WSUS: Is there a way to mass install updates + reboot?

aronesz

Limp Gawd
Joined
Oct 17, 2011
Messages
389
Greetings,

We have WSUS running on a 2003 server. Is there a way to have all servers initiate installation of downloaded updates, followed by a reboot, without having to manually RDP into 100+ servers (dozens of which are located around the world) to install updates?

Thanks!
 
Set up a patch schedule in GPO, push it out to the servers? They may take a couple days to get up to speed on the patches ( but then, maybe not ), but they'll handle themselves eventually.

You could also set a deadline on the patches. That'll force whatever approval group is getting the deadline to get them installed prior to the deadline, and reboot depending on your GPO settings.
 
We use a tool called BatchPatch that does exactly what you're looking to do. We patch about 350 servers in 30 minutes with this app, and so for us the investment was well worth it since it pretty much paid for itself almost immediately. I don't know if I'd call it a "patch management application," per se, since it doesn't really *manage* patches and updates as much as it just handles remotely *installing* them. However, I don't think there's a simpler or cheaper solution out there that can get the job done as easily. It can handle remotely installing Windows Updates, third-party patches, and also regular software. And it monitors the reboot portion too, which is pretty cool, so you're able to watch your machines update, reboot, and come back online all in a single console. There are a handful of "icing" type features in addition to the core functionality, so like for a subset of our machines we also use the wake on LAN capability to get the machines online before installing updates. We also use it for remote script execution now and then if we need a quick way to just hit every machine with a one-off script, rather than using a logon script. Oh, and I've also used it many times to push registry keys. Good luck!

-Dar
 
Last edited:
We use a tool called BatchPatch that does exactly what you're looking to do. We patch about 350 servers in 30 minutes with this app, and so for us the investment was well worth it since it pretty much paid for itself almost immediately. I don't know if I'd call it a "patch management application," per se, since it doesn't really *manage* patches and updates as much as it just handles remotely *installing* them. However, I don't think there's a simpler or cheaper solution out there that can get the job done as easily. It can handle remotely installing Windows Updates, third-party patches, and also regular software. And it monitors the reboot portion too, which is pretty cool, so you're able to watch your machines update, reboot, and come back online all in a single console. There are a handful of "icing" type features in addition to the core functionality, so like for a subset of our machines we also use the wake on LAN capability to get the machines online before installing updates. We also use it for remote script execution now and then if we need a quick way to just hit every machine with a one-off script, rather than using a logon script. Oh, and I've also used it many times to push registry keys. Good luck!

-Dar
Wow, that's incredible. I'm surprised they aren't charging more even for a single admin license. We'll definitely be looking into this.
 
If you're looking for free and basic, there's always WuInstall combined with PsExec.

psexec \\computer -c WuInstall.exe WuInstall.exe /install /reboot
or
psexec computer_list.txt -c WuInstall.exe WuInstall.exe /install /reboot

Obviously not as advanced as using something like RemoteExec or BatchPatch, but it does work just fine.
 
Wow, that's incredible. I'm surprised they aren't charging more even for a single admin license. We'll definitely be looking into this.

I totally agree. Almost seems too cheap. I wonder if it's cuz they're still kind of new... which makes me feel like "get your licenses now before they realize they're not charging enough!" ;-) We have the enterprise license because almost our whole IT team uses it for various tasks, but I'm glad we were able to get it while it was still cheap.

Good luck!
 
Back
Top