This article provides an overview of all WSUS scripts in JetPatch.
These WSUS scripts are used for the following scenarios:
- Scripts that are running as part of a Remediation Plan execution
- Scripts that are running as part of the WSUS discovery Source
Before we start:
All changes in WSUS scrips are made in intigua.properties file.
To edit configurations ssh JetPatch Application server and edit the intigua.properties file:(usr/share/tomcat/default/conf/intigua.properties)
WSUS Discovery Source Related Scripts
There are three scripts that run as part of the WSUS discovery source:
- WSUS get update summaries per computer
- WSUS get update summaries per group
- WSUS get groups and computers in a group
The scripts run when the following activities take place:
- Initial configuration of WSUS discovery source
- Tomcat Restart (only if a WSUS DS is already configured)
- Enabling WSUS discovery source, in case it was disabled
- Idle - Configurable time in JetPatch properties.
General Idle Configuration:
# If the previous run was successfull for WSUS Get Groups and Update Summaries Scripts
# If the previous run had failed for WSUS Get Groups and Update Summaries Scripts script
# Delay for the WSUS DS scripts sequence (defaulse is -1)
# Configuration affects only WSUS idle runs. Tasks that were derived by disable/enable or new WSUS DS will skip the delay
# Configure watchdog monitoring timeout (default is 90)
- WSUS Get Updates Summaries Per Computer
- Description: Collect status of applicable patches, for every server that is connected to the WSUS server. This is useful to know the current patch status.
WSUS Get Update Summaries Per Group
Description: For every patch, retreive the approval summary list for every comupter group. (Similar to clicking on a patch and viewing the approval summary for any computer group).
# Enable / Disable the script from running
- WSUS Get Groups and Computers in Group
- Description: Retreive relevant data on computer groupds and computers within WSUS
WSUS - Remediation Plan related scripts
Sync Approval Status with WSUS
Description: After a remediation plan is activated, a sync is made to WSUS in order to change the approval status.
General WSUS Scripts
- WSUS get Updates
- Description: This script has 2 capabilities: Fetch new patches that were added to WSUS, and are not in JetPatch patch inventory yet. The script can also run a full scan to fetch all WSUS patches.
#Enable / Disable WSUS patch fetching (default value=true):
# Delay WSUS get updates after restarting tomcat
# Configure the 'WSUS get Updates' Script interval
# Configure the maximum number of returned patches for every 'WSUS get updates' Run (default is 10k)
# Configure Full Scan interval (default is 168h)
# Patches that are in JetPatch inventory and didn't return in the full scan will be deleted
2. Watchdog for WSUS discovery source and WSUS Get Updates scripts
pg.wsus.fail-unfinished-tasks-timeout.min=180 # default
automation.task.watchdog.job.enabled=true # default