160 lines
7.7 KiB
PowerShell
160 lines
7.7 KiB
PowerShell
|
# Powershell version of install windows update via task scheduler
|
||
|
# This script creates a logon task to run windows updates.
|
||
|
# Depends on packer windows-restart to start the taks and stop winrm.
|
||
|
# After all updaets are instaled winrm is started and the login task is removed.
|
||
|
|
||
|
# setup window name and script name variable
|
||
|
$scriptname="windows-update-winrm.ps1"
|
||
|
$host.ui.RawUI.WindowTitle = "$scriptname"
|
||
|
|
||
|
# start logging
|
||
|
start-transcript -path c:\windows\temp\windows-update-winrm.log -append
|
||
|
|
||
|
# Report the IE version Installed
|
||
|
Write-output ("Installed IE Version currently is " + (Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Internet Explorer').Version)
|
||
|
|
||
|
# Report the powershell version installed
|
||
|
$powershellversion=$PSVersionTable.PSVersion
|
||
|
write-output "Powershell version $powershellversion installed"
|
||
|
if ($PSVersionTable.PSVersion.Major -lt 5) {
|
||
|
write-output "Powershell upgrade in previous step failed!!"
|
||
|
get-content "C:\Windows\wsusofflineupdate.log"
|
||
|
exit 1
|
||
|
}
|
||
|
|
||
|
# Report the version of windows update agent
|
||
|
$wu_agent=(get-command C:\windows\system32\wups2.dll).version
|
||
|
if ($wu_agent -ge [Version]"7.6.7601.19161") {
|
||
|
write-output "Windows Update agent is current! $wu_agent"
|
||
|
} else {
|
||
|
write-output "Windows Update agent out of date! $wu_agent"
|
||
|
}
|
||
|
|
||
|
# Check to see if scheduled task called $scriptname exists
|
||
|
if (schtasks /query /tn $scriptname 2>$null ) {
|
||
|
write-output "Checking for updates...."
|
||
|
Get-WUInstallerStatus
|
||
|
# hack to get buggy windows 7 to show updates
|
||
|
#if ([Environment]::OSVersion.Version -le [Version]"6.1.7601.65536") {
|
||
|
#if ((gwmi win32_operatingsystem).OperatingSystemSKU -notmatch "(\b[7-9]|10|1[2-5]|1[7-9]|2[0-5])") {
|
||
|
if ([Version](Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Internet Explorer').Version -le [Version]"9.11.9600.18231") {
|
||
|
write-output "Forcing Windows to search for updates until it finds some...."
|
||
|
while (-not(Get-WindowsUpdate -notCategory "Windows 7 Language Packs")) {
|
||
|
write-output "Still looking for updates...."
|
||
|
}
|
||
|
Write-output "Win Found some updates"
|
||
|
}
|
||
|
#}
|
||
|
#}
|
||
|
# Actually install the updates starts here..
|
||
|
if (Get-WindowsUpdate -notCategory "Windows 7 Language Packs" -NotTitle "Printer")
|
||
|
{
|
||
|
write-output "Starting Windows update installation..."
|
||
|
# run windows updates
|
||
|
Install-WindowsUpdate -IgnoreUserInput -AcceptALL -IgnoreReboot -verbose -notCategory "Windows 7 Language Packs"
|
||
|
# restart after every insstall of updates
|
||
|
stop-transcript
|
||
|
restart-computer
|
||
|
} else {
|
||
|
write-output "No updates found..."
|
||
|
# maybe check for systems that still show zero installed updates and reboot
|
||
|
#if (Get-WUList -IsInstalled) {write-output "updates have been installed"}
|
||
|
#remove scheduled task
|
||
|
schtasks /delete /tn $scriptname /f
|
||
|
# stop logging & dump to console so it gets recorded in packer log
|
||
|
#get-content c:\windows\temp\windows-update-winrm.log
|
||
|
# start winrm service and set to autostart
|
||
|
start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config WinRM start= delayed-auto" -wait
|
||
|
#start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "start WinRM" -wait
|
||
|
stop-transcript
|
||
|
restart-computer
|
||
|
}
|
||
|
} else {
|
||
|
# first run of script
|
||
|
# setup windows updater components
|
||
|
$ErrorActionPreference = 'Stop'
|
||
|
# install nuget
|
||
|
write-output "Installing NuGet"
|
||
|
|
||
|
[int]$attempts = 0
|
||
|
do {
|
||
|
try {
|
||
|
$attempts +=1
|
||
|
Get-PackageProvider -Name NuGet -ForceBootstrap
|
||
|
if (-not([string](Get-PackageProvider).name -match "NuGet")) { throw "Error installing NuGet" }
|
||
|
break
|
||
|
} catch {
|
||
|
write-host "Problem installing NuGet `tAttempt $attempts `
|
||
|
`n`tException: " $_.Exception.Message
|
||
|
start-sleep -s 20
|
||
|
}
|
||
|
}
|
||
|
while ($attempts -lt 10)
|
||
|
if ($attempts -ge 10) {
|
||
|
write-host "NuGet failed to install!!"
