Unfortunately, while you can retrieve windows update settings via the COM API over winrm, you cannot manipulate those settings in a "non-interactive" logon context (which is what winrm is considered). It's a legacy security setting since before winrm was a thing.
Workarounds include setting up a scheduled task to run the command or directly manipulating the registry. I don’t have the keys off-hand.
A better way would be to use the wsus-client cookbook. ( https://supermarket.getchef.com/cookbooks/wsus-client)
Steve
Steven Murawski
Community Manager @ Chef
Microsoft MVP - PowerShell
http://stevenmurawski.com
Hello all,
I'm running into a situation where running chef-client via knife winrm fails while running it locally on the machine passes.
After isolating the problem I figured out a specific powershell command that returns different results when running locally on the machine vs. running via knife winrm.
Goal:
I'm trying to disable the windows update feature on the client.
(Note: The first powershell command is to get the correspond object. I didn’t write the whole script here)
Here are commands & results I see:
----------------------------------------
* Via knife winrm: (No results at all)
C:\Users\Administrator\MyProjects\chef-repo>knife winrm 143.185.1.1 -m -x ‘user’ -P 'password' ' powershell.exe -NoLogo -NonInteractive -NoProfile -ExecutionPolicy RemoteSigned -InputFormat
None (New-Object -ComObject "Microsoft.Update.AutoUpdate").Settings '
C:\Users\Administrator\MyProjects\chef-repo>
----------------------------------------
* Locally on the machine:
c:\temp>powershell.exe -NoLogo -NonInteractive -NoProfile -ExecutionPolicy RemoteSigned -InputFormat None (New-Object -ComObject "Microsoft.Update.AutoUpdate").Settings
NotificationLevel : 1
ReadOnly : True
Required : False
ScheduledInstallationDay : 0
ScheduledInstallationTime : 3
IncludeRecommendedUpdates : False
NonAdministratorsElevated : True
FeaturedUpdatesEnabled : False
----------------------------------------
Another version (without the .Settings in the end)
----------------------------------------
* Via knife winrm: (You can see that Settings & ServiceEnabled are empty)
C:\Users\Administrator\MyProjects\chef-repo>knife winrm 143.185.1.1 -m -x 'user' -P 'password' 'powershell.exe -NoLogo -NonInteractive -NoProfile -ExecutionPolicy RemoteSigned -InputFormat None (New-Object -ComObject "Microsoft.Update.AutoUpdate") '
143.185.1.1
143.185.1.1 Settings ServiceEnabled Results
143.185.1.1
143.185.1.1 -------- -------------- -------
143.185.1.1 System.__ComObject
143.185.1.1
143.185.1.1
C:\Users\Administrator\MyProjects\chef-repo>
----------------------------------------
* Locally on the machine:
c:\temp>powershell.exe -NoLogo -NonInteractive -NoProfile -ExecutionPolicy RemoteSigned -InputFormat None (New-Object -ComObject "Microsoft.Update.AutoUpdate")
Settings ServiceEnabled Results
-------- -------------- -------
System.__ComObject True System.__ComObject
----------------------------------------
Any suggestions?
Thanks,
Raanan.
---------------------------------------------------------------------
Intel Israel (74) LimitedThis e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.
Archive powered by MHonArc 2.6.16.