Wsus_Package_Publisher icon indicating copy to clipboard operation
Wsus_Package_Publisher copied to clipboard
verified publisher icon DCourtel

Could WPP used to create new EXE or MSI updates without GUI, via CLI? Powershell?

Open TokenRing opened this issue 1 year ago • 4 comments

Backstory:

Hello! I have to manage VSCode installs on a bunch of non-internet-connected windows servers that are used for restricted data research. We have an SCCM (MECM) instance running locally to handle patches and updates, as required by our Data Use Agreements.

VSCode is one of our ongoing annoyances, since it's not in WSUS and it's not in any of the (free) 3rd party patch publishers like PatchMyPC, etc. Every few weeks, we need to spend a few minutes to build a new SCCM "Application" for the new version of VSCode, and Deploy it, and then it usually works.

Question/Request (may be related to this issue? https://github.com/DCourtel/Wsus_Package_Publisher/issues/3)

WPP seems like it might be perfect. I already have it in my mind that I can build a powershell script that will daily

  1. grab the current install version of VSCode from https://update.code.visualstudio.com/latest/win32-x64/stable
  2. compare it to what yesterday's grabbed version was (like, just put the last 4 digits into a current-version.txt file on the WSUS server as a note, then the next day, do Get-Content on that .txt file to compare)
  3. if it's changed, then delete the old version and keep the new one.
  4. Save the new version number to $ver, and the new install exe's downloaded path to $path. While this is just for VSCode in particular, if I ever wanted to use it for programs that updates are multiple .exe files, you could design the -Files parameter able to use semicolons or commas to split additional files like $path[1],$path[2],$path[3] that sort of thing.

At that point, I'd use this script to call WPP via powershell, or cmd/bat or whatever, and then, looking at your documentation for Publishing an EXE: https://github.com/DCourtel/Wsus_Package_Publisher/wiki/PublishingAnExe I could run a cmdlet or just the WPP exe with /arguments, just using the same fields you have laid out in your screenshots:

New-WPP-Update -Files "$path" -VendorName "Microsoft" -Product "Visual Studio Code" -Title "VSCode $ver" -Description "Newest VSCode update, version $ver, published by your local IT group" -RebootBehavior "Never" -ReturnCodes "1;Succeeded;NoReboot,0;Succeeded;NoReboot" -CommandLine "" -InstalledRules "Custom Rule I already Made" -InstallableRules "A different Custom Rule I already Made"

Hope that example makes sense. The script would populate the command with the variables for each individual custom published exe/msi and then execute it, and the WPP would run headless to add the file to WSUS.

Maybe this is something planned for WPP v2 already?

TokenRing avatar Mar 12 '25 21:03 TokenRing

And @DCourtel - I know you work for PatchMyPC now, so of course I don't mean anything negative toward your current company at all - it's just that at a minimum cost of $2000 for 1000 PCs for your full application suite (including VSCode!) it's beyond our budget. We only have about 50 non-networked VMs in this Citrix cluster; we can't really justify $2000 for that sadly. I'd love if we had the budget to just chuck money at this already-been-solved-by-MECM-3rd-Party-Catalogs issue, but here we are!

TokenRing avatar Mar 12 '25 21:03 TokenRing

edit: seems the author deleted their post

Hello @Andrisrrr - was this directed at me? I'm not quite sure what you're telling me. First of all, the "source of the file" you wrote seems incorrect; the official website offers the full system-installed (rather than user-context install) version right here, for every version: https://code.visualstudio.com/docs/supporting/FAQ#_previous-release-versions

All you need to do is put 'latest' in the {version} section of whatever build you want for any OS.

Also - I already knew how to silently install VSCode for SCCM/MECM purposes. We do that every month, manually, for an Application install for VSCode. The point of my question here about WPP, is that we don't want to use SCCM "Applications" anymore, we want an SCCM "Update" - which only come via WSUS, and therefore I need a 3rd party method of loading 3rd party .exe and .msi files into WSUS - that's where WPP comes in.

The feature question I was asking about, was specifically whether it was possible to interact with WPP via a command-line interface, instead of the GUI, because if I can script WPP, then I can set up a system to automatically download any program's EXE or MSI files that I need on a regular, Scheduled-Task basis, then have WPP import them automatically into WSUS.

TokenRing avatar Mar 13 '25 15:03 TokenRing

Hi @TokenRing, I’m glad to see that somebody is still using WPP 😉 I’m sorry that PMPC is out of budget for your company. To be honest, I didn’t work on WPP for a long time. Microsoft deprecated WSUS last year. There is no way to publish a new package to WSUS using the WPP command line or CmdLet.

DCourtel avatar Mar 18 '25 14:03 DCourtel

Wsus isn't dead, it's still present in Windows 2025 until the end of Windows 2025 Server's life.

There will be no new features. It would be a shame to do without a tool like Wsus Publisher Packager for ten years.

But I understand your position.

Thank you for your tools.

Sincerely

Prisme

prisme666 avatar Mar 26 '25 17:03 prisme666