Ramblings From The Litter Tray of Life

Archive for August, 2008

Wuauclt Switches

Posted by graycat on 27 August 2008

Now if you’ve been reading any of my recent posts you’ll have noticed I’ve been hitting the Windows Update Service quite a bit. Well there’s a darn good reason for this – I’ve needed to find a solid solution to some of my minor issues at my professional job (no, not street walking!).

Right, lets start with the easy one: “what the heck is wuauclt and what’s it got to do with me?”

Well, my young friend, it is the process managing automatic updates for Microsoft Windows and continuously checks for the latest updates and uses the Internet to do so. If you hit up the task manager you will most likely see it kicking about on your process list. Don’t be afraid, it’s a good thing. Honest. Look, if you’ve got windows you’ll need to keep it up to date so just get on the update train, ok??! 🙂 lol

Now if you’re the situation when you want to manually kick off the registration with a WSUS server then you may have alreay heard of the /detectnow forces the machine to check if there are any updates available for it. This is useful because waiting for detection to start can be a time-consuming process and a pain in the butt.

Another good one is /resetauthorization. As WSUS uses a cookie on the client computers to store various types of information, including computer group membership when client-side targeting is used this can cause a hic-cup here and there. By default this cookie expires an hour after WSUS creates it but you never know.

You can actually combine the pair of these to not only reset the stored info but check if there’s anything new to apply and have the WSUS server update computer group membership.

What isn’t as widely known are the other switches that are hiding. One of the reasons for this is that “wuauclt.exe /?” does sweet bugger all and is really annoying. However, I recently found a great post outlining the mystery options here.

The highlights of which IMO are:

  • /downloadnow – kicks off the download processes regardless of the time schedule
  • /TestWSUSServer – test the connection to the server

There’s a fantactic list of these switches over here which is well worth a look. In fact, have a wonder round the whole site as it’s a gold mine for WSUS knowledge.

Advertisements

Posted in IT | Tagged: , | Leave a Comment »

WSUS in the Workgroup

Posted by graycat on 27 August 2008

Sometimes you might be needing an update server in a small company or network where there is no domain or, like me in this case, you’re building a new machine and need to update it without joining it to the domain. Now even if you install the OS using the latest repository from the manufacturer you are going to have to update it further. This updating can take ages when pulled over the inter-web from MS so accessing a WSUS server would be ideal.

Well with a little work, you can get a workgroup machine to use your domain WSUS server ….. and here’s how.

Two main options really (as laid out here by Microsoft) – policy based and registry based. I’m not going to go into the policy based stuff as that’s really well covered in the MS page and very straight forward. The method I’ve just used though is adding to the registry.

After a little searching I ran across a few reg keys that’ll point the machine towards the right WSUS, set download / install options and even drop it into the right WSUS group. In the end I went with this reg settings:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\]
“WUServer”=”http://192.168.0.100”
“WUStatusServer”=”http://192.168.0.100”

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\]
“AUOptions”=dword:00000002
“NoAutoRebootWithLoggedOnUsers”=dword:00000001
“NoAutoUpdate”=dword:00000000
“RescheduleWaitTime”=dword:00000005
“ScheduledInstallDay”=dword:00000000
“ScheduledInstallTime”=dword:00000000
“UseWUServer”=dword:00000001

The first few keys are pretty self evident as specifying your WSUS server. I’ve seen people suggesting that the server name, FQDN and IP address all work but I could only get the IP address to work and think this is a better solution anyway. In these keys you will also need to specify the port number to use if it is not the default port 80. This is done thus “http://192.168.0.100:8530”.

The AU section is where it gets interesting and allows you to set all the options such as downloading, installing and reboots. The AUOptions dword options go like this:

  • 1 – Keep my computer up to date has been disabled in Automatic Updates.
  • 2 – Notify of download and installation.
  • 3 – Automatically download and notify of installation.
  • 4 – Automatically download and scheduled installation.

Personally I’m an option 3 kinda guy when it comes to servers, ie: download it but I’ll give final approval to install it or not manually. Yes, this takes more time but it’ll save a lot more time if something goes wrong IMO.

The other keys are pretty easy to follow so I won’t rewrite the MS article but here’s an overview.

ScheduledInstallDay – which days to install on. 0 = everyday

ScheduledInstallTime -what time you want the install to run using 0 – 23 time format (for the hours if you’re not hip with the military speak)

NoAutoUpdate – enables or disables autoupdate.

NoAutoRebootWithLoggedOnUsers – true or false situation. If set to 1, will not automatically restart a computer while users are logged on.

Posted in IT | Tagged: , , , | Leave a Comment »

Data Replication Script

Posted by graycat on 20 August 2008

If, like me, you’re concerned about your data and like to have it multiple places then I’m sure you’ll have looked into methods of copying, replicating and synchronising this data about the shop. Now there are many methods to get this data a’movin and as many different cost levels as you can think of.

At my place of work we use an application by Veritas called Replication Exec and whilst it does the job, it does have some limitations IMO….. one of which I ran into today.

[fade out]

Admiral: Ok, son. We’ve got a major problem and we’re fresh out of ideas! WE need to replicate the critical data from the Eastern domain to the Central domain and we need it to work now!!

Capt Graycat: No problem, sir. Nothing I can’t accomplish with enough firepower.

Admiral: I admire your guts, Captain, but all our normal methods have failed. Replication Exec is useless and dead in the water. Surely you don’t think you can beat a powerhouse like that at it’s own game?!

Capt Graycat: Let me at it, sir! And don’t call me Shirley.

Capt Graycat ripples of a heroic salute and steps out into the night to take on the challenge. Over his shoulder he calls “smoke me a kipper, I’ll be back for breakfast” and disappears into the glum

Admiral’s sexy PA: What a guy! *swoon*

[fade back into real life]

Get all of that? Reread it if needed as there might be questions later 🙂

So what to do? Primary objective, sorry I meant the main thing is to get the data copied and that’ll mean a differential copy. Problems we’re going to run into are two separate domains that don’t trust each other properly (don’t ask), a lot of data to copy and get some value added features out of it because we’re that good.

My plan is to get the script to go like this:

  1. Make a working directory for the logs
  2. replicate the data using robocopy and various settings and log it into the “working” directory
  3. move the log to a dated folder and rename it to today’s date
  4. email it to various people
  5. clean up afterwards

Easy, huh?

ok, I’ll not discuss the making of folders or moving files about bit as that’s been done to death elsewhere.

Oh sod it, here’s the code –


REM   DR_Data_Replication.bat
REM
REM   Mirrors Server1 share contents from SOURCE_SERVER to TARGET_SERVER.
REM   Creates monthly directory and daily log then e-mails to address(es)
REM
REM   Written by - Graycat
REM

REM Creating Log Folder
md c:\#Scripts\Logs\Working\

REM Starting Replication …..

REM Replicating “Server1” into “Data_Share” on TARGET_SERVER
Robocopy e:\Server1 \\TARGET_SERVER\Data_Share /MIR /XN /XF AUTORUN.INF /LOG+:c:\#Scripts\Logs\Working\Working.txt /R:3 /rh:2200-0400 /pf

REM Move and rename log
move c:\#Scripts\Logs\Working\Working.txt c:\#Scripts\Logs\%date:~-4,4%\%date:~-7,2%\%date:~-4,4%%date:~-7,2%%date:~0,2%.txt

REM E-mailing Log file
echo DR data replication from SOURCE_SERVER to TARGET_SERVER logs attached. > body.txt
c:\#scripts\mpack.exe -s “DR Replication” -d body.txt -c application/exe -o body.msg c:\#Scripts\Logs\%date:~-4,4%\%date:~-7,2%\%date:~-4,4%%date:~-7,2%%date:~0,2%.txt
c:\#Scripts\bmail.exe -s 192.1.1.245 -f Robocopy@mydomain.com -t me@mydomain.com -h -m body.msg

REM Clean up
del c:\#Scripts\body.msg
del c:\#Scripts\body.txt

Exit

hopefully most of that follows on from what I was after in the script flow. Robocopy is in the Windows resource kit I believe but easily downloaded from MS. The mpack is for encoding MIME e-mail messages so that they can be sent with an attachment. It’s a cracking little free application and can be found over here along with bmail which is what was used to actually send the e-mail.

Ok, the robocopy switches might be of interest so here goes –

  • MIR – mirror directory
  • /XN – exclude newer files
  • /XF AUTORUN.INF – exclude files called autorun.inf
  • /LOG+:c:\#Scripts\Logs\Working\Working.txt – log to the end of working.txt log file
  • /R:3 – retry three times if it fails
  • /rh:2200-0400 – allow to run between 2200 and 0400
  • /pf – check the allowed run time for each file as it’s done. this’ll stop it running after 0400

on test runs this worked great …. apart from robocopy would pause rather than terminate when it hit the end of its allowed run time.
To get round this, I added another script to run at 0400 that used Taskkill /IM robocopy /f to kill any process called robocopy. This would then allow the rest of the script to run through nicely.

Right, that’s me for today. Time to go home. I’ll report back in a few days as to how it went.

Posted in Applications, IT | Tagged: , , , , , , | 2 Comments »