Jump to content











Photo
- - - - -

How to enable Microsoft Update programmatically

microsoft update windows update

  • Please log in to reply
6 replies to this topic

#1 cornflake

cornflake

    Newbie

  • Members
  • 11 posts
  •  
    United States

Posted 06 November 2011 - 11:33 PM

Here is a good question that I cannot find the answer to. Maybe my google-fu is failing me. My understanding of Vista and Windows 7's update service is that both come with Windows Update and Microsoft Update, but Microsoft Update is disabled by default. In Windows Update there is a message that you can "get updates for other Microsoft products" and if you click the link you'll be directed to Microsoft Update's website where you can enable Microsoft Update via Internet Explorer.

What I want to know is if there is any way to enable Microsoft Update without having to go on each individual computer and follow that link. Is there just some registry entry I can change to enable Microsoft Update, or a standalone installer, or something I can integrate without having to go to a computer and via Internet Explorer enable Microsoft Update? I've searched but I cannot find an answer.

I recently installed on several computers using the wsusoffline update system to post install windows updates after installing windows. This worked fairly well however when I ran the baseline security analyzer it shows all these security updates that have not been applied. I've since learned that this is due to Microsoft Update not being enabled. What I would like to do is for future Vista installs make sure it is enabled and for the already Vista installed find some way to enable it without having to go to each computer and log on to internet explorer and click OK to enable it.

Does anyone have experience with this? And if this isn't the right forum can you perhaps show it to the right forum? This also applies to Windows 7. Thanks!

#2 RoyM

RoyM

    Frequent Member

  • .script developer
  • 357 posts
  • Interests:Component level repair, Micro-processor based equipment. Computer Repair + Custom Builds.
    (ie. Game Machines, Custom Firewalls\Smoothwalls)
    Network Penetration and testing, Including Wireless.
    Fishing, Hunting, Camping, Gaming.
  •  
    United States

Posted 07 November 2011 - 06:25 AM

Hi cornflake.

It might be worth a try to use regshot to locate any changed registry entries.

(For Instance)
Start regshot, Take a snapshot before Microsoft Update,
Take snapshot after Microsoft Update has been enabled.
Compare.

You will probably have quite a few entries to comb through
But you also might get lucky.
Maybe someone else can definitively answer this for you.
This would be good info to know.

Good Luck
RoyM

#3 cornflake

cornflake

    Newbie

  • Members
  • 11 posts
  •  
    United States

Posted 15 November 2011 - 04:48 AM

Since there are no other replies I will try what you suggested. Is there anything more comprehensive than regshot for taking a system snapshot that you can later compare to find the differences?

#4 RoyM

RoyM

    Frequent Member

  • .script developer
  • 357 posts
  • Interests:Component level repair, Micro-processor based equipment. Computer Repair + Custom Builds.
    (ie. Game Machines, Custom Firewalls\Smoothwalls)
    Network Penetration and testing, Including Wireless.
    Fishing, Hunting, Camping, Gaming.
  •  
    United States

Posted 15 November 2011 - 10:37 AM

regshot-2.0.1.70.rar
http://pmsrvr.com/cl...bloomindustries

RegShot v1.8.2 http://www.snapfiles...a=7116553&loc=2
Regshot2.0.1.66Unicode.zip http://regshot2unico...1.66Unicode.zip

A snippet from this post describing why I use 2 regshots:
http://reboot.pro/14...post__p__128044
RegShot v1.8.1 will also catch any files that have been installed into other directories
such as \sys32, \inf or \driver folders.

There is also What Changed which is a little more comprehensive, just takes longer.
http://www.vista-sof...whatchanged.exe

Advanced Registry Tracer Trial Version
http://www.elcomsoft...ownload/art.zip


*** Convert Reg to .script ***

To convert regshot to .script I use:
RegCPE http://galapo.net/ge...s/RegCPE.script

convert *.reg files to script files using Reg2WBS
http://reboot.pro/fi...ile/48-reg2wbs/


*** Advanced tools *** Just google for these if you want to try.

Process Explorer
also known as procexp.exe, shows you information about which handles
and DLLs processes have opened or loaded.

ProcessMonitor
This software will notify you of if a Process stops running on your PC.
It can also be set to let me know if any process has started to run.

#5 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,620 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 15 November 2011 - 07:15 PM

Has it changed from the old XP Registry? :unsure:
http://support.micro...kb/328010/en-us

The "general" path looks like the same:
http://www.howtogeek...-your-computer/

:cheers:
Wonko

#6 cornflake

cornflake

    Newbie

  • Members
  • 11 posts
  •  
    United States

Posted 16 November 2011 - 11:37 PM

Here are the relevant changes. It creates a file C:\Users\Admin\AppData\Local\WindowsUpdate\OptIn\AuthCab\tempauthcab.cab and in that file is an authorization.xml:
<?xml version="1.0" encoding="utf-16" ?>

<ProviderAuthorizationInfo xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

	xmlns="http://schemas.microsoft.com/msus/2002/12/SUSProviderAuthorization">

	<ServiceID>7971f918-a847-4430-9279-4a52d1efe18d</ServiceID>

	<CabVersion>12</CabVersion>

	<IssuedDate>2009-05-18T17:27:43.5251853-08:00</IssuedDate>

	<ExpiryDate>2012-05-18T17:27:43.5251853-08:00</ExpiryDate>

	<RedirectUrl>http://download.windowsupdate.com/v9/microsoftupdate/redir/muv4muredir.cab</RedirectUrl>

	<RedirectUrl>http://download.microsoft.com/v9/microsoftupdate/redir/muv4muredir.cab</RedirectUrl>

	<RedirectUrl>http://www.update.microsoft.com/v9/microsoftupdate/redir/muv4muredir.cab</RedirectUrl>

	<OffersWindowsPatches>true</OffersWindowsPatches>

	<UIPluginCLSID>3809920F-B9D4-42DA-92E0-E26265E0FB89</UIPluginCLSID>

	<IsManaged>false</IsManaged>

	<CanRegisterWithAU>true</CanRegisterWithAU>

	<ServiceUrl>http://www.update.microsoft.com/microsoftupdate/</ServiceUrl>

	<SetupPrefix>mu</SetupPrefix>

	<LocalizedProperties>

		<Language>en</Language>

		<Name>Microsoft Update</Name>

	</LocalizedProperties>

</ProviderAuthorizationInfo>


Something then happens which results in the creation of files:
C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\tempauthcab.cab
C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab
which are just copies of the tempauthcab in my temp dir.


Registry entries show the following relevant changes:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\NextSqmReportTime=2011-11-16 23:50:12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\EnableFeaturedSoftware=1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\ElevateNonAdmins=1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\NextDetectionTime=2011-11-16 00:00:12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\NextFeaturedUpdatesNotificationTime=2011-11-15 23:50:12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\DefaultService=7971f918-a847-4430-9279-4a52d1efe18d

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d\AuthorizationCab=tempauthcab.cab


I did some searching based on those changes. Here are the relevant threads from technet:
Automate "Find Out More" option in windows updates
Auto register for Microsoft updates
answer file and Microsoft Update
And directly from MS: Opt-In to Microsoft Update

In a VM with a clean Vista SP2 install (retail) without any updates applied I followed the directions from MS and created a mu.vbs file with those commands to opt-in. Then as administrator I ran wscript mu.vbs. Doing that creates these keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\DefaultService=7971f918-a847-4430-9279-4a52d1efe18d

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d\AuthorizationCab=authcab.cab

Those technet posts say to enable "IncludeRecommendedUpdates" but for me it was already enabled. However I did notice that even though Windows Update now said I receive updates for Windows and other products from Microsoft Update there was a box below that said "Find out more about free software from Microsoft Update. Click here for details." Click that and you'll toggle the "EnableFeaturedSoftware" key, which up until that point was not enabled. The "EnableFeaturedSoftware" can also be toggled after Microsoft Update is enabled by Windows Update > Change Settings > "Show me detailed notifications when new Microsoft software is available". If you are setting the registry keys you may have to restart the windows update service in order for them to be acknowledged (I had to do this).


So here is what I have tested in a clean vista sp2 vm. Create a file mu.vbs:
Set ServiceManager = CreateObject("Microsoft.Update.ServiceManager")

ServiceManager.ClientApplicationID = "My App"

Set NewUpdateService = ServiceManager.AddService2("7971f918-a847-4430-9279-4a52d1efe18d",7,"")

Then run command prompt as administrator:
net stop wuauserv

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v EnableFeaturedSoftware /t REG_DWORD /d 1 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v IncludeRecommendedUpdates /t REG_DWORD /d 1 /f

cscript c:\users\admin\desktop\mu.vbs

net start wuauserv


The cscript will cause the windows update service to start again so you probably won't need to restart it. Also, if you try to stop Windows Update service and see a message that it can't be stopped you may have to reboot. I'm interested in if someone will try this in a Windows 7 VM and let us know what happens. Also as noted in technet posts this has to be done after-the-fact it can't be done in sysprep apparently.


Many thanks to RoyM. This board should have reputation points.



Posted Image
Posted Image
  • Rui Paz likes this

#7 RoyM

RoyM

    Frequent Member

  • .script developer
  • 357 posts
  • Interests:Component level repair, Micro-processor based equipment. Computer Repair + Custom Builds.
    (ie. Game Machines, Custom Firewalls\Smoothwalls)
    Network Penetration and testing, Including Wireless.
    Fishing, Hunting, Camping, Gaming.
  •  
    United States

Posted 17 November 2011 - 08:35 AM

Hi cornflake

I'm glad to be of some help and that you got your answers.
Thanks for sharing your notes and links.
btw, it seems your google-fu is working after all.

RoyM




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users