Solved

WSUS and patching with Powershell

Posted on 2013-11-25
7
634 Views
Last Modified: 2016-02-20
Hello,

I'm setting up a WSUS server to patch my Windows servers, but the problem I am running into is actually scheduling the patches to coincide with our maintenance window once a month.  WSUS doesn't allow for that type of schedule so I thought a way around this would be to have the servers check into the WSUS for patches and download them but not install automatically.  Then on our maintenance window I can schedule a task to run a Powershell script to initiate the install and reboot at the appropriate times.  I've tried to find a solution to this but have been unsuccessful.

Has anyone worked around this limitation in WSUS, or know of a way to kick off the install with Powershell?  I want to be able to start the tasks on the servers from one central server.

I appreciate any help you can give.  Thanks!
0
Comment
Question by:flatleyld
  • 4
  • 2
7 Comments
 
LVL 47

Expert Comment

by:dstewartjr
ID: 39676091
...but the problem I am running into is actually scheduling the patches to coincide with our maintenance window once a month.  WSUS doesn't allow for that type of schedule...

???

Option  4 - Auto download and schedule the install

http://technet.microsoft.com/en-us/library/cc512630.aspx
0
 
LVL 40

Assisted Solution

by:Subsun
Subