to keep a database in memory and the registry is just a copy of it for the next boot.
Adding wait loops, waiting for .exe files to be ready to be overwritten, killing the process, etc.
Closing handles to the service. Which ones??
But here is what worked:
I noticed in some articles here on stackoverflow that net.exe has start/stop features as well (I only knew of sc.exe utility). And strangely enough, a "net stop svcname" plus a "sc delete svcname" worked! So net.exe must do something I don't do.
But net.exe doesn't contain an import to ControlService(), so how does it stop the service? I found out that net.exe spawns net1.exe, but net1.exe doesn't import ControlService() as well. I used the great API Monitor utility ( http://www.rohitab.com/apimonitor ) to see what net1.exe is doing, but it never called anything that looked promising.
But then I saw that it imports NetServiceControl() from NETAPI32.DLL (that had at least "Service" in its name!). MSDN says that this function is obsolete. Nevertheless, I found the prototype in LMSvc.h and some parameter description here: http://cyberkinetica.homeunix.net/os2tk45/srvfpgr/369_L2_NetServiceControlorN.html . When you load NETAPI32.DLL and use NetServiceControl(NULL, service_name, 3, 0, 0) (3 is for SERVICE_CTRL_UNINSTALL, which is used to stop) the service is stopped afterwards. And it can be deleted and reinstalled afterwards without DeleteFlag or reboot!
So it was never a problem of deleting, but of stopping the service properly. And NetServiceControl() does the trick. Sorry for the long post, but I thought it might help someone with similar problems. (Just for reference, I use Win7 SP1 x64.)
Are you not able to stop the service before the update (and restart after the update) using the commands below?
net stop <service name>
net start <service name>
Whenever I'm testing/deploying a service I'm able to upload files without reinstalling as long as the service is stopped. I'm not sure if the issue you are having is different.
If in .net ( I'm not sure if it works for all windows services)
Stop the service (THis may be why you're having a problem.)
InstallUtil -u [name of executable]
Installutil -i [name of executable]
Start the service again...
Unless I'm changing the service's public interface, I often deploy upgraded versions of my services without even unistalling/reinstalling... ALl I do is stop the service, replace the files and restart the service again...
As noted by StingyJack and mcbala, and in reference to comments made by Mike L, my experience is that on a Windows 2000 machine, when uninstalling / reinstalling .Net services, "installutil /u" does require a reboot, even when the service was previously stopped. "sc /delete", on the other hand, does not require a reboot - it deletes the service right away (as long as it is stopped).
I have often wondered, actually, whether there is a good reason "installutil /u" requires a reboot... Is "sc /delete" actually doing something wrong / leaving something hanging?
Both Jonathan and Charles are right... you've got to stop the service first, then uninstall/reinstall. Combining their two answers makes the perfect batch file or PowerShell script.
I will make mention of a caution learned the hard way -- Windows 2000 Server (possibly the client OS as well) will require a reboot before the reinstall no matter what. There must be a registry key that is not fully cleared until the box is rebooted. Windows Server 2003, Windows XP and later OS versions do not suffer that pain.
(so Windows releases it's hold on the
file)
Instead, do Ctrl+Alt+Del right after the Stop of the service and kill the .exe of the service. Than, you can uninstall the service without rebooting. This happened to me in the past and it solves the part that you need to reboot.
Should it be necessary to manually remove a service:
Run Regedit or regedt32.
Find the registry key entry for your service under the following key:
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services
Delete the Registry Key
You will have to reboot before the list gets updated in services
I am using the InstallUtil.exe packed with .NET Framework.
The usage to uninstall is: InstallUtil '\path\to\assembly\with\the\installer\classes' /u so for example: installutil MyService.HostService.exe /u
The /u switch stands for uninstall, without it the util performs normal installation of the service. The utility stops the service if it is running and I never had problems with Windows keeping lock on the service files. You can read about other options of InstallUtil on MSDN.
P.S.:if you don't have installutil in your path variable use full path like this: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\MyServiceFolder\MyService.HostService.exe" /u or if you need 64bit version it can be found in 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\' .The version number in path varies depending on .NET version.
My batch file to stop and delete service
#echo off
title Service Uninstaller
color 0A
set blank=
set service=blank
:start
echo.&echo.&echo.
SET /P service=Enter the name of the service you want to uninstall:
IF "%service%"=="" (ECHO Nothing is entered
GoTo :start)
cls
echo.&echo.&echo We will delete the service: %service%
ping -n 5 -w 1 127.0.0.1>nul
::net stop %service%
ping -n 2 -w 1 127.0.0.1>nul
sc delete %service%
pause
:end

Resources