远程批量升级IE11
一、背景:
现分行预计有20台电脑要给现在的IE8升级到IE11,这20台电脑安装有控制软件,可以通过控制台软件批量发送安装程序;
二、实施:
查看系统都是win7 32位SP1版本的,查询Microsoft官网说,win7 32位SP1版本升级IE11,必须要安装如下更新包或程序(最好按顺序安装)
Windows6.1-KB2533623-x86.msu
Windows6.1-KB2670838-x86.msu
Windows6.1-KB2729094-v2-x86.msu
Windows6.1-KB2731771-x86.msu
Windows6.1-KB2786081-x86.msu
Windows6.1-KB2834140-v2-x86.msu
IE11-Windows6.1-x86-zh-cn.exe
IE11-Windows6.1-LanguagePack-x86-zh-cn.msu
先总部电脑搭建一个FTP服务器,分行电脑通过FTP下载升级包,然后运行安装。
三、代码:
@echo off&setlocal enabledelayedexpansion&title UpdateIE11 rem:设置开关用于防误操作 IF not [%1] == [yes] (goto :eof) rem:检测IE版本 :CheckIEVerion For /f "tokens=3" %%a in ('REG QUERY "HKLM\SOFTWARE\Microsoft\Internet Explorer" /v Version') do ( For /f "delims=. tokens=1,2" %%i in ("%%a") do ( IF %%j equ 0 (set IEVersion=%%i) else set IEVersion=%%j ) ) IF %IEVersion% EQU 11 (goto :eof)
rem:设置弹窗提示(实际在非运行批处理程序的用户下会提示交互式提醒,如脚本通过administrator运行,但登录的是test用户) :Message ::start /b mshta vbscript:msgbox("5分钟后系统将自动进行升级,浏览器将自动关闭,请勿关闭电脑!(预计耗时20分钟)",64,"系统升级提示!--IT信息技术中心")(window.close) rem:升级包放在FTP服务器的IE11x86目录下,下载到分行电脑本地c:\IE11,这里有时需要开启允许FTP应用程序通过防火墙 :FTP netsh advfirewall firewall add rule name = "AllowFTP" dir = in action = allow profile = any if not exist "c:\IE11" (mkdir c:\IE11) echo>ftp.script open *.*.*.* echo>>ftp.script anonymous echo>>ftp.script echo>>ftp.script binary echo>>ftp.script cd IE11x86 echo>>ftp.script prompt off echo>>ftp.script lcd c:\IE11 echo>>ftp.script mget *.* echo>>ftp.script close echo>>ftp.script bye ftp -s:ftp.script del /f /q ftp.script netsh advfirewall firewall delete rule name = "AllowFTP" rem:下载完后开始安装,因为直接安装升级包会比较慢,这里选择提取升级包的主要cab文件(更新包 /x:目录;一般安装程序可以通过"/?"查看安装参数,还可以用pkgmgr安装升级包),然后再通过dism部署,这里记得开启Windows更新服务 :InstallIE11 if not exist c:\IE11\Windows6.1-KB2533623-x86.cab (goto :eof) if not exist c:\IE11\Windows6.1-KB2670838-x86.cab (goto :eof) if not exist c:\IE11\Windows6.1-KB2729094-v2-x86.cab (goto :eof) if not exist c:\IE11\Windows6.1-KB2731771-x86.cab (goto :eof) if not exist c:\IE11\Windows6.1-KB2786081-x86.cab (goto :eof) if not exist c:\IE11\Windows6.1-KB2834140-v2-x86.cab (goto :eof) if not exist c:\IE11\x1IE-Win7.cab (goto :eof) if not exist c:\IE11\x2ielangpack-zh-CN.cab (goto :eof) cd c:\IE11 sc config wuauserv start= auto net start wuauserv ::start /wait wusa Windows6.1-KB2533623-x86.msu /quiet /norestart ::start /wait wusa Windows6.1-KB2670838-x86.msu /quiet /norestart ::start /wait wusa Windows6.1-KB2729094-v2-x86.msu /quiet /norestart ::start /wait wusa Windows6.1-KB2731771-x86.msu /quiet /norestart ::start /wait wusa Windows6.1-KB2786081-x86.msu /quiet /norestart ::start /wait wusa Windows6.1-KB2834140-v2-x86.msu /quiet /norestart ::start /wait IE11-Windows6.1-x86-zh-cn.exe /quiet /closeprograms /norestart ::start /wait wusa IE11-Windows6.1-LanguagePack-x86-zh-cn.msu /quiet /norestart for /r c:\IE11 %%i in (*.cab) do dism /online /norestart /add-package /packagepath:%%i net stop wuauserv sc config wuauserv start= disabled rem:关闭Chrome浏览器自动更新 :NoChromeUpdate schtasks /change /tn "GoogleUpdateTaskMachineCore" /disable schtasks /change /tn "GoogleUpdateTaskMachineUA" /disable rem:删除桌面文件 del /f /s /q "C:\Users\test\Desktop\*.jpeg" del /f /s /q "C:\Users\test\Desktop\*.jpg" del /f /s /q "C:\Users\test\Desktop\*.png" del /f /s /q "C:\Users\test\Desktop\*.bmp" del /f /s /q "C:\Users\test\Desktop\*.tif" del /f /s /q "C:\Users\test\Desktop\*.txt" del /f /s /q "C:\Users\test\Desktop\*.pdf" del /f /s /q "C:\Users\test\Desktop\*.tmp" del /f /s /q "C:\Users\test\Desktop\*.doc" del /f /s /q "C:\Users\test\Desktop\*.xls" del /f /s /q "C:\Users\test\Desktop\*.ppt" del /f /s /q "C:\Users\test\Desktop\*.docx" del /f /s /q "C:\Users\test\Desktop\*.xlsx" del /f /s /q "C:\Users\test\Desktop\*.pptx" rem:清除Chrome浏览器缓存,关闭IE浏览器 taskkill /f /im chrome.exe taskkill /f /im iexplore.exe del /f /s /q "C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Cache" del /f /s /q "C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Cookies" del /f /s /q "C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\History" del /f /s /q "C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Local Storage" del /f /s /q "C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Current Session" rem:设置对应Chrome浏览器版本(50.0.2661.102,其他版本都重置)的配置参数 ::for /f "tokens=3" %%a in ('REG QUERY HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon /v version') do set ChromeVer=%%a ::if "%ChromeVer%"=="50.0.2661.102" ( ::del /f /s /q "C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Preferences" ::xcopy "C:\IE11\Prefercens" "C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\" /K /E /Y /C /I ::) if exist "C:\Program Files\Google\Chrome\Application" ( del /f /s /q "C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Preferences" cd C:\Program Files\Google\Chrome\Application for /d %%a in (*) do echo ( if "%%a"=="50.0.2661.102" ( xcopy "C:\IE11\Prefercens" "C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\" /K /E /Y /C /I ) ) rem:清除永恒之蓝病毒 :KillMssecsvc net stop mssecsvc2.0 net stop mssecsvc2.1 sc config mssecsvc2.0 start= disabled sc config mssecsvc2.1 start= disabled taskkill /f /im mssecsvc.exe del /f /a /q c:\windows\mssecsvc.exe del /f /a /q c:\windows\tasksche.exe del /f /a /q c:\windows\qeriuwjhrf.* for %%a in (C:) do rd /s /q %%a\$Recycle.Bin rem:添加IP安全策略,封闭445端口进入 :DenyTcp445 netsh ipsec static add policy name=DenyTcp445 netsh ipsec static add filterlist name=deny445 netsh ipsec static add filter filterlist=deny445 srcaddr=any dstaddr=me protocol=TCP mirrored=yes srcport=0 dstport=445 netsh ipsec static add filteraction name=ForDeny445 action=block netsh ipsec static add rule name=RuleForDeny445 policy=DenyTcp445 filterlist=deny445 filteraction=ForDeny445 netsh ipsec static set policy name=DenyTcp445 assign=y rem:同步时间(假设同步的服务器是10.1.1.1) :SycTime reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Parameters" /v NtpServer /t REG_SZ /d 10.1.1.1 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient" /v SpecialPollInterval /t REG_DWORD /d 900 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient" /v SpecialInterval /t REG_DWORD /d 1 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Config" /v MaxPosPhaseCorrection /t REG_DWORD /d 0xFFFFFFFF /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Config" /v MaxNegPhaseCorrection /t REG_DWORD /d 0xFFFFFFFF /f net stop w32time & sc config w32time start= auto & net start w32time & w32tm /resync rem:开启虚拟内存(默认被关闭了) :SetPagefile sc config Winmgmt start= auto net start Winmgmt wmic computersystem set AutomaticManagedPagefile=True ::DisableIE11WelcomeGuide ::reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main" /v DisableFirstRunCustomize /t REG_DWORD /d 1 /f ::ModifyReg ::echo Windows Registry Editor Version 5.00 >ModifyReg.reg ::echo [HKEY_CLASSES_ROOT\http\shell\open\command] >>ModifyReg.reg ::echo @ =""C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"" >>ModifyReg.reg ::echo. >>ModifyReg.reg ::echo [HKEY_CLASSES_ROOT\https\shell\open\command] >>ModifyReg.reg ::echo @ =""C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"" >>ModifyReg.reg ::regedit /s ModifyReg.reg ::del /f /s /q ModifyReg.reg rem:通过创建启动运行脚本,取消升级IE11后第一次打开出现的向导,并设置主页,不检查是否为默认浏览器,代理服务器(假设是10.1.1.1:8080),同时改Chrome浏览器为默认浏览器 :CreateStartRun echo @echo off >c:\IE11\FinalyToDo.bat ::echo for %%%%a in (C:) do rd /s /q %%%%a\$Recycle.Bin >>c:\IE11\FinalyToDo.bat echo reg add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v Check_Associations /t REG_SZ /d "no" /f >>c:\IE11\FinalyToDo.bat echo reg add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v DisableFirstRunCustomize /t REG_DWORD /d 1 /f >>c:\IE11\FinalyToDo.bat echo reg add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t REG_SZ /d "http://go.microsoft.com/fwlink/" /f >>c:\IE11\FinalyToDo.bat echo reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1 /f >>c:\IE11\FinalyToDo.bat echo reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ /d "10.1.1.1:8080" /f >>c:\IE11\FinalyToDo.bat echo reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /t REG_SZ /d "10.*;<local>" /f >>c:\IE11\FinalyToDo.bat echo for /f "tokens=2" %%%%a in ('whoami /user') do set UserSid=%%%%a >>c:\IE11\FinalyToDo.bat echo set "UserSid=%%UserSid: =%%" >>c:\IE11\FinalyToDo.bat echo reg add "HKEY_USERS\%%UserSid%%\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice" /v Progid /t REG_SZ /d "ChromeHTML" /f >>c:\IE11\FinalyToDo.bat echo reg add "HKEY_USERS\%%UserSid%%\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice" /v Progid /t REG_SZ /d "ChromeHTML" /f >>c:\IE11\FinalyToDo.bat echo reg add "HKEY_USERS\%%UserSid%%\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice" /v Progid /t REG_SZ /d "ChromeHTML" /f >>c:\IE11\FinalyToDo.bat echo mkdir c:\IE11\FinalyToDoOK >>c:\IE11\FinalyToDo.bat ::echo start /b mshta vbscript:msgbox("系统自动升级完成!",64,"系统升级提示!--IT信息技术中心")(window.close) >>c:\IE11\FinalyToDo.bat echo mshta vbscript:CreateObject("Wscript.Shell").popup("系统自动升级完成!",5,"系统升级提示!--IT信息技术中心",64)(window.close) >>c:\IE11\FinalyToDo.bat xcopy "c:\IE11\FinalyToDo.bat" "C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\" /K /E /Y /C /I rem:创建登录运行任务,用于最后删除本地程序包及清空回收站 :CreateSchtasks01 schtasks /create /tn TempSchtask01 /tr c:\IE11\Temp.bat /sc onlogon /ru system /f echo @echo off >c:\IE11\Temp.bat echo for %%%%a in (C:) do rd /s /q %%%%a\$Recycle.Bin >>c:\IE11\Temp.bat echo for /l %%%%i in (1,1,24) do (>>c:\IE11\Temp.bat echo timeout /t 20 /nobreak >>c:\IE11\Temp.bat echo if exist "c:\IE11\FinalyToDoOK" ( >>c:\IE11\Temp.bat echo rd /s /q c:\IE11 >>c:\IE11\Temp.bat echo del /s /q /f "C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FinalyToDo.bat" >>c:\IE11\Temp.bat echo schtasks /delete /tn "TempSchtask01" /f >>c:\IE11\Temp.bat echo goto :eof >>c:\IE11\Temp.bat echo ) >>c:\IE11\Temp.bat echo ) >>c:\IE11\Temp.bat
rem:升级IE11需要重启一次 shutdown /r /f /t 5