From the theory to practice there is a huge gap use to say my teachers.

Well I faced them well trying for real the script described here in short every thing was mostly but in order to get something that is really exploitable more efforts were needed.

Now it's done and I packaged every thing in the zipfile attached to this post. This is mostly 3 scripts (and a few subscripts) bundled together, it require a samba server. I called this L4SUS and it stands for Linux For Server Update Service.

Using L4SUS should be quite simple:

  • Extract all .vbs script in a folder on each computer you want to manage updates
  • Rename updatelist.conf.example to updatelist.conf and adapt configuration (ie. the name of the samba server and the root path serving update)
  • Install perl script in the samba server, make it executable (chmod a+x) and adapt paths at the top of the script ($dest_base_dir and $update_file_dir)
  • Verify that Windows update is configurated to search (and only search) from udpates
  • On the samba server create a directory called files in the directory pointed by $dest_base_dir, and for each computer a directory of the name of the computer also is the directory pointed by $dest_base_dir

The most tricky part is that $dest_base_dir (in download_winupdate) must be exported as the value of filePath (in updatelist.conf).

Main components of this systems are :

  • getupdatelist.vbs, this script search for applicable updates on the computer where it is running, it create a file in its own folder called yyyymmddproposedupdate.log which contains a list of all updates, their id and their file's url.
  • download_winupdate, provide a computer name to this script and it will parse the latest proposedupdate.log file, then download missing updates files and create a command list:: upatelist which indicate to doupdates.vbs how to do the updates
  • doupdates.vbs, this script execute as most quietly as possible the different updates listed in updatelist

You can get a nearly automatic systems by scheduling the scripts via cron and windows scheduler. Of course in this case it does mostly the same as using directly windows update (well it should use less bandwidth but it seems not as clever as windows update when it comes to do all the updates quietly ...).

Expect more updates soon, because it still a bit rough and should need more polish.