I made a question earlier this month regarding how I can use vbscript to check to see if a server has any critical updates pending. The answer that was provided worked great and I sent out the script to our QA environment for additional testing.
There is a "vault" environment that a server can run in, and it has no access to Windows Update Agent and can only get windows updates directly through WSUS. Is there a way with VBScript to only check for critical updates directly through WSUS and not Windows Update Agent.
I receive a 0x8024402C error with this code (logic taken from the previous question). It is wrapped in a subroutine which will give PASS or FAIL output depending on the outcome. I have verified this works on some servers.
Dim count
count = 0
'Microsoft Magic
Set updateSession = CreateObject("Microsoft.Update.Session")
Set updateSearcher = updateSession.CreateupdateSearcher()
Set searchResult = updateSearcher.Search("IsAssigned=1 and isHidden=0 and IsInstalled=0 and Type='Software'")
'End Microsoft Magic
If searchResult.Updates.Count <> 0 Then ' If Updates were found
For i = 0 to searchResult.Updates.Count - 1 'Just count the number of updates
count = count + 1
Next
objResult.Text = "FAIL"
objComment.Text = "There are " & count & " updates that need to be installed"
Else
objResult.Text = "PASS"
objComment.Text = "All updates are installed"
End If
If NOT len(objResult.Text) Then 'Just in case searchResult produces an error
objResult.Text = "FAIL"
objComment.Text = "Could not query Windows Update Server"
End If
At the very least, is there a way with my current code to check for an error if it cannot connect to Windows Update Agent and just output that like I am doing above, so I can continue on with the rest of my script?
There is a "vault" environment that a server can run in, and it has no access to Windows Update Agent and can only get windows updates directly through WSUS. Is there a way with VBScript to only check for critical updates directly through WSUS and not Windows Update Agent.
Perhaps a note on architecture will help with this. Every system has a Windows Update Agent. It ships with the Operating System. The Windows Update Agent does all of the work, whether it's a home system talking to Automatic Updates, an older system browsing to Windows Update in IE, using the Control Panel WUApp, or talking to a WSUS server -- it's the Windows Update Agent that does the work.
The above script talks to the WSUS server and retrieves information based on what the Windows Update Agent has reported to the WSUS server.
A system that is disconnected, which is what I believe the reference to a "vault environment" is refering to, cannot access AU/WU/MU, but depending on the size of the "vault environment", it is possible to implement a WSUS server within that environment. The WSUS documentation includes detailed instructions on how to deploy and manage a WSUS server in a disconnected network.
If there is no WSUS server in the disconnected network, you can also use the offline scan cab (WSUSSCN2.CAB), but its important to note that this offline file does not contain all updates -- it contains Security Updates, Update Rollups, and Service Packs, so if the desire is to get all Critical Updates, that won't meet the needs.