I found on our site this solution but that is not fully automatically - i.e. I call 1) Windows Updates, then 2) Restart, then 3) Log in, then do the boring loop 1-2-3 again and again manually.
I seek for automation this tendering process! Any ideas please share.
Thank you
Schedule the following command to be run on startup:
And go into Windows Udpate and change the settings to say Download and install updates automatically, then you should be able to start Windows Update manually and go away. After the update is completed it'll reboot, after the restart it'll go look for more updates.
If necessary, disable your account password until all of the updates have been applied, and then re-apply the password once you're all set.
I just put this together, it seems to work pretty well:
wuauclt /detectnow
wuauclt /updatenow
:CheckForRequiredRestart
reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired" > nul && shutdown -r -t 0
ping 127.0.0.1 -n 61 > nul
goto CheckForRequiredRestart
Just throw it in a .cmd file and drop it in Startup folder and run it once.
(I'm not really clear on what OS's support the /updatenow parameter but it does seem to have an effect on Windows 7.)
I tested patching a Windows 7 VM and it went through the entire sequence (something like 10 restarts?). The only patches that remained were the Malicious Removal Tool (which requires user approval) and 4 updates that are unchecked by default. They are small though, after installing there was a restart and then a couple patches on top and it was done.
It doesn't install optional updates so there were a few of those, small. I installed them manually and there weren't even any patches on top, so all-in-all it was pretty effective for a simple script. When it finally finishes you simply delete the script. I don't know a simple way to detect a complete finish or I'd have it remove/unschedule itself.
I really don't like WuInstall or the VBS/PowerShell scripts floating around as they are all forced to deal with advanced categorical selection of updates that is too complex for this simple goal. There's no simplicity like "Important", "Recommended", and "Optional"; you have to explicitly exclude languages and/or include many different categories and even then it's not quite the same as what you achieve through the traditional install/restart cycle.
To patch more than just the odd system you should of course use a different method, such as deploying an image with WDS, using a slipstreamed install, WSUS, or WSUS Offline Update.
I found on our site this solution but that is not fully automatically - i.e. I call 1) Windows Updates, then 2) Restart, then 3) Log in, then do the boring loop 1-2-3 again and again manually.
You could also use the freeware tool Wuinstall. With that you can automate the updating process. For example you can configure wuinstall to install updates until a reboot is needed. Then the tool restarts the system and continues with installing further updates, if there are some left. So you get your system much more faster up to date than using the normal Windows update service.
One potential downside is that if an update fails each time it runs, it may keep trying to rerun that particular update over and over again, locking the computer in a loop.
To prevent getting stuck in an infinite reboot loop you can set the maximum number of reboots. For example after three times of rebooting, the tool will interrupt the updating process.
I used this tool to set up several fresh installed computers and it worked well.
