Operating system is the core of any system and we have to keep operating system update cause of preventing performance issues, unplanned downtime and fix security vulnerabilities. Windows (client and servers) has a standard terminology for receiving updates monthly and most of organizations using Windows Server Update Services to applying updates of multiple servers/client. Updates would be downloaded and installed on multiple servers/clients automatically but service downtime is always the biggest concern but another concern is installing updates on multiple machines and rebooting systems during planned downtime. PowerShell and WinRM would help us when they come as PSWindowsUpdate PowerShell module!
What’s Our Story?
Our story is a drama. I don’t know that why we have workgroup servers yet and why the master of the geniuses can’t understand that we need to Microsoft Active Directory to central managing our Windows servers and users/groups and etc.
They wants group of persons to copy updates files on servers and do manual update by run update file and named the group as Operating System Team. I don’t want to explain this silly idea but I sorted it anyway by some automation.
Now, we have two WSUS servers at each site and those servers designed as up-stream and down-stream to receiving Microsoft’s products updates and deliver to servers and clients. We configured WSUS configurations in each server’s registry and actually there was an registry file for import during server preparation.
We have defined internal process to applying updates on servers with minimal impact on services. At each month, after the Tuesday patch, up-stream servers download the new patches and our colleagues will approve the patches on the related WSUS groups in down-stream servers, server administrators can not apply patches before approval process. After approving the patches, server administrators will install patches by Windows update service in each server but this process needs much efforts.
Server administrators have to logon to each server and do it manually but there are some automation tools that you can use them in same situations like our situation.
PSWindowsUpdate PowerShell Module
PSWindowsUpdate PowerShell Module has been written by Michal Gajda. The PowerShell module needs no dependency. PSWindowsUpdate is available at PowerShell Gallery for download.
PSWindowsUpdate PowerShell Module has cmdlets for retrieving and installing updates, also changing Windows Update configurations.
PSWindowsUpdate – Aliases and CMDLets
Here is the list of cmdlets and aliases:
Installing PSWindowsUpdate is too easy for server/client which has internet connection. The latest version will be installed by run the below command on a PowerShell session:
Install-Module -Name PSWindowsUpdate
You can save the module and import it to server/client which has no internet connection or proxy connection.
There are some options for download and installing updates on remote or local computer in domain or workgroup:
- Installing updates from a remote server on multiple servers via WinRM.
- Create Windows Task Scheduler for scheduling update check and installation.
Also installation or downloading can be performed based on criteria such as KB number and others.
In addition of installing or downloading, PSWindowsUpdate can generate different reports for local and remote servers/clients.
Configure NTP on iLO via HPE Scripting Tools for Windows PowerShell
HP Scripting Tools for Windows PowerShell
Configure HPE G10 Server BIOS via PowerShell
PSWindowsUpdate – PowerShell Gallery
PSWindowsUpdate – GitHub