forums.wsusoffline.net

[jaylow]

Back in 2011... I saw a very interesting post on this forum. A user had written a multiple file script that enabled him to run wsusoffline remotely via a dedicated server. He could put a list of computers in a text file and it would go through them and run wsusoffline on each via PsTools... psexec specifically.

I can not find the post. I believe I viewed it back in October 2011... and it was a few months old... possibly written in May 2011. I believe it was a sticky post.

I can not find it on here anymore.

Does anyone know which post I am talking about?

It had the code for each of the files separated in the post itself... you had to copy and paste the code into the files manually.

The user said he was in charge of patching a large number of systems... and he used this method. His branch was one of the best looking branches from a vulnerability perspective.

[aker]

I know, what post you mean, but I can't find it anymore, too. But I will upload the scripts (untouched) in this topic.

SvrFinder.bat

Code: Select all

@ECHO OFF
:: incoming parameter: 1=targetcomputername
:: below sets the incoming parameter 1 as the target var to pass it in to the :svrtest sub
:: when the move-n-start sub finishes, it returns to clean up this window and release control
:: back to launcher.bat to find the next computer target
set target=%1
call :svrtest
cls
exit

:svrtest
:: this for loop reads the activesvrs.txt file, selecting each sequentially from the activesvrs.txt file
:: then it checks whether the server-free flag exists for that server and if it does, calls :movnstart sub
:: if no server-free flag exists for any server in the txt file, it returns to top and loops servers again
:: ad infinitum...so...this could potentially run away forever.  Building in a kill here is the next step.
:: this for loop also sets wsusopath and svrfriend vars based on the activesvrs.txt file.
for /F "tokens=2-3 delims=," %%a in ( activesvrs.txt ) do ( if exist svrflags\free\_%%b.tmp ( ( set wsusopath=%%a) & ( set svrfriend=%%b) & (call :movnstrt) & ( goto :eof) ) )
goto svrtest

:movnstrt
:: this sub activates when a server-free flag is found. It moves the flag to busy directory, and starts
:: the svrengine.bat script passing the path to the WSUSOffline share, the servernickname & the target computer
move /y svrflags\free\_%svrfriend%.tmp svrflags\busy
start "_%svrfriend%" /min svrengine.bat %wsusopath% %svrfriend% %target%
goto :eof


SvrEngine.bat

Code: Select all

@echo off
:: incoming parameters - 1=wsusoffline share path & 2=servernickname & 3=computername
:: the next for loop makes an 8 digit date for logging MMDDYYYY and sets it as the car dateline
:: you can change it to meet your nomenclature - depending on how the DATE command responds,
:: it may already be correct...you could have to massage it a little
for /F "tokens=2-4 delims=/ " %%d in ('date /t') do set dateline=%%d%%e%%f
:: the following command checks for existance of log dir for the current dateline & creates it if absent
if not exist c:\wsusologs\%dateline%\%2\NUL md c:\wsusologs\%dateline%\%2
:: this command copies the batch file to launch the wsuso commands on the remote computer
xcopy %1\wsusoffline.bat \\%3\c$ /Y
:: the PSEXEC kicks off the batch on the target computer
:: in put your credentials here - keep in mind this is sent as plaintext.  I don't yet have a way
:: to avoid that.  The file copied to the target computer has no sensitive information, only files
:: housed on the distribution computer contain such data
psexec \\%3 -u <USERNAME> -p <PASSWORD> cmd /c c:\wsusoffline.bat
:: once wsusoffline process is complete, this copies the log file to the specified dir on the distro comp
:: then deletes the single session log (the logging batch actually writes the single session log to a
:: running log of all WSUSOffline updates on the target computer)
xcopy \\%3\c$\%3_wsuso.log c:\wsusologs\%dateline%\%2 /Y /I
del \\%3\c$\%3_wsuso.log
:: now that the wsusoffline server is finished, it moves the flag to free so it can recieve a new job
:: the screen is cleared and the cmd window is exited, returning to svrfinder then to launcher
move /y svrflags\busy\_%2.tmp svrflags\free
cls
exit


launcher.bat

Code: Select all

:: next two lines delete existing tmp flags and the following line creates a set of flags in svrflags\free
:: based on the activesvrs.txt entries.  Keep in mind that if there are hot servers currently running WSUSO
:: this action will result in another job being sent to them.  This may or may not cause problems with
:: contention.  This can be levied programatically, but that is the next step of development...
del svrflags\busy\*.* /y
del svrflags\free\*.* /y
:: activesvrs.txt is a comma separated list of the WSUSOffline servers in this format:
:: netname,path_to_wsuso_share,nickname_of_your_choice<CR>
:: the command below creates a temp file to flag whether a job is being performed on the server allowing you
:: to change the activesvrs.txt file to reflect new or removed-from-rotation servers
for /F "tokens=3 delims=," %%i in ( activesvrs.txt ) do type nul>svrflags\free\_%%i.tmp
:: the command below reads the target.txt file (a list of computers to run WSUSOffline against) and sets the
:: var targcomp to the netname on each pass, then calls the ping subroutine
for /F %%z in ( target.txt ) do ( ( set targcomp=%%z) & ( call :pingsub) )
goto :eof

:pingsub
:: this sub pings the target computer & if responds, calls :dothis sub.  If no response, it returns to the for loop to select another target
ping -n 1 %targcomp%
if %errorlevel%==0 call :dothis
goto :eof

:dothis
:: this sub starts the svrfinder batch with the target computername as parameter1, which looks for a free
:: wsuso server to distribute the target this script WAITS THERE until the server finder releases the job
:: to a free server, then this script resumes, returning to the for loop to select a new target
start /wait SvrFinder.bat %targcomp%
goto :eof


ActiveServers.txt

Code: Select all

server1,\\server1\wsus_offline,svr1
server2,\\server2\wsus_offline,svr2
server3,\\server3\wsus_offline,svr3


WSUSOffline.bat

Code: Select all

@echo off
echo --------------------------------------------------------------------------------- >> c:\%computername%_wsuso.log
echo --- %date% %time% WSUS Offline Update started - Host SERVERNAME --- >> c:\%computername%_wsuso.log
pushd \\SERVERNAME\WSUSOSHARE\client
cmd /c cmd\DoUpdate.cmd /nobackup /updatetsc /updatewmp >> c:\%computername%_wsuso.log
popd
echo -------------------- WSUS Offline Complete - Host SERVERNAME -------------------- >> c:\%computername%_wsuso.log
echo --------------------------------------------------------------------------------- >> c:\%computername%_wsuso.log
echo   >> c:\%computername%_wsuso.log
type c:\%computername%_wsuso.log >> c:\wsusoffline.log


Target.txt

Code: Select all

computername1
computername3
computername2
computername4
computername5


WSUSOffline.log

Code: Select all

[jaylow]

Wow! Thanks!