Seconly Mistake

Re: Seconly Mistake

Postby Robou » 21.08.2017, 19:47

This is how I do it. A bit primitive, but it serves the purpose, for me anyway.
Code: Select all
::Should work in Windows 7 through Windows 10, most languages.
::The WSUS variable should reflect the correct location.
@echo off
set WSUS=F:\WsusOffline\client
cd /d %WSUS%
for /f %%x in ('wmic path win32_localtime get /format:list ^| findstr "="') do set %%x
if "%Month%"=="1" set Month=January
if "%Month%"=="2" set Month=February
if "%Month%"=="3" set Month=March
if "%Month%"=="4" set Month=April
if "%Month%"=="5" set Month=May
if "%Month%"=="6" set Month=June
if "%Month%"=="7" set Month=July
if "%Month%"=="8" set Month=August
if "%Month%"=="9" set Month=September
if "%Month%"=="10" set Month=October
if "%Month%"=="11" set Month=November
if "%Month%"=="12" set Month=December
set check=%Month% %Year%
findstr /I /C:"%check%" "%WSUS%"\exclude\HideList-seconly.txt > nul
if errorlevel 1 goto mishap
UpdateInstaller.exe
goto end
:mishap
cls
color 0C
echo.
echo.
echo The files needed to prevent download of the Quality Rollup
echo have not been updated this month.
echo.
::Concerning Windows 7 only
echo The files^:
echo %WSUS%\exclude/HideList-seconly.txt and
echo %WSUS%\static/StaticUpdateIds-w61-seconly.txt
echo should be updated by yourself with the appropriate lines or
echo try running UpdateGenerator.exe at a later time.
pause
:end
exit
Robou
 
Posts: 8
Joined: 18.08.2017, 10:30

Re: Seconly Mistake

Postby hbuhrmester » 22.08.2017, 00:30

A simple comparison for the month and year may not be sufficient.

The update rollups are released on the official patch day, which is the second Tuesday each month.

This month, the update rollups were released on August 8, 2017, which is the earliest possible date.

In March, they were released on March 14, 2017, which is the latest possible date.


So the official patchday is between the 8th and the 14th day each month. The configuration files cannot be updated earlier.



My idea would be to extract the kb numbers from the configuration files, sort them and get the highest kb number.

Then extract the kb numbers from the actual downloads. If these numbers are higher than the highest number from the configuration files, then the configuration files need to be updated.
hbuhrmester
 
Posts: 244
Joined: 11.10.2013, 20:59

Re: Seconly Mistake

Postby Robou » 22.08.2017, 09:57

The script covers this. If one performs a download before the patchday month/year will be missing so the warning in red appears. In here amongst others one is advised to download at a later date.
But to be honest, people who use WsusOffline in general will know better than at random starting a lenghty download procedure before patchday.

There is nothing the script does but starting UpdateInstaller.exe which you can exit, so feel free to try it out. When you change the check variable in i.e. "May 2017" you will notice a positive result.
The most important is to avoid a Quality Rollup being installed, because being cumulative, it renders all the precautions taken so far useless. Until the Admin has build in a similar check in the program, and may be even then, I will stick to using the script in order to prevent all the extra labour of uninstalling of which the results are doubtful.

To the point: By adding the seconly parameter also a responsibility was added to the maintenance of the program. A (weak) attempt is proposed which will work as long as nothing is changed in the construction concerning the Hidelist-seconly.txt.
Robou
 
Posts: 8
Joined: 18.08.2017, 10:30

Re: Seconly Mistake

Postby Robou » 23.08.2017, 13:41

The screen message produced by my script is incorrect.
Instead of suggesting to edit \static\StaticUpdateIds-w61-seconly.txt it should suggest to create/edit \client\exclude\custom\ExcludeList.txt and add the contested KB#.
Robou
 
Posts: 8
Joined: 18.08.2017, 10:30

Re: Seconly Mistake

Postby hbuhrmester » 24.08.2017, 02:49

Best practices for a manual configuration of the seconly configuration files

The default configuration files

Code: Select all
wsusoffline/client/exclude/HideList-seconly.txt
wsusoffline/client/static/StaticUpdateIds-w61-seconly.txt
wsusoffline/client/static/StaticUpdateIds-w62-seconly.txt
wsusoffline/client/static/StaticUpdateIds-w63-seconly.txt


should not be edited manually by the user. They may be replaced by newer versions from the server at any time, and then all manual changes will be lost.

One the other hand, manual changes to these files may actually prevent their update from the server: Since the download utilities wget and aria2 use timestamping for all downloads, the remote file on the server may not get downloaded, if the local file is newer. But this could only happen in the rare case, that both copies are edited at the same time.

However, the best approach would be to create new files with the same filenames in the "custom" subdirectories.

Full quality update rollups are then added to the file:

Code: Select all
wsusoffline/client/exclude/custom/HideList-seconly.txt


Security only update rollups are sorted out into the files:

Code: Select all
wsusoffline/client/static/custom/StaticUpdateIds-w61-seconly.txt
wsusoffline/client/static/custom/StaticUpdateIds-w62-seconly.txt
wsusoffline/client/static/custom/StaticUpdateIds-w63-seconly.txt


Each entry consists of a kb number and a description, separated by a comma. Use the existing files as examples. Note, that each file should end with an empty line. The description doesn't really matter. It will be displayed during installation and added to the installation log, but this is only for information.

The configuration files for the August 2017 updates could then look like:

wsusoffline/client/exclude/custom/HideList-seconly.txt
Code: Select all
kb4034664,Windows 7 Monthly Rollup, August 8, 2017
kb4034665,Windows 8 Monthly Rollup, August 8, 2017
kb4034681,Windows 8.1 Monthly Rollup, August 8, 2017


wsusoffline/client/static/custom/StaticUpdateIds-w61-seconly.txt
Code: Select all
kb4034679,Windows 7 Security-only update, August 8, 2017


wsusoffline/client/static/custom/StaticUpdateIds-w62-seconly.txt
Code: Select all
kb4034666,Windows 8 Security-only update, August 8, 2017


wsusoffline/client/static/custom/StaticUpdateIds-w63-seconly.txt
Code: Select all
kb4034672,Windows 8.1 Security-only update, August 8, 2017



More on the usage of the configuration files

The "custom" configuration files are actually used.

For download, the code is in the script DownloadUpdates.cmd:

wsusoffline/cmd/DownloadUpdates.cmd, lines 1275-1286
Code: Select all
if "%SECONLY%"=="1" (
  if exist ..\client\exclude\HideList-seconly.txt (
    for /F "tokens=1* delims=,;" %%i in (..\client\exclude\HideList-seconly.txt) do (
      echo %%i>>"%TEMP%\ExcludeList-%1.txt"
    )
  )
  if exist ..\client\exclude\custom\HideList-seconly.txt (
    for /F "tokens=1* delims=,;" %%i in (..\client\exclude\custom\HideList-seconly.txt) do (
      echo %%i>>"%TEMP%\ExcludeList-%1.txt"
    )
  )
)

Here, the kb numbers are extracted from both ..\client\exclude\HideList-seconly.txt and ..\client\exclude\custom\HideList-seconly.txt (if existing) and added to a temporary exclude list. This will prevent the download of full quality update rollups, if security only updates are requested.


wsusoffline/cmd/DownloadUpdates.cmd, lines 1133-1144
Code: Select all
for %%i in (w61 w62 w63) do (
  for /F %%j in ('dir /B ..\client\static\StaticUpdateIds-%%i*-seconly.txt 2^>nul') do (
    for /F "tokens=1* delims=,;" %%k in (..\client\static\%%j) do (
      echo %%k>>"%TEMP%\ExcludeList-superseded-exclude.txt"
    )
  )
  for /F %%j in ('dir /B ..\client\static\custom\StaticUpdateIds-%%i*-seconly.txt 2^>nul') do (
    for /F "tokens=1* delims=,;" %%k in (..\client\static\custom\%%j) do (
      echo %%k>>"%TEMP%\ExcludeList-superseded-exclude.txt"
    )
  )
)

The kb numbers from the files StaticUpdateIds-*-seconly.txt from both ..\client\static and ..\client\static\custom are added to a temporary file ExcludeList-superseded-exclude.txt. This file is meant to include downloads, which have been marked as "superseded" by Microsoft. But this may not be necessary anymore, because it was changed by Microsoft in December 2016.


During installation, the script ListMissingUpdateIds.vbs stores the filename HideList-seconly.txt in a constant and then searches both locations:

wsusoffline/client/cmd/ListMissingUpdateIds.vbs, lines 6, 28, 36-37
Code: Select all
Private Const strHideFileName = "HideList-seconly.txt"
...
Set objExec = objShell.Exec(objShell.ExpandEnvironmentStrings("%SystemRoot%") & "\System32\find.exe /I """ & strKBNumber & """ ..\exclude\" & strHideFileName & " >nul 2>&1")
...
If CreateObject("Scripting.FileSystemObject").FileExists("..\exclude\custom\" & strHideFileName) Then
  Set objExec = objShell.Exec(objShell.ExpandEnvironmentStrings("%SystemRoot%") & "\System32\find.exe /I """ & strKBNumber & """ ..\exclude\custom\" & strHideFileName & " >nul 2>&1")



The script ListUpdatesToInstall.cmd evaluates the files StaticUpdateIds-*-seconly.txt

wsusoffline/client/cmd/ListUpdatesToInstall.cmd, lines 56-58
Code: Select all
if "%SECONLY%"=="1" (
  call :EvalStatics ..\static\custom\StaticUpdateIds-%OS_NAME%-seconly.txt
  call :EvalStatics ..\static\StaticUpdateIds-%OS_NAME%-seconly.txt
  ...
hbuhrmester
 
Posts: 244
Joined: 11.10.2013, 20:59

Re: Seconly Mistake

Postby Robou » 13.09.2017, 11:25

Thanks to admin for the recent update of HideList-seconly.txt!
Robou
 
Posts: 8
Joined: 18.08.2017, 10:30

Re: Seconly Mistake

Postby WSUSUpdateAdmin » 10.10.2017, 16:23

...and thanks to Hartmut for clarification and documentation! :)
WSUSUpdateAdmin
Administrator
 
Posts: 2022
Joined: 07.07.2009, 14:38

Previous

Return to Installation / Updating

Who is online

Users browsing this forum: Bing [Bot] and 3 guests