This article provides an overview of all WSUS scripts in JetPatch.
These WSUS scripts are used for the following scenarios:
- Scripts that are running as part of a remediation plan execution
- Scripts that are running as part of the WSUS discovery Source
Before we start:
All configurations are made in the JetPatch applicatio nserver, in intigua.properties file (usr/share/tomcat/default/conf/intigua.properties)
WSUS Discovery Source Scripts
There are three scritps that run as part of the WSUS discovery source and they run when the following occurs:
- Intial configuration of WSUS discovery source
- Tomcat Restart (only if there is a wsus discovery source configured)
- Enabling WSUS discovery source, in case it was disabled
- Idle - Configurable time in jetpatch properties.
General Idle Configuration:
# If the previous run was successfull for 'get-update-summaries per group' script
# If the previous run had failed for 'get-update-summaries per group' script
# Delay for the WSUS DS scripts sequence (defaulse is -1)
# Configuration affects only WSUS idle runs. Tasks that were derived by disable/enable or new WSUS DS will skip the delay
# Configure watchdog monitoring timeout (default is 90)
- WSUS Get Updates Summaries Per Computer
- Description: Collect status of applicable patches, for every server that is connected to the WSUS server. This is useful to know the current patch status.
WSUS Get Update Summaries Per Group
Description: For every patch, retreive the approval summary list for every comupter group. (Similar to clicking on a patch and viewing the approval summary for any computer group).
# Enable / Disable the script from running
- WSUS Get Groups and Computers in Group
- Description: Retreive relevant data on computer groupds and computers within WSUS
WSUS - Remediation Plan related scripts
Sync Approval Status with WSUS
Description: Right before a remediation plan is executed, a sync in order to change the approval status is being made.
General WSUS Scripts
- WSUS get Updates
- Description: This script has 2 capabilities: Fetch new patches that were added to WSUS, and are not in JetPatch patch inventory yet. The script can also run a full scan to fetch all WSUS patches.
#Enable / Disable WSUS patch fetching (default value=true):
# Delay WSUS get updates after restarting tomcat
# Configure the 'WSUS get Updates' Script interval
# Configure the maximum number of returned patches for every 'WSUS get updates' Run (default is 10k)
# Configure Full Scan interval (default is 168h)
# Patches that are in JetPatch inventory and didn't return in the full scan will be deleted
2. Watchdog for WSUS discovery source scripts
pg.wsus.fail-unfinished-tasks-timeout.min=180 # default
automation.task.watchdog.job.enabled=true # default