This
script (the core was pulled from Microsoft’s website, and the
WindowsUpdate agent install was borrowed from Torgeir Bakken – thank
you!) will tell the WU Automatic Update Client (wuaclt.exe) to
‘detectnow’, download and install missing windows updates as compared
to it’s update server. Works for WSUS and regular Windows Update site.

You can force a client to restart after the updates have been
applied (if a reboot is pending, or if you plain just want to restart
for the heck of it).

The script is highly configurable, and should fit most applications
where users/admins need to force a download and installation of
approved updates.

NOTE: If there are a LOT of downloads to pull, the status window (or
log) will say "Downloading" for that entire time. I’m not sure how to
get a download progress of each update…maybe someone can help me with
that.

Note on command-line switches: If you don’t specify a switch (for
example, ’email:’) the corresponding variable defined in the script
will provide the needed information (command-line switches take
precedence).

Why I put this script together:

Our desktop deployment technicians needed a script that would pull updates immediately and install.

We have some computers that are sometimes logged on or not (but they
run services that must be running almost constantly), and are never
rebooted.

The user ignores the ‘you have new updates available’ message, so
updates are never installed. This script will let you install the
updates, and then it tells the WUA to present the ‘restart’ message –
which more users are apt to respond to.

If the client running the script doesn’t have the 2.0 WUA installed,
Torgeir’s portion of the script will automatically install it (please
contact me if this doesn’t work – I modified his script slightly to
plug into mine!).

After the script runs, it will email a recipient the resulting
logfile that is produced. Very handy for running with my Front-end to
PSEXEC tool.

You need to edit the following variables:

* sExePath – this is the location of the WindowsUpdateAgent20-x86.exe. Download it from http://go.microsoft.com/fwlink/?LinkId=43264

* strMailFrom – arbitrary reply-to address

* strMailto – email address you want the report to mail to (this
is for manual mode – or if the command-line switch isn’t specified).

* strSMTPServer – the IP address of the email server you are sending the reports through.

Optional variables:

* Silent – 0 = verbose, 1 = silent (no windows or visible information)

* Intdebug – 0 = off, 1 = 1 (see some variables that are being passed)

* strAction – prompt|install|detect. Prompt gives users
opportunity to install updates or not, install just installs them,
detect updates the WU collection and downloads the updates (but does
not install them) – useful if you want to have the computer refresh its
stats to the stat server but not install the updates.

* blnEmail – 0 = off|1 = on. If set to 0, the script will not
email a log file. If you specify an email address in the command-line,
this will force the script to switch blnEmail to ‘1’.

* strRestart – 0 = Do nothing|1 = restart|2 = shutdown. Command-switch ‘restart:’ supercedes this variable.

Command line switches:

* action: prompt|install|detect

* mode: silent|verbose

* email: [email protected]

* restart: 0 (do nothing)| 1 (restart) | 2 (shutdown)

* force: 0 (do not enforce restart action – this is optional, by default it is set to 0) | 1 (enforce restart action)

* emailsubject: – Text for custom subject enclosed in quotations (i.e. "This is a custom subject"

* fulldnsname: 0 (use non-qualified server name) | 1 (use fully qualified DNS name of the server that the script ran on)

* emailifallok: 0 (don’t email a report if there are no problems
with the update process) | 1 (email report whether there are errors or
not)
* smtpserver: x.x.x.x or smtp mail hostname (define an alternate SMTP server)

* logfile:"x:pathlog.txt"

* authtype: cdoAnonymous|cdoNTLM|cdoBasic (SMTP authentication type)

* authID: userid (SMTP authentication ID)

* authPassword: password (SMTP authentication password)

Finally, rename the file with .vbs extension

Example of usage:

Install updates silently, email you a logfile, then restart the computer ->

updatehf.vbs action:install mode:silent email:[email protected] restart:1

Detect missing updates, email you a logfile, then do nothing (no restart) ->

updatehf.vbs action:detect mode:verbose email:[email protected] restart:0

Prompt user to let them decide whether or not to install updates, email you a logfile, prompt user for restart ->

updatehf.vbs action:prompt mode:verbose email:[email protected] restart:1

Install updates silently, email you a logfile, then shutdown the computer if a reboot is pending->

updatehf.vbs action:install mode:silent email:[email protected] restart:2

Install updates silently, email you a logfile, then shutdown the computer no matter if a reboot is pending or not->

updatehf.vbs action:install mode:silent email:[email protected] restart:2 force:1

Detect missing updates or pending reboot silently, email you a logfile, then restart if there is a pending reboot ->

updatehf.vbs action:detect mode:silent email:[email protected] restart:1

Detect missing updates or pending reboot silently, email you a
logfile, then restart no matter if there is a pending reboot ->

updatehf.vbs action:detect mode:silent email:[email protected] restart:1 force:1 

Get code — http://community.spiceworks.com/scripts/show_download/82