too many updates, how to select ONLY CRITICAL

too many updates, how to select ONLY CRITICAL

Postby Melancho » 06.02.2016, 23:36

Hi and thanks for this program!

Years ago I used http://forums.mydigitallife.info/thread ... e0ed359c34
for updates after installation and those packages had a "critical" directory, so that installing only critical patches was easy.

Is there a way to do this with WSUS? I downloaded updates and there is a lot of stuff in the glb directory I don't want, like .NET patches and IE. However, it's too many to do through manually, especially because the KB description needs to be searched and correlated manually.

Again, I'd like only critical updates and then I want to read about their reason. Any possibility to do this with WSUS? Any ideas of how to get a list of the downloaded updates with their respective KB description?

Thanks a lot!
Melancho
 

Re: too many updates, how to select ONLY CRITICAL

Postby aker » 07.02.2016, 10:37

:arrow: viewtopic.php?f=7&t=172
This topic should explain, how wsusou works. wsusou will just install updates, which are declared as security-relevant by MS.
But also compontent as .NET & IE are security-relevant even if you don't use them. They are more a framework used by different system components than single applications. You might be able to remove the frontend, but the backend still exists and needs to be updated.

If you still want to exclude the updates, you have to search for the KB-numbers and write them into .\client\exclude\custom\ExcludeList.txt.
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to keep or sell it.
aker

WSUS Offline Update „Community Edition“
https://gitlab.com/wsusoffline/wsusoffline/-/releases
aker
 
Posts: 3999
Joined: 02.03.2011, 15:32

Re: too many updates, how to select ONLY CRITICAL

Postby Melancho » 08.02.2016, 04:17

Thanks aker! I had read that before posting.

I know what M$ wants and what is officially supported. I want something else and different and am looking for an easy way.
If anyone knows how to quickly select only critical updates or delete/exclude all others I'd thank him! Otherwise my systems will stay unpatched as they have for years.
Melancho
 

Re: too many updates, how to select ONLY CRITICAL

Postby aker » 08.02.2016, 11:36

You may try this script (modified version of .\lient\cmd\ListMissingUpdateIds.vbs):
Code: Select all
' *** Author: T. Wittrock, Kiel ***
' some mods by aker

Option Explicit

Dim wshShell, objUpdateService, objUpdateSearcher, objSearchResult, objUpdate, objIDFile
Dim strTextFileName, strArgument

Set wshShell = WScript.CreateObject("WScript.Shell")
strTextFileName = "MissingUpdateIds.txt"
If WScript.Arguments.Count = 0 Then
  strArgument = ""
Else
  strArgument = WScript.Arguments(0)
End If

Set objUpdateService = CreateObject("Microsoft.Update.ServiceManager").AddScanPackageService("Offline Sync Service", "wsusscn2.cab")
Set objUpdateSearcher = CreateObject("Microsoft.Update.Session").CreateUpdateSearcher()
objUpdateSearcher.ServerSelection = 3 ' ssOthers
objUpdateSearcher.ServiceID = objUpdateService.ServiceID
If LCase(strArgument) = "/all" Then
  Set objSearchResult = objUpdateSearcher.Search("Type='Software'")
Else
  Set objSearchResult = objUpdateSearcher.Search("Type='Software' and IsInstalled=0 and IsHidden=0")
End If

If objSearchResult.Updates.Count > 0 Then
  Set objIDFile = CreateObject("Scripting.FileSystemObject").CreateTextFile(strTextFileName, True)
  For Each objUpdate In objSearchResult.Updates
    If objUpdate.KBArticleIDs.Count > 0 Then
      objIDFile.Write(objUpdate.KBArticleIDs.Item(0))
    End If
    objIDFile.WriteLine("," & objUpdate.Identity.UpdateID & "," & objUpdate.Title)
  Next
  objIDFile.Close
End If
WScript.Quit(0)


Save this file as ".vbs" file on your Desktop, copy .\client\wsus\wsusscn2.cab to your Desktop,too. Then run the script as administrator. It should generate a file called "MissingUpdateIds.txt", which should contain the update names, too.
WARNING: I didn't test it, but according to :arrow: https://msdn.microsoft.com/en-us/librar ... 85%29.aspx it should work.
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to keep or sell it.
aker

WSUS Offline Update „Community Edition“
https://gitlab.com/wsusoffline/wsusoffline/-/releases
aker
 
Posts: 3999
Joined: 02.03.2011, 15:32


Return to Installation / Updating

Who is online

Users browsing this forum: No registered users and 42 guests