group policy and network share

group policy and network share

Postby dazormiq » 08.05.2018, 23:43

I know the intent of Wsusoffline is not to run from a network share, but it does it so much better than Wsus. I am trying to automate running wsusoffline on a domain, from a network share, as a group policy. I get tons of access denied errors. If I manually run the updateinstaller.exe everything runs perfectly. If I run cmd as administrator and paste the policy command it runs perfectly. I just can't make the dang thing run automatically.

What I want to accomplish is to have specific computers, as defined in active directory and group policys, run updates at specific times and dates. Regular Wsus cannot do this (or really sucks at doing this). During maintenance windows, I want to turn on the group policy, reboot the computers, let the policy run doupdates.cmd, reboot, run doupdates.cmd, reboot.....until I turn the group policy off. I finally managed to break the part where it creates the WOUTempAdmin by renaming the CreateUpdateAdminAndEnableAutoLogon.vbs so it can't run. The machines auto login to the network (they are all public access and not needed to be secured).

Has anyone tried or accomplished what I am trying to do? Anyone have a suggestion?

Thanks in advance.
dazormiq
 
Posts: 2
Joined: 07.05.2018, 23:11

Re: group policy and network share

Postby aker » 08.05.2018, 23:57

Hello dazormiq and welcome to the forum,

dazormiq wrote:I know the intent of Wsusoffline is not to run from a network share

It is. It is designed to update multiple devices using some kind of media. This can be CD/DVD, USB or network shares.

The access denied-errorsost likely come from the network drive being mounted in the user-context. UpdateInstaller.exe fixes this by mounting it in the admin-context.
This most likely explains your problems with the initial start.
If you want to, you can automate this by creating an administrative scheduled task pointing to a script on a local drive similar to this one:
Code: Select all
net use W: \\SERVER\wsusoffline /persistent:no
call W:\client\Update.cmd
net use W: /delete


[edit]The option inside the task scheduler is "Run with highest priviledges".[/edit]

dazormiq wrote:I finally managed to break the part where it creates the WOUTempAdmin by renaming the CreateUpdateAdminAndEnableAutoLogon.vbs so it can't run.

As far as I understand, you want to manually do the reboots without wsusou recalling itself, correct?
The easiest way would be to add an "shutdown /r /f /t 5"-command at the end of the example-script posted above and not passing "/autoreboot" to Update.cmd/DoUpdate.cmd. I would never recommend you to modify wsusou's files outside the custom-directories as they might be needed in other contexts a you might expect and also get restored at each self-update.
Tip: you can catch wsusou's "%errorlevel%". (0 = success & done, 3010/3011 = success & reboot/recall required, something else = error)

I hope, these two simple examples help you finding a solution suitable for you.
If you have furthe questions, feel free to post them here.
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to sell it.
aker
aker
 
Posts: 2967
Joined: 02.03.2011, 16:32
Location: /dev/kmem


Return to Installation / Updating

Who is online

Users browsing this forum: Dalai and 2 guests