|
||
|
exit 1
|
||
|
}
|
||
|
|
||
|
# allow repo install
|
||
|
write-output "adding PSGallery repo"
|
||
|
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
|
||
|
|
||
|
# install PSWindowsUpdate
|
||
|
write-output "Installing PSWindowsUpdate"
|
||
|
Install-Module -Name PSWindowsUpdate -Confirm:$false | out-null
|
||
|
write-output "Installed PSWindowsUpdate"
|
||
|
|
||
|
# attempt install early for debugging
|
||
|
#Get-WUInstallerStatus
|
||
|
|
||
|
#Get-WindowsUpdate -notCategory "Windows 7 Language Packs"
|
||
|
write-output "Modern windows update tools installed..."
|
||
|
|
||
|
##### Debugging BS for windows 7 below..
|
||
|
#start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config bits start= auto" -wait
|
||
|
#start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config wuauserv start= auto" -wait
|
||
|
#start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config appidsvc start= auto" -wait
|
||
|
#start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config cryptsvc start= auto" -wait
|
||
|
|
||
|
#if ([Environment]::OSVersion.Version -le [Version]"6.2") {
|
||
|
# Write-output "Installing KB KB2966583"
|
||
|
# Install-WindowsUpdate -KBArticleID KB2966583 -acceptall
|
||
|
#}
|
||
|
|
||
|
# Stops the windows update service.
|
||
|
# Get-Service -Name wuauserv | Stop-Service -Force -Verbose -ErrorAction SilentlyContinue
|
||
|
|
||
|
# Delete the contents of windows software distribution.
|
||
|
#write-output "Delete the contents of windows software distribution"
|
||
|
#Get-ChildItem "C:\Windows\SoftwareDistribution\*" -Recurse -Force -Verbose -ErrorAction SilentlyContinue | remove-item -force -recurse -ErrorAction SilentlyContinue
|
||
|
|
||
|
# setup windows update server from envrionment variables
|
||
|
#write-output "Windows Update Group $env:wsus_group"
|
||
|
#write-output "Windows Update Server $env:wsus_server"
|
||
|
# check if you can reach the wsus server
|
||
|
#If (test-connection -quiet $env:wsus_server) {
|
||
|
#$wsusserver="http://" + $env:wsus_server + ":8530"
|
||
|
#} elseif (test-connection -quiet 10.122.168.21) {
|
||
|
#$wsusserver="http://10.122.168.21:8530"
|
||
|
#} else {
|
||
|
#write-output "Unable to contact the wsus server. Using microsoft.com"
|
||
|
#}
|
||
|
# set windows updates to pull from local wsus server
|
||
|
#if ($wsusserver) {
|
||
|
#write-output "WSUS server contacted " $wsusserver
|
||
|
#New-Item -Path "HKLM:Software\Policies\Microsoft\Windows\WindowsUpdate\AU" -force -ErrorAction SilentlyContinue
|
||
|
#Set-ItemProperty -Path "HKLM:\software\policies\Microsoft\Windows\WindowsUpdate" -Name WUServer -Value $wsusserver -Type String -force
|
||
|
#Set-ItemProperty -Path "HKLM:\software\policies\Microsoft\Windows\WindowsUpdate" -Name WUStatusServer -Value $wsusserver -Type String -force
|
||
|
#Set-ItemProperty -Path "HKLM:\software\policies\Microsoft\Windows\WindowsUpdate\AU" -Name UseWUServer -Value "1" -Type DWORD -force
|
||
|
#Set-ItemProperty -Path "HKLM:\software\policies\Microsoft\Windows\WindowsUpdate" -Name TargetGroupEnabled -Value "1" -Type DWORD -force
|
||
|
#Set-ItemProperty -Path "HKLM:\software\policies\Microsoft\Windows\WindowsUpdate" -Name TargetGroup -Value $env:wsus_group -Type String -force
|
||
|
#}
|
||
|
# set winrm to manual start to prevent packer from connecting on reboot
|
||
|
Set-Service -Name winrm -StartupType Manual
|
||
|
# if schedled task does not exist create it
|
||
|
Write-output "Creating scheduled task to start $scriptname with proper elevation"
|
||
|
# setup task scheduler login item to process this script next boot
|
||
|
schtasks /create /ru "BUILTIN\administrators" /sc ONLOGON /tn $scriptname /tr "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File C:\windows\temp\$scriptname" /rl highest /f /np
|
||
|
}
|
||
|
stop-transcript
|
||
|
exit 0
|