I am developing a script that gets deployed and executed on a server (so it is as if I am running it locally and not remote).
I need to check to see if all critical updates are installed. Each server has a WSUS server managing its updates. Is there a way for me to do this with VBScript.
I was looking at this post,
Windows Update Check with vbscript
but I don't know if it will help me since I'm not too familiar with how windows update works, but I only need critical updates.
If I follow the method that the selected answer in the post I linked, will
CreateObject("Microsoft.Update.Session")
work if WSUS is managing updates? What do I use to only grab updates that WSUS deems critical?
The Microsoft.Update.Session object will query whatever update server a host is pointed towards, be it Microsoft's servers or a local WSUS. It reports only approved updates that apply to the host.
Related
I would like to know if Informatica can be used on Windows system ? If so what are the prerequisites?
Both the previous answers are wrong.
Windows 10 is supported for installing the client tools only.
For exact details which Windows server versions are supported, please log on (after initial sign-up if you haven't already done so) to the Informatica Network at https://network.informatica.com ; there's a section named Product Availability Matrices, here you find for each PowerCenter version the so-called Product Availability Matrix (PAM) indicating which Windows versions are supported for server installation and for client installation. You need both, and you can install both on the same Windows server system.
I won't go into this ugly ancient flame war here. Be it enough to say that some people managed to install the server part on Windows 10, but very few ever made it work reliably (in most cases the installation seems to work but doesn't, at latest after the next system restart). I wouldn't waste one single second trying to do so, it's not worth the time.
Thank you in advance for considering this question. If a similar question existed, I was unable to find it.
The Issue: Our company packages an application into an MSI. This MSI when installed outside of any GPO properly updates, blocks attempts to downgrade (or move from a higher revision to a lower revision), and never has trouble uninstalling previous versions of the application regardless of how long ago those versions were created/installed. For example, we can install version 1.2.3 and then install version 2.3.4 and the application will properly install without issue. However, we work with a customer who uses GPO to deploy our application to hundreds of PC's. Each time we have provided an updated version of the application the following has been indicated:
On any machine where a previous version of our application was installed via GPO, no matter what the previous version is, the update successfully installs without issue.
On a machine where the application was manually installed (outside of the GPO), and an attempt to update the application via GPO is made - either the application is installed in addition to the old version, OR there remain registry keys to the previous version of the application and the application cannot open/run correctly. In this case the registry keys must be manually removed, and the install is then attempted again from a clean machine.
What we know is that on any machine where the application was originally installed via GPO - updating the application is no problem. On every machine where the application was not installed with the GPO in the first place, updating via GPO fails with one of the problems presented above.
My question is: Is there a technical issue with how the installation is being handled partially through the GPO and partially outside? Does the GPO need to be responsible for the entire life-cycle of the application? OR is it a reasonable expectation that the application be updated both on machines where the original version was manually (outside the GPO ) installed, and when it was installed initially from within the GPO?
One solution we are aware of is simply having all computers manage the application life-cycle (since we know updates work in that environment already), however this would mean that many computers would need to have the manually installed versions removed by hand - and then properly handle the installation through GPO which is an extensive bit of work.
We would greatly welcome any solutions, references to technical documentation that formally shed light on the proper management or expectations here, or links to information. Our research suggests that it is "best" to manage the entire applications life-cycle inside the GPO - but I have as of yet been unable to determine that it is 100% necessary to do so.
Looking forward to any assistance. If any further technical details are required to help the viability of the question, please don't hesitate to request such details.
If you end up with two versions installed in Control Panel, then all other things being correct, the most likely explanation is that you upgraded a per user install with a per machine install (or vice versa). In the GPO world that's related to assigning it to a user or to the computer, something like that. That's easy to verify by getting a verbose log and checking the FindRelatedProducts actions for an indication that another product was found but in a different context.
When you're in GPO mode all the time, I assume each one (whether it's per user or per machine) is consistent, therefore upgrades always work, but they don't work cross-context.
I believe GPO suppresses the UI in most cases, and the UI (or the UI sequence) is sometimes where per user/per machine is set. That might be something else that would cause it, depending on how the GPO publishes to the computer or the user.
Environment:
I work in a lab that tests software against multiple domain configurations. I currently have 8 domains with no cross-domain trust. They each have a WSUS server that talks to our primary NOC WSUS Server. Other than talking to the primary WSUS server, there is no communication from one domain to the other. I cannot change GPO settings or install any software that isn't already installed. The domains range from Windows XP with Server 2003 to Windows 7 with Server 2008. Each domain has anywhere between 8-20 servers and 3-5 workstations.
I have a machine that can talk to each of the servers in all of the domains, and can also talk to the primary WSUS server. I primary work with PowerShell, but I'm not opposed to another language if it makes what I'm trying to do easier. I have PowerShell 2.0 installed, but I can easily installed PowerShell 3.0 if needed.
Scenario:
I am charged with checking if patches have been installed on each of the servers. This testing cannot rely on WSUS's built in reporting tools, per requirements I cannot change. I would receive a list of patches, and I need to check each server to see if the patches are installed. Since the patches can be anything from Windows XP to Server 2008, I also need to check if the patch is applicable to the server itself. I have tried to use PoshWSUS to check for applicability, but I cannot get a connection to the Primary WSUS server because of either IIS rules or a Firewall rule. I have search online, and followed several guides, but this WSUS's setup is very customized, and I can only do so much to the server itself.
Example:
I have the following Patches:
KB2604092
KB2676562
KB2686509
I want to check the following server:
DC01: A Windows Server 2008 Domain Controller
I am currently using the following PowerShell command to test if they are installed:
Get-HotFix -ID "KB2604092","KB2676562","KB2686509" -ComputerName DC01
This command shows the following patches are installed:
KB2676562
KB2686509
Leaving the following uninstalled:
KB2604092
This correctly tells me that KB2676562 and KB2686509 are installed, but it doesn't tell me if KB2604092 missing, or not applicable.
What I am stuck on is how to verify that KB2604092 is not applicable to DC01. I can easily search Microsoft's site to verify it is only for Windows Server 2003 or Windows XP, but how can I check it's applicability via a script. I would love to find a way to scrap the Microsoft KB article for the data, but I don't know how to pull the required information from the web page. I assume there has to be a check within WSUS to check applicability, but I don't know where to look for something like that.
Edit:
I forgot to mention, I have no control over what patches are approved, that is done by an outside company.
Well for security patches, Microsoft publishes a a spreadsheet that lists the all security bulletins since 1998. You can download from this page. (Direct link to spreadsheet)
You could then parse that spreadsheet (if you convert it to a CSV file, that would be easy to parse in powershell). It gives you all the information you are asking about.
If you're only interested in whether the update is applicable to the corresponding operating system, IUpdate.ProductTitles should give you the information you need.
There are more complicated cases, such as where an update is applicable only if a certain system component is installed. I don't think there's any way to handle those cases automatically.
Trying to install Redmine on Windows 8 on this tutorial. Getting this errors:
Tried Bitnami's installer too, but I already have IIS Web Server and don't need the bundled Apache webserver. The installer doesn't give me to choose it's components. It installs Apache by default. So, Bitnami's Redmine is not for me.
What am I missing?
Is there any other good bug & request tracking software? Please don't Google and advise me to some random results. Advise something that you used and really good as Redmine
Once you get the error above, make sure that new WebSite's AppPool has write access to site's folder on the harddrive to complete the install process.
Then open the website in a browser and the installation will complete.
Set security accordingly after the install completes.
Use WebIssues multi-platform bug & request tracking software that fits all your needs instead of Redmine.
WebIssues is an open source, multi-platform system for issue tracking and team collaboration. It can be used to store, share and track issues with various attributes, comments and file attachments. It is easy to install and use but has many capabilities and is highly customizable.
Main features:
The Desktop Client application can run natively on Windows, Linux
and OS X
The Web Client can be used to access the system using a web browser
The server can be installed on any host with PHP 5.2 or newer and
MySQL, PostgreSQL or SQL Server
Issues can be filtered using public and personal views with
configurable filtering criteria
Email notifications can be sent and the Desktop CLient can
periodically check for new and modified issues meeting various
criteria
Various reports can be printed directly from the Desktop Client or
exported as HTML and PDF documents
I have a requirement where I need to check Remote Servers to see if all of their Critical updates are installed and then return PASS or FAIL.
Is there a way with WMI for me to do this with VBScript?
EDIT:
I did find this
Windows Update Check with vbscript but it only works on the local machine and not remote.
This link with UpdateHF_v2.6a.vbs by Rob Dunn is made to work with all versions of Windows. It's made with VBS to use WMI, and works on local and remote hosts.. I've been using 2.5a for years. There is no changelog, though Rob is updating the script in response to feedback.
http://community.spiceworks.com/scripts/show/82-windows-update-agent-force-script-email-results-version-2-6
If you need "wrappers" to do this in bulk using a list of computers and psexec to run it, let me know. :)