当前位置：首页 > news >正文

使用Optimization tool优化后禁用windows更新批量的脚本

news 来源：原创 2025/6/13 10:08:07

可以使用powercli推送到虚机批量运行进行恢复。

# Windows Update服务和注册表配置脚本# 检查脚本是否以管理员权限运行
function Test-Administrator {$user = [Security.Principal.WindowsIdentity]::GetCurrent()$principal = New-Object Security.Principal.WindowsPrincipal $userreturn $principal.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
}if (-not (Test-Administrator)) {Write-Warning "此脚本需要管理员权限运行。请右键点击PowerShell并选择'以管理员身份运行'。"exit
}try {# 设置执行策略（临时）$originalExecutionPolicy = Get-ExecutionPolicySet-ExecutionPolicy Bypass -Scope Process -ForceWrite-Host "正在配置Windows Update服务和注册表..." -ForegroundColor Cyan# 启动并设置wuauserv服务为自动启动Write-Host "配置wuauserv服务..." -ForegroundColor Yellow$wuauserv = Get-Service wuauserv -ErrorAction SilentlyContinueif ($wuauserv) {if ($wuauserv.Status -ne 'Running') {Start-Service wuauserv -ErrorAction StopWrite-Host "  已启动wuauserv服务" -ForegroundColor Green} else {Write-Host "  wuauserv服务已在运行" -ForegroundColor Green}if ($wuauserv.StartType -ne 'Automatic') {Set-Service wuauserv -StartupType Automatic -ErrorAction StopWrite-Host "  已将wuauserv服务设置为自动启动" -ForegroundColor Green} else {Write-Host "  wuauserv服务已是自动启动类型" -ForegroundColor Green}} else {Write-Warning "未找到wuauserv服务！"}# 创建WindowsUpdate注册表路径$windowsUpdatePath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"if (-not (Test-Path $windowsUpdatePath)) {New-Item -Path $windowsUpdatePath -Force | Out-NullWrite-Host "  创建了注册表路径: $windowsUpdatePath" -ForegroundColor Green}# 设置WindowsUpdate注册表项Write-Host "配置WindowsUpdate注册表项..." -ForegroundColor Yellow$registrySettings = @{"ElevateNonAdmins"                              = 1"TargetGroupEnabled"                            = 1"TargetGroup"                                   = "VDI""DisableDualScan"                               = 1"DoNotConnectToWindowsUpdateInternetLocations" = 1"SetDisableUXWUAccess"                          = 0"DisableWindowsUpdateAccess"                    = 0}foreach ($key in $registrySettings.Keys) {$value = $registrySettings[$key]$valueType = if ($value -is [int]) {'DWord'} else {'String'}New-ItemProperty -Path $windowsUpdatePath -Name $key -Value $value -PropertyType $valueType -Force | Out-NullWrite-Host "  设置注册表项: $key = $value ($valueType)" -ForegroundColor Green}#修改 UsoSvc 服务的启动类型Set-ItemProperty -Path "HKLM:\SYSTEM\ControlSet001\Services\UsoSvc" -Name "Start" -Value 3#修改 WaaSMedicSvc 服务的启动类型Set-ItemProperty -Path "HKLM:\SYSTEM\ControlSet001\Services\WaaSMedicSvc" -Name "Start" -Value 3# 创建AU注册表路径$auPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"if (-not (Test-Path $auPath)) {New-Item -Path $auPath -Force | Out-NullWrite-Host "  创建了注册表路径: $auPath" -ForegroundColor Green}# 设置AU注册表项Write-Host "配置WindowsUpdate\AU注册表项..." -ForegroundColor Yellow$auSettings = @{"AutoInstallMinorUpdates"          = 1"NoAutoRebootWithLoggedOnUsers"    = 1"RebootRelaunchTimeoutEnabled"     = 1"RebootRelaunchTimeout"            = 480  # 0x1e0 = 480分钟"NoAutoUpdate"                     = 0"AUOptions"                        = 4    # 自动下载并计划安装"ScheduledInstallDay"              = 7    # 星期日"ScheduledInstallTime"             = 1    # 凌晨1点"ScheduledInstallEveryWeek"        = 1}foreach ($key in $auSettings.Keys) {New-ItemProperty -Path $auPath -Name $key -Value $auSettings[$key] -PropertyType DWord -Force | Out-NullWrite-Host "  设置注册表项: $key = $($auSettings[$key]) (DWord)" -ForegroundColor Green}# 新增：更新组策略Write-Host "`n正在更新组策略..." -ForegroundColor Yellowtry {# 强制刷新组策略（计算机和用户设置）Invoke-Expression "gpupdate /force" -ErrorAction StopWrite-Host "  组策略已成功更新！" -ForegroundColor Green}catch {Write-Warning "  组策略更新失败: $_"Write-Warning "  请手动运行'gpupdate /force'命令更新组策略"}Write-Host "`n配置完成！" -ForegroundColor CyanWrite-Host "建议重启计算机使所有更改生效。" -ForegroundColor Yellow# 恢复原始执行策略Set-ExecutionPolicy $originalExecutionPolicy -Scope Process -Force
}
catch {Write-Error "执行过程中发生错误: $_"
}