I've had this script floating around for a while. I put it together based on a number of recommendations from Microsoft regarding fixing problems with Windows Update.
Note that this will fix some errors, but there are a whole swag of issues that can arise with automatic updates.
Also, as always, I take absolutely no responsibility if this causes your machine to implode (although I would love to see the photos if it does!)
@echo off
if exist %systemroot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\tmp*.cat del /F /Q %systemroot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\tmp*.cat
if exist %systemroot%\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\tmp*.cat del /F /Q %systemroot%\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\tmp*.cat
if exist %systemroot%\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\kb*.cat del /F /Q %systemroot%\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\kb*.cat
if exist %systemroot%\System32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\kb*.cat del /F /Q %systemroot%\System32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\kb*.cat
regsvr32 /s softpub.dll
regsvr32 /s wintrust.dll
regsvr32 /s initpki.dll
regsvr32 /s dssenh.dll
regsvr32 /s rsaenh.dll
regsvr32 /s gpkcsp.dll
regsvr32 /s sccbase.dll
regsvr32 /s slbcsp.dll
regsvr32 /s mssip32.dll
regsvr32 /s cryptdlg.dll
attrib -s -h %windir%
attrib -s -h %windir%\system32
attrib -s -h %windir%\system32\catroot2
net stop cryptsvc
ren %systemroot%\System32\Catroot2 oldcatroot2
net start cryptsvc
net stop wuauserv
rd /S /Q %windir%\SoftwareDistribution
md %windir%\SoftwareDistribution
net start wuauserv
Cheers,
Sean
Showing posts with label wsus. Show all posts
Showing posts with label wsus. Show all posts
Wednesday, January 20, 2010
Tuesday, April 28, 2009
WSUS: Clients overwriting each other
I discovered an interesting issue recently where a number of machines that were clones of each other were using the same IDs to report to WSUS and were therefore constantly overwriting each other in the WSUS database.
A quick run of this script against the machines was able to force a change of those IDs and set a registry entry flag so that if the script were run again (such as from a computer startup GPO), it wouldn't reset the IDs again.
Set oShell = CreateObject("WScript.Shell")
sRegKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate"
' suppress error in case values does not exist
On Error Resume Next
' check for marker
sIDDeleted = oShell.RegRead( sRegKey & "\IDDeleted")
' to be sure values is only deleted once, test on marker
If sIDDeleted <> "yes" Then
' delete values
oShell.RegDelete sRegKey & "\AccountDomainSid"
oShell.RegDelete sRegKey & "\PingID"
oShell.RegDelete sRegKey & "\SusClientId"
' Stop and start the Automatic updates service
oShell.Run "%SystemRoot%\system32\net.exe stop wuauserv", 0, True
oShell.Run "%SystemRoot%\system32\net.exe start wuauserv", 0, True
' Run wuauclt.exe with resetauthorizations
Cmd = "%SystemRoot%\system32\wuauclt.exe /resetauthorization /detectnow"
oShell.Run sCmd, 0, True
' create marker
oShell.RegWrite sRegKey & "\IDDeleted", "yes"
End If
We actually chose to run the script on the target machines using SCHTASKS.EXE from the Support Tools. I created a text file containing the names of all of the target machines and simply ran this script:
@echo off
FOR /F %%i IN (WSUS_Fix_Targs.txt) DO (
schtasks /create /tn "%%i_WSUS_SID_Fix" /tr "wscript.exe \\server\share\WSUS_Fix.vbs" /sc once /st 15:00 /ru domain\adminuser /rp userpassword /z /s %%i
)
Subscribe to:
Comments (Atom)
Posts
