WSUS and patching with Powershell


I'm setting up a WSUS server to patch my Windows servers, but the problem I am running into is actually scheduling the patches to coincide with our maintenance window once a month.  WSUS doesn't allow for that type of schedule so I thought a way around this would be to have the servers check into the WSUS for patches and download them but not install automatically.  Then on our maintenance window I can schedule a task to run a Powershell script to initiate the install and reboot at the appropriate times.  I've tried to find a solution to this but have been unsuccessful.

Has anyone worked around this limitation in WSUS, or know of a way to kick off the install with Powershell?  I want to be able to start the tasks on the servers from one central server.

I appreciate any help you can give.  Thanks!
Who is Participating?
flatleyldConnect With a Mentor Author Commented:
I found a program called BatchPatch This gets me around my issue of scheduling the installs to take place.
DonNetwork AdministratorCommented:
...but the problem I am running into is actually scheduling the patches to coincide with our maintenance window once a month.  WSUS doesn't allow for that type of schedule...


Option  4 - Auto download and schedule the install
SubsunConnect With a Mentor Commented:
There is a PowerShell utility PoshPAIG.tool, you can check and see if it works for you..
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

DonNetwork AdministratorCommented:
4 - Auto download and schedule the install
This policy option works very well in environments where known business hours and maintenance windows are fairly stable and predictable. For systems in an environment with predictable usage schedules, downloading in the background and setting a scheduled installation to occur at specific hours after core business works well for environments with static systems that are left on or in energy-saving modes. If this policy is enabled, the default time for the scheduled install is 3:00 A.M. once a day. If an update requires a reboot in order to complete installation, the client will automatically reboot. If an administrative user happens to be logged on during this time, they will see a restart notification and have the option to delay the reboot. Non-administrative users will see the notification (enabling them to save their work). They will not be able to delay the restart, but they can initiate the reboot.
DonNetwork AdministratorCommented:
Sorry...missed that you wanted once a month :(
DonConnect With a Mentor Network AdministratorCommented:
This is a good option for you
flatleyldAuthor Commented:
It provided the best work around to my original issue.  It didn't solve it how I wanted, but works another way.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.