# SPDX-License-Identifier: MIT-0 # # Permission is hereby granted, free of charge, to any person obtaining a copy of this # software and associated documentation files (the "Software"), to deal in the Software # without restriction, including without limitation the rights to use, copy, modify, # merge, publish, distribute, sublicense, and/or sell copies of the Software, and to # permit persons to whom the Software is furnished to do so. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, # INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A # PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. name: WsusConfiguration description: 'Configure WSUS server via registry keys' schemaVersion: 1.0 constants: - WUServer: type: string value: http://10.0.0.1:8530 - WUStatusServer: type: string value: http://10.0.0.1:8530 - TargetGroup: type: string value: Ec2ImageBuilder phases: - name: build steps: - name: ConfigureWsusServer action: ExecutePowerShell inputs: commands: - | $ErrorActionPreference = 'Stop' $ProgressPreference = 'SilentlyContinue' $registryRoot = "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate" $registryRootAu = $registryRoot + "\AU" Write-Host "Setting Windows Update Server..." Set-ItemProperty -Path $registryRoot -Name "WUServer" -Type String -Value "{{ WUServer }}" Write-Host "done." Write-Host "Setting Windows Update Status Server..." Set-ItemProperty -Path $registryRoot -Name "WUStatusServer" -Type String -Value "{{ WUStatusServer }}" Write-Host "done." Write-Host "Enabling client-side targeting..." Set-ItemProperty -Path $registryRoot -Name "TargetGroupEnabled" -Type DWord -Value 1 Write-Host "done." Write-Host "Setting Windows Update TargetGroup..." Set-ItemProperty -Path $registryRoot -Name "TargetGroup" -Type String -Value "{{ TargetGroup }}" Write-Host "done." Write-Host "Switching update source from Windows Update to WSUS Server..." Set-ItemProperty -Path $registryRootAu -Name "UseWUServer" -Type DWord -Value 1 Write-Host "done." Write-Host "Restarting Windows Update Service to activate settings..." Restart-Service -Name "wuauserv" Write-Host "done." - name: validate steps: - name: ValidateLocalUserCreation action: ExecutePowerShell inputs: commands: - | $ErrorActionPreference = 'Stop' $ProgressPreference = 'SilentlyContinue' $registryRoot = "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate" $registryRootAu = $registryRoot + "\AU" Write-Host "Validating WSUS configuration" if ( (Get-ItemProperty -Path $registryRoot -Name WUServer).WUServer -ne "{{ WUServer }}" ) { Write-Host "Validation failed. Wrong WUServer" exit 1 } if ( (Get-ItemProperty -Path $registryRoot -Name WUStatusServer).WUStatusServer -ne "{{ WUStatusServer }}" ) { Write-Host "Validation failed. Wrong WUStatusServer" exit 1 } if ( (Get-ItemProperty -Path $registryRoot -Name TargetGroupEnabled).TargetGroupEnabled -ne 1 ) { Write-Host "Validation failed. Client-side targeting is not active" exit 1 } if ( (Get-ItemProperty -Path $registryRoot -Name TargetGroup).TargetGroup -ne "{{ TargetGroup }}" ) { Write-Host "Validation failed. Wrong Target Group" exit 1 } if ( (Get-ItemProperty -Path $registryRootAu -Name UseWUServer).UseWUServer -ne 1 ) { Write-Host "Validation failed. Automatic update is not configured to use WSUS as update source" exit 1 } Write-Host "Validating WSUS was successful"