WSUS客户端配置与检查

客户端要能够正常安装补丁，其注册表必须进行相应配置，本文介绍如何远程配置客户端注册表。

WSUS客户端配置与检查
作者：叶亚荣

一、客户端要求
WSUS只支持Windows 2000、Windows XP和Windows Server 2003的客户端，而且对客户端的Service Pack版本有要求。以下是SUS支持的客户端类型。

客户端操作系统版本 说明
Windows 2000 SP 2 需要额外安装客户端自动更新软件
Windows 2000 SP3及以上 已包括客户端自动更新软件
Windows XP RTM 需要额外安装客户端自动更新软件
Windows XP SP1及以上 已包括客户端自动更新软件
Windows Server 2003 RTM及以上 已包括客户端自动更新软件

二、配置组策略
1． 在一台安装Windows 2000 Pro Sp4的客户端上，运行gpedit.msc打开组策略。
2． 鼠标右击“计算机配置｜管理模板”，选择“添加删除模板”。
3． 按“添加”按钮。浏览到“%windir%inf ”(默认目录)下，选择wuau.adm。
4． 浏览到“计算机配置｜管理模板｜Windows组件｜Windows Update”。
 
5、双击策略“配置自动更新”，配置如下。
设置“启用”
“配置自动更新”为“4-自动下载并计划安装”
“计划安装日期”为“0-每天”
“计划安装时间”为“12:00”
 
6、配置“指定 intranet Microsoft 更新服务位置”。
设置“启用”
“设置检测更新的intranet 更新服务”设置为“172.19.45.19”
“设置 intranet 统计服务器”设置为“172.19.45.19”
 
7、配置“计划的自动更新安装后不自动重启动”。
设置“启用”
 
8、配置“允许自动更新立即安装”。
设置“启用”
 
9、导出注册表
打开注册表，定位到
“HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdate”，然后导出这个选定的分支。
 
 

三、导入客户端注册表配置
导入注册表的脚本如下，将脚本保存为WSUSImport.VBS，修改其中的红色部分为需要导入的IP：
———————————————————————————————————————
On Error Resume Next
Dim fso,f1,MyDate,countNet,countErrOS,countSuccessful,countFailed,countNoreply
stripsub="172.19."
countNet=0
countErrOS=0
countSuccessful=0
countFailed=0
countNoreply=0

MyDate = Year(Now)&"-"&Month(Now)&"-"&Day(Now)
LogFilePath="D:WSUSClinetLog"&MyDate&".txt"

Set fso = CreateObject("Scripting.FileSystemObject")
Set f1 = fso.CreateTextFile(LogFilePath, True)
Set objShell =CreateObject("WScript.Shell")

For strIPNode3 =41 To 46
    For strIPNode =2 To 256
        strComputer=stripsub&strIPNode3&"."&strIPNode
        Set objScriptExec =objShell.Exec("ping -n 2 -w 1000 " & strComputer)
        serPingstdout=LCase(objScriptExec.StdOut.ReadAll)
        If Instr(serPingstdout,"reply from "&strComputer) Then
            Set objScriptExec =objShell.Exec("nbtstat -a " & strComputer)
     For i=1 To 9
  serCoputername=UCase(objScriptExec.StdOut.Readline)
     Next
     serCoputername=Mid(serCoputername,5,15)
            Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!" & strComputer & "rootcimv2")
     On Error Resume Next
     Set colOperatingSystems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
     On Error Resume Next
     For Each objOperatingSystem in colOperatingSystems
  On Error Resume Next
  Return=0
          If objOperatingSystem.Caption <> "Microsoft Windows 2000 Professional" then
      If serCoputername="" Then
   f1.WriteLine(strComputer&"-NetDevice-Error-Unknown-Unknown")
   countNet=countNet+1
      Else
   f1.WriteLine(strComputer&"-"&serCoputername&"-ErrOsVer-"&objOperatingSystem.Caption&_
   " "&objOperatingSystem.Version&"-Unknown")
   countErrOs=countErrOs+1
      End If
                else
        const HKEY_LOCAL_MACHINE = &H80000002

      Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!"&strComputer&_
      "rootdefault:StdRegProv")
      strKeyPath = "SOFTWAREPoliciesMicrosoftWindowsWindowsUpdate"
      Return=Return+oReg.CreateKey(HKEY_LOCAL_MACHINE,strKeyPath)
  
      strKeyPath = "SOFTWAREPoliciesMicrosoftWindowsWindowsUpdate"
      strValueName = "WUServer"
      strValue = "http://172.19.45.19"
      Return=Return+oReg.SetStringValue(HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue)
               
      strKeyPath = "SOFTWAREPoliciesMicrosoftWindowsWindowsUpdate"
      strValueName = "WUStatusServer"
      strValue = "http://172.19.45.19"
      Return=Return+oReg.SetStringValue(HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue)

      strKeyPath = "SOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU"
      Return=Return+oReg.CreateKey(HKEY_LOCAL_MACHINE,strKeyPath)

      strValueName = "NoAutoUpdate"
      dwValue = 0
      Return=Return+oReg.SetDWORDValue(HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue)

      strValueName = "AUOptions"
      dwValue = 4
           Return=Return+oReg.SetDWORDValue(HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue)

      strValueName = "ScheduledInstallDay"
      dwValue = 0
      Return=Return+oReg.SetDWORDValue(HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue)

      strValueName = "ScheduledInstallTime"
      dwValue = 13
      Return=Return+oReg.SetDWORDValue(HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue)

      strValueName = "UseWUServer"
      dwValue = 1
      Return=Return+oReg.SetDWORDValue(HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue)

      strValueName = "AutoInstallMinorUpdates"
      dwValue = 1
      Return=Return+oReg.SetDWORDValue(HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue)

      strValueName = "NoAutoRebootWithLoggedOnUsers"
      dwValue = 1
          Return=Return+oReg.SetDWORDValue(HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue)
     
      If Return=0 Then
   f1.WriteLine(strComputer&"-"&serCoputername&"-Successful-"&objOperatingSystem.Caption&_
    " "&objOperatingSystem.Version&"-"&objOperatingSystem.ServicePackMajorVersion&_
   "."&objOperatingSystem.ServicePackMinorVersion)
   countSuccessful=countSuccessful+1
      Else
   f1.WriteLine(strComputer&"-"&serCoputername&"-Failed-"&objOperatingSystem.Caption&_
    " "&objOperatingSystem.Version&"-"&objOperatingSystem.ServicePackMajorVersion&_
   "."&objOperatingSystem.ServicePackMinorVersion)
   countFailed=countFailed+1
      End If
                End If
     Next
 Else
     f1.WriteLine(strComputer&"-NoReply-Error-Unknown-Unknown")
     countNoReply=countNoReply+1
 End If
    Next
Next
f1.WriteLine("NetDevice:"&countNet)
f1.WriteLine("ErrOSVer:"&countErrOs)
f1.WriteLine("Successful:"&countSuccessful)
f1.WriteLine("Failed:"&countFailed)
f1.WriteLine("NoReply:"&countNoReply)
f1.Close
———————————————————————————————————————
将脚本放置到SZEWSUS服务器上，并在每周五下午14：00计划任务运行，需要有管理员权限才能正确导入。
注册表仅导入到“Microsoft Windows 2000 Professional”机器上。其它机器全部忽略。
结果报告将保存在D:WSUSClinetLog下。文件的格式如下：
IP地址－机器名－成功或错误－操作系统名称和版本－Service Pack版本

四、客户端注册表检查
导入注册表的脚本如下，将脚本保存为WSUSCheck.VBS，修改其中的红色部分为需要导入的IP：
———————————————————————————————————————
On Error Resume Next
Dim fso, f1
const HKEY_LOCAL_MACHINE = &H80000002
const REG_SZ = 1
const REG_EXPAND_SZ = 2
const REG_BINARY = 3
const REG_DWORD = 4
const REG_MULTI_SZ = 7
stripsub="172.19."

MyDate = Year(Now)&"-"&Month(Now)&"-"&Day(Now)
LogFilePath="D:SC"&MyDate&".txt"

Set fso = CreateObject("Scripting.FileSystemObject")
Set f1 = fso.CreateTextFile(LogFilePath, True)
Set objShell =CreateObject("WScript.Shell")

For strIPNode3 =41 To 46
    For strIPNode =2 To 254
 CheckOk=0
        CheckOk1=0
        strComputer=stripsub&strIPNode3&"."&strIPNode
        Set objScriptExec =objShell.Exec("ping -n 2 -w 1000 " & strComputer)
        serPingstdout=LCase(objScriptExec.StdOut.ReadAll)
        If Instr(serPingstdout,"reply from "&strComputer) Then
            Set objScriptExec =objShell.Exec("nbtstat -a " & strComputer)
     For i=1 To 9
  serComputername=UCase(objScriptExec.StdOut.Readline)
     Next

     serComputername=Mid(serComputername,5,15)
     Err.Clear
            Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!" & strComputer & "rootcimv2")
     If Err.Number=462 Then
  f1.WriteLine(strComputer&"-"&serComputername&"-"&Err.Description&"-Unknown-Unknown")
     ElseIf Err.Number=429 Then
  f1.WriteLine(strComputer&"-"&serComputername&"-"&Err.Description&"-Unknown-Unknown")
     ElseIf Err.Number=70 Then
  f1.WriteLine(strComputer&"-"&serComputername&"-"&Err.Description&"-Unknown-Unknown")
     ElseIf Err.Number<>0 Then
  f1.WriteLine(strComputer&"-"&serComputername&"-"&Err.Description&"-Unknown-Unknown")
     Else
     'MsgBox ("Error # " & CStr(Err.Number) & " " & Err.Description)
     Set colOperatingSystems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
     For Each objOperatingSystem in colOperatingSystems
          If objOperatingSystem.Caption <> "Microsoft Windows 2000 Professional" then
      If serComputername="" Then
   'f1.WriteLine(strComputer&"-NetDevice-Error-Unknown-Unknown")
      Else
   f1.WriteLine(strComputer&"-"&serComputername&"-ErrOsVer-"&objOperatingSystem.Caption&_
   " "&objOperatingSystem.Version&"-Unknown")
      End If
                else
      Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!" &_
   strComputer & "rootdefault:StdRegProv")

      strKeyPath = "SOFTWAREPoliciesMicrosoftWindowsWindowsUpdate"
      arrValueNames1=-1
        oReg.EnumValues HKEY_LOCAL_MACHINE, strKeyPath, arrValueNames1, arrValueTypes1
      CheckOk=0
      CheckOk1=0

      If UBound(arrValueNames1)>=0 Then
    For i=0 To UBound(arrValueNames1)
       If arrValueTypes1(i)=REG_SZ Then
    strValue=""
        If arrValueNames1(i)="WUServer" Then
        oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,arrValueNames1(i),strValue
               If strValue="http://172.19.45.19" Then
         CheckOk=CheckOk+1
        End If
           ElseIf arrValueNames1(i)="WUStatusServer" Then
        oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,arrValueNames1(i),strValue
        If strValue="http://172.19.45.19" Then
            CheckOk=CheckOk+1
        End If
           End If
       End If
       If CheckOk=2 Then
    Exit For
       End If
          Next
      End If

      strKeyPath = "SOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU"
      arrValueNames2=-1
        oReg.EnumValues HKEY_LOCAL_MACHINE, strKeyPath, arrValueNames2, arrValueTypes2

      If UBound(arrValueNames2)>=0 Then
    For i=0 To UBound(arrValueNames2)
       If arrValueTypes2(i)=REG_DWORD Then
    dwValue=100
    Select Case arrValueNames2(i)
            Case "AUOptions"
            oReg.GetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,arrValueNames2(i),dwValue
            If dwValue=4 Then
             CheckOk1=CheckOk1+1
     End If
        Case "NoAutoRebootWithLoggedOnUsers"
     oReg.GetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,arrValueNames2(i),dwValue
     If dwValue=1 Then
         CheckOk1=CheckOk1+1
            End If
        Case "NoAutoUpdate"
     oReg.GetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,arrValueNames2(i),dwValue
     If dwValue=0 Then
             CheckOk1=CheckOk1+1
     End If
        Case "AutoInstallMinorUpdates"
     oReg.GetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,arrValueNames2(i),dwValue
     If dwValue=1 Then
             CheckOk1=CheckOk1+1
            End If
        Case "ScheduledInstallDay"
     oReg.GetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,arrValueNames2(i),dwValue
     If dwValue=0 Then
             CheckOk1=CheckOk1+1
     End If
        Case "ScheduledInstallTime"
     oReg.GetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,arrValueNames2(i),dwValue
     If dwValue=13 Then
             CheckOk1=CheckOk1+1
            End If
        Case "UseWUServer"
     oReg.GetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,arrValueNames2(i),dwValue
                If dwValue=1 Then
             CheckOk1=CheckOk1+1
            End If
    End Select
       End If
       If CheckOk1=7 Then
    Exit For
       End If
          Next
      End If
      If CheckOK=2 And CheckOk1=7 Then
   f1.WriteLine(strComputer&"-"&serComputername&"-Right-"&objOperatingSystem.Caption&_
       " "&objOperatingSystem.Version&"-"&objOperatingSystem.ServicePackMajorVersion&_
       "."&objOperatingSystem.ServicePackMinorVersion)
      Else
   f1.WriteLine(strComputer&"-"&serComputername&"-Wrong-"&objOperatingSystem.Caption&_
       " "&objOperatingSystem.Version&"-"&objOperatingSystem.ServicePackMajorVersion&_
       "."&objOperatingSystem.ServicePackMinorVersion)
      End If
                End If
     Next
     End If
 Else
     f1.WriteLine(strComputer&"-NoReply-Error-Unknown-Unknown")
 End If
    Next
Next
f1.Close
———————————————————————————————————————
检查内容要求注册表内容必须完全符合要求，包括键名、键值，有任一不符的情况，结果都将显示错误。
结果报告将保存在D:SC下。结果输出格式：IPAddress-ComputerName-IsRight-System.Caption&System.Version-ServicePack
 对结果的分析：
 不成功机器，可以查明原因，然后对以下情况进行修正：
操作系统 对策
Windows 2000 SP2（含SP2）以下版本 将SP升级到SP4，再确认注册表
Windows 2000 SP3（含SP3）以上版本 手动修改注册表
Windows NT WorkStation
Windows 98及以下版本 升级到Windows2000
对于不能升级的机器，在线升级到最新补丁
Windows XP及以上版本 重新安装为Windows 2000
Windows 2000 Server
Windows NT Server 手动使用Windows Update在线更新关键补丁