How to combine WOL and POL with SUS

Version 3

 

Introduction

After using Microsoft’s Software Update Services (SUS-SP1) for some months at our office in a Windows 2000 Active Directory environment, it appeared that combining SUS with a Wake-on-LAN option would be a nice extra feature.

 

At our office, the earliest user normally logs on not before 07:00 in the morning, and when we leave the office at the end of the day, the computers normally are powered-down.

With our original setup of SUS, users often got a message a few minutes after starting up their computer in the morning, saying that the computer had to be restarted to finish the installation of an update.

This sometimes was an annoyance.

 

With the addition of Wake-on-LAN (WOL), the computers are automatically started when necessary, at the most convenient moment.

A few minutes later the updates are installed in accordance with the SUS settings.

When the installation of the update is finished, the computers are automatically rebooted by SUS if necessary.

Finally, the computers that have been started using WOL are powered-down again, using Power-down-on-LAN (POL).

At 07:00 the computers now are ready and waiting for the users to start them up and log on.

Below, you will find an explanation of how I did set this up.

 

Requirements

For this setup, the following is needed:

 

 

Four KiXtart scripts:

 

SUS configuration

In Active Directory Users and Computers, I created an OU (Organizational Unit) called “SUS-computers”, which contains the computers that are updated with SUS.

In this OU, I configured a GPO (Group Policy Object) that controls the SUS settings:

In “Computer Configuration / Administrative Templates / Windows Components / Windows Update”:

 

With these settings, the computers automatically download the approved SUS-updates during the day. This happens in the background, using BITS (Background Intelligent Transfer Service).

The updates are installed at 04:00 in the morning if the computer is running at that moment. If required, the computers are automatically rebooted when the install is ready.

If the computers would not be running at 04:00, then the installation would occur a few minutes after they are started-up by the users, at 07:00 or later, followed by a warning message for any logged-on user, indicating that the computer has to be rebooted.

 

Wake-on-LAN configuration

First of all, the client computers have to support the WOL function, and this feature has to be enabled.

Normally this is a setting in the BIOS, but sometimes the Properties settings of the network card can influence this as well.

 

The following files have been copied to the default NETLOGON share:

 

In the same OU “SUS-computers” as mentioned above, I configured a shutdown script “sustatus.kix” to run whenever a computer is shutdown.

In “Computer Configuration / Windows Settings / Scripts (Startup/Shutdown) / Shutdown”:

This script checks for the Auto Update status in the Windows registry of the computer. If the Status is “5” (Install pending), an initialization file suswol.ini is updated to reflect this.

 

In the same OU “SUS-computers”, I also configured a startup script “susnowol.kix” to run whenever a computer is started.

In “Computer Configuration / Windows Settings / Scripts (Startup/Shutdown) / Startup”:

This script removes the entry from the suswol.ini file when present, whenever the computer is started. Like this it is ensured that only the powered-down computers with AU-status “5” are listed in the suswol.ini file.

 

On the Windows 2000 Domain Controller, I created a Scheduled Task “SUS-WOL”, which runs the suswol.kix script:

This task is scheduled to run every day at 03:55.

The suswol.kix script reads the initialization file suswol.ini, that has been created by the shutdown script sustatus.kix, and starts the computers that are listed, using the WOL function from PowerOff through its command line interface. The script also sets the POL-trigger in the suspol.ini file for all computers that are started using WOL.

 

On the Windows 2000 Domain Controller, I also created a Scheduled Task “SUS-POL”, which runs the suspol.kix script:

This task is scheduled to run every day at 04:35.

The suspol.kix script reads the initialization file suspol.ini, that has been created by the script suswol.kix, and powers-down the computers that are listed, using the POL function from PsShutdown through its command line interface.

 

With this setup, it is ensured that the computers are running at 04:00 if required, so that the updates can be installed at that moment.

The computers are only powered-down when they have been started through the WOL option. Like this it is ensured that any computers that were left running deliberately will not be powered-down by POL.

The computers are now ready for the users to log on at 07:00.

 

The scripts

Below, you will find version 3 of the code for the KiXtart scripts.

 

sustatus.kix

;2003-08-31, sustatus.kix, SUSWOL version 3.0, created by Ed van Balen

;This shutdown script checks for the status of SUS AutoUpdate on shutdown,

;writes the AU-status to a cumulative log file, and sets the WOL-trigger in

;the initialization file suswol.ini if the AU-status = "5" (Install pending).

 

$AUState = READVALUE('HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update','AUState')

OPEN(1,'\\server-name\WOL$\sustat.log',5)

WRITELINE(1,@DATE+','+@TIME+','+@IPADDRESS0+','+$AUState+','+@WKSTA+@CRLF)

CLOSE(1)

IF $AUState = 5

WRITEPROFILESTRING('\\server-name\WOL$\suswol.ini','SUSWOL',JOIN(SPLIT(@IPADDRESS0,' '),'')+','+@ADDRESS, 'WOL')

ENDIF

 

The result of this script is an initialization file “suswol.ini”, that is updated at shutdown of every computer. This ini file contains a list of computers that currently have the status “Install pending” at shutdown.

“$AUState” is a variable containing the SUS AutoUpdate status of the computer.

 “WOL$” is a share on the server where the logs and ini files are stored. Note that, because the local system account runs the script at shutdown, this share has to be read/write accessible to “Everyone”.

“sustat.log” is an optional additional cumulative log file to log the SUS status of the computers at every shutdown.

 

susnowol.kix

;2003-08-31, susnowol.kix, SUSWOL version 3.0, created by Ed van Balen

;This startup script removes the WOL-trigger from the suswol.ini file

;whenever a computer is started, to ensure that only powered-down

;computers with AU-status "5" are listed in suswol.ini.

 

WRITEPROFILESTRING('\\server-name\WOL$\suswol.ini','SUSWOL',JOIN(SPLIT(@IPADDRESS0,' '),'')+','+@ADDRESS,'')

 

The result of this script is that whenever a computer is started, its entry is removed from the suswol.ini file when present, to ensure that only powered-down computers with AU-status “5” are listed in the suswol.ini file.

 

suswol.kix

;2003-08-31, suswol.kix, SUSWOL version 3.0, created by Ed van Balen

;This scheduled script reads the WOL-triggers from the suswol.ini file,

;starts the listed computers, writes this action to a cumulative log file,

;and sets the POL-trigger in the suspol.ini file.

 

OPEN(1,'\\server-name\WOL$\suswol.log',5)

COPY '\\server-name\WOL$\suswol.ini' '\\server-name\WOL$\suswoltemp.ini'

FOR EACH $PC IN SPLIT(READPROFILESTRING('\\server-name\WOL$\suswoltemp.ini','SUSWOL',''),CHR(10))

            $IP = LEFT($PC,LEN($PC)-13)

            $MAC = RIGHT($PC,12)

            IF $IP

                        RUN 'poweroff.exe wol -ip $IP -subnet 255.255.255.0 -mac $MAC'

                        WRITELINE(1,@DATE+','+@TIME+','+$MAC+','+$IP+@CRLF)

                        WRITEPROFILESTRING('\\server-name\WOL$\suspol.ini','SUSPOL',$IP,'POL')

                        SLEEP 0.5

            ENDIF

NEXT

DEL '\\server-name\WOL$\suswoltemp.ini'

 

The result of this script is that all computers that are listed in the suswol.ini file are sent a magic packet by PowerOff, to initiate a WOL.

Further, for all computers that are started using WOL, the POL-trigger is set in the suspol.ini file.

The suswol.ini file is copied to the temporary file suswoltemp.ini to preclude interference from computers that are waken and thus run the startup script sustatus.kix, which in turn touches the suswol.ini file.

“suswol.log” is an optional additional cumulative log file to log all WOL instances.

“$PC” is a variable containing a single entry from the ini file.

“$IP” is a variable containing the client computer’s IP-address.

“$MAC” is a variable containing the client computer’s MAC-address.

The SLEEP function ensures that not all computers are started at the same moment, to preclude interference when all computers would run their startup script at the same moment, and to preclude a sudden peak in power consumption.

 

suspol.kix

;2003-08-31, suspol.kix, SUSWOL version 3.0, created by Ed van Balen

;This scheduled script reads the POL-triggers from the suspol.ini file,

;powers-down the listed computers, writes this action to a cumulative log file,

;and resets the POL-triggers.

 

OPEN(1,'\\server-name\WOL$\suspol.log',5)

FOR EACH $IP IN SPLIT(READPROFILESTRING('\\server-name\WOL$\suspol.ini','SUSPOL',''),CHR(10))

            IF $IP

                        RUN 'psshutdown.exe -k -t 1 \\$IP'

                        WRITELINE(1,@DATE+','+@TIME+','+$IP+@CRLF)

                        SLEEP 0.5

            ENDIF

NEXT

WRITEPROFILESTRING('\\server-name\WOL$\suspol.ini','SUSPOL','','')

 

The result of this script is that all computers that are listed in the suspol.ini file are powered-down by PsShutdown, using the POL function.

When the script is finished, the POL-triggers in the suspol.ini file are reset.

“$IP” is a variable containing the client computer’s IP-address.

The SLEEP function ensures that not all computers are shutdown at the same moment, to preclude interference when all computers would run their shutdown script at the same moment.

 

Some more details

SUS (Software Update Services) is a Microsoft application that runs on Windows 2000 Server or Windows Server 2003, and that automatically deploys critical and security updates to Windows 2000 Pro and Windows XP Pro clients.

The current version is 1.0 with SP1, and it can be downloaded and installed as a free add-on for Windows 2000 Server or Windows Server 2003.

SUSserver.com and FAQShop.com are other good sources for information about SUS.

 

KiXtart is a scripting engine and language, commonly used in Windows environments, mainly for logon scripts.

It has been tested to work with the above scripts as of version 4.21 and on.

The current version is 4.23, and it is licensed as Careware.

 

PowerOff from Jorgen Bosman is a very useful tool to control all possible power states of Windows computers, including using WOL, both through a GUI and a command line interface.

It has been tested to work with the above scripts as of version 3.0.0.17 and on.

The current version is 3.0.1.3, and it is licensed as Freeware.

 

PsShutdown from Sysinternals is a very useful tool that, amongst others, can be used for powering down remote computers using POL, without the necessity to install any additional software on these remote computers.

It has been tested to work with the above scripts as of version 2.11 and on.

The current version is 2.4, and it is licensed as Freeware.

 

Client computers in the domain that do not support WOL are not effected in any way by the scripts. These are still updated as usual by SUS, acting as described in the SUS configuration paragraph above.

 

In the scripts, the client computers are identified by their IP-address.

So to preclude wrong computers being targeted when IP-address leases are expired, it is best to use fixed IP-addresses for the client computers.

At our Windows 2000 AD domain we did set this up using Reservations on the DHCP server for each client.

At least, the DHCP lease duration has to be long enough to preclude this problem. The Windows 2000 default lease duration of 8 days probably is OK.

 

The cumulative log files are not mandatory for this setup to work. They can be used for checking the functionality of the configuration, and / or for maintaining a history of the performed actions.

 

Wrap up

If you are interested in trying-out this setup for yourself, and assuming that you already have a working configuration of SUS similar to my setup, all you have to do is:

 

Required changes are: “server-name” and “domain-name”, and possibly the IP subnet mask if you are using a different address range.

Optional changes can be: the scheduled time settings for SUS and the scheduled tasks, and the names of the scripts, variables, log files and share.

 

Conclusion

Hopefully you will enjoy using WOL and POL in combination with SUS as much as we do  J

 

Ed van Balen

Amsterdam

The Netherlands

Europe

 

History

January 16, 2005

Scheduled time for POL-script changed into 4:35, to take into account installation of Win2000 Service Packs.

KiXtart and PsShutdown version information updated.

June 21, 2004

Small HTML code correction for compatibility with Mozilla.

June 6, 2004

KiXtart and PsShutdown version information updated.

September 14, 2003

Website moved to another hosting provider.

September 6, 2003

Some small editorial changes.

August 31, 2003

Version 3 of the KiXtart scripts introduced:

-Option added to power-down the computers after installation of the updates

-Script “wol.kix” renamed to “suswol.kix” for consistency

Old version 2 moved to separate page for reference.

Info about PsShutdown added.

Some other editorial changes.

August 18, 2003

Version 2 of the KiXtart scripts introduced:

- Scripts improved to make them date-independent

- IP-address handling improved

Old version 1 moved to separate page for reference.

Download link to scripts added.

PowerOff version information updated.

August 9, 2003

“Wrap up” paragraph added.

Syntax coloring added to the KiXtart scripts.

PowerOff version information updated.

Some other editorial changes.

July 30, 2003

Some small editorial changes.

July 26, 2003

Script “shutdown.kix” renamed to “sustatus.kix”.

Script “sustatus.kix” modified to preclude empty daily log files.

Page rearranged for clarity.

July 24, 2003

In the wol.kix script, on line 6, “@DAYNO” was incorrect.

This has been changed in to “@YDAYNO”.