This is the whitelisting mod for wsusou's installer. It checks the missing updates against the whitelist and temporarily excludes every update, which is not whitelisted, so it does not get installed. (tested with wsusou 9.6 & 9.6+ (r664); tested on Windows 7 x86 & x64)
.\client\cmd\custom\FinalizationHook.cmd
- Code: Select all
@echo off
rem delete the custom-ExcludeList created by the InitializationHook
echo WL: FinalizationHook started
echo WL: Removing auto-generated custom-ExcludeList...
del /q ..\..\exclude\custom\ExcludeList.txt>nul
rem restore the ExcludeList, which existed before...
if exist ..\..\exclude\custom\ExcludeList.txt.bak (
echo WL: Restoring original custom-ExcludeList...
ren ..\..\exclude\custom\ExcludeList.txt.bak ExcludeList.txt
)
echo WL: FinalizationHook finished
.\client\cmd\custom\InitializationHook.cmd
- Code: Select all
@echo off
echo WL: InitializationHook started
rem do the checks, wsusou would do (but we're hooking before)
if exist %SystemRoot%\Sysnative\cscript.exe (
set CSCRIPT_PATH=%SystemRoot%\Sysnative\cscript.exe
) else (
set CSCRIPT_PATH=%SystemRoot%\System32\cscript.exe
)
if not exist %CSCRIPT_PATH% (exit /b 1)
echo WL: Checking user's priviledges...
if not exist ..\..\bin\IfAdmin.exe goto NoIfAdmin
..\..\bin\IfAdmin.exe
if not errorlevel 1 goto NoAdmin
rem Determine OS
echo WL: Determining system's properties...
%CSCRIPT_PATH% //Nologo //B //E:vbs ..\DetermineSystemProperties.vbs
if errorlevel 1 goto NoSysEnvVars
if not exist "%TEMP%\SetSystemEnvVars.cmd" (exit /b 2)
call "%TEMP%\SetSystemEnvVars.cmd"
del "%TEMP%\SetSystemEnvVars.cmd"
if "%OS_ARCH%"=="" (
if /i "%PROCESSOR_ARCHITECTURE%"=="AMD64" (set OS_ARCH=x64) else (
if /i "%PROCESSOR_ARCHITEW6432%"=="AMD64" (set OS_ARCH=x64) else (set OS_ARCH=x86)
)
)
call ..\SetTargetEnvVars.cmd
rem start wuauserv
echo WL: Checking state of "wuauserv"...
%CSCRIPT_PATH% //Nologo //B //E:vbs ..\DetermineServiceState.vbs wuauserv AUSVC
if not exist "%TEMP%\SetServiceState.cmd" goto IH_ListMissingIds
call "%TEMP%\SetServiceState.cmd"
del "%TEMP%\SetServiceState.cmd"
if /i "%AUSVC_STATE%"=="Running" goto IH_ListMissingIds
if /i "%AUSVC_STATE%"=="Start Pending" goto IH_ListMissingIds
if /i "%AUSVC_STATE%"=="Unknown" goto IH_ListMissingIds
if /i "%AUSVC_STATE%"=="" goto IH_ListMissingIds
if /i "%AUSVC_SMODE%"=="Disabled" (exit /b 3)
echo WL: Starting "wuauserv"...
%SystemRoot%\System32\net.exe start wuauserv >nul
rem List missing updates
:IH_ListMissingIds
echo WL: Listing Ids of missing updates...
if not exist ..\..\wsus\wsusscn2.cab (exit /b 4)
copy /Y ..\..\wsus\wsusscn2.cab "%TEMP%" >nul
%CSCRIPT_PATH% //Nologo //B //E:vbs ..\ListMissingUpdateIds.vbs %LIST_MODE_IDS%
if exist "%TEMP%\wsusscn2.cab" del "%TEMP%\wsusscn2.cab"
for %%i in ("%TEMP%\MissingUpdateIds.txt") do if %%~zi==0 del %%i
if not exist "%TEMP%\MissingUpdateIds.txt" (exit /b 0)
echo WL: Reading KB-numbers...
if exist "%TEMP%\MissingWUAIds.txt" del "%TEMP%\MissingWUAIds.txt"
for /f "tokens=1 delims=," %%i in (%TEMP%\MissingUpdateIds.txt) do (
echo %%i>>%TEMP%\MissingWUAIds.txt
)
if exist "%TEMP%\MissingUpdateIds.txt" del "%TEMP%\MissingUpdateIds.txt"
rem compare against whitelist
echo WL: Comparing against whitelist...
if not exist "..\..\static\custom\WhiteList-%OS_NAME%-%OS_ARCH%.txt" (exit /b 5)
%SystemRoot%\System32\findstr.exe /L /I /V /G:"..\..\static\custom\WhiteList-%OS_NAME%-%OS_ARCH%.txt" "%TEMP%\MissingWUAIds.txt" >"%TEMP%\CustomExcludeList.txt"
if exist "%TEMP%\MissingWUAIds.txt" del "%TEMP%\MissingWUAIds.txt"
if not exist "%TEMP%\CustomExcludeList.txt" (exit /b 6)
rem write custom-ExcludeList
if exist ..\..\exclude\custom\ExcludeList.txt (
echo WL: Parsing existing custom-ExcludeList...
ren ..\..\exclude\custom\ExcludeList.txt ExcludeList.txt.bak
type ..\..\exclude\custom\ExcludeList.txt.bak >..\..\exclude\custom\ExcludeList.txt
)
echo WL: Writing new custom-ExcludeList...
type "%TEMP%\CustomExcludeList.txt" >>..\..\exclude\custom\ExcludeList.txt
if exist "%TEMP%\CustomExcludeList.txt" del "%TEMP%\CustomExcludeList.txt"
echo WL: InitializationHook finished
The whitelist has to be in .\client\static\custom and named "WhiteList-<platform>-<arch>.txt. It currently supports all Windows versions supported by wsusou.
viewtopic.php?f=7&t=3848An example whitelist would be:
.\client\static\custom\WhiteList-w61-x86.txt
- Code: Select all
2479943
2491683
2503665
2506212
2509553
2510531
2511455
2532531
2536275
2536276
2538243
2544893
2560656
2564958
2570947
2579686
2585542
2604115
2619339
2620704
2621440
2631813
2653956
2654428
2656356
2667402
2676562
2685939
2690533
2698365
2705219
2712808
2727528
2729452
2736422
2742599
2758857
2770660
2789645
2803821
2807986
2813347
2813430
2839894
2840149
2840631
2841134
2847927
2861698
2862152
2862330
2862335
2862973
2864202
2868038
2868626
2871997
2884256
2887069
2892074
2893294
2894844
2900986
2911501
2918614
2931356
2937610
2939576
2943357
2957189
2957509
2961072
2965788
2968294
2972100
2972211
2972280
2973112
2973201
2973351
2976897
2977292
2978120
2978668
2978742
2979570
2981580
2984972
2991963
2992611
2993651
982861
Don't forget the empty line (CR LF) at the end of the file.
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to keep or sell it.
aker
WSUS Offline Update „Community Edition“
https://gitlab.com/wsusoffline/wsusoffline/-/releases