I've looked at a few similar posts however I believe my issue to be different.
I have just finished configuring a 2012 WSUS server whereby servers are configured to use client side targeting via GPO's.
I have opted for the default option – auto download and notify user of updates – as I need to first check that a snapshot has been taken prior to installing the updates on each server.
My plan is to approve updates on the 1st of each month then by the 4th all updates should have downloaded from the WSUS server to clients and a scheduled task will run (over kill on time it will take to distribute updates, I know).
I then plan for the scheduled task to run a script that first kicks off a VMWare snapshot of the server, verifies that the snapshot has successfully been created and then kicks off the updates.
Does this plan seem feasible and if so what would the command be to install downloaded updates from powershell or cmd line?
Best Answer
For the script install of updates part check out the command line tool Wuinstall (http://www.wuinstall.com) - with for example the command
wuinstall /downloadyou can just download pending updates without installing and withwuinstall /installyou can install downloaded updates (which is what you are searching for I guess)If you have a WSUS, Wuinstall gets the updates from there, otherwise the Microsoft update site is taken, but you can also do it either way with various command line switches like /bypass_wsus. More details you can find in the documentation.
We use it to push pre-selected updates to our machines at a scheduled time, from a central script in combination with our wsus and
psexec. Also works on Virtual Machines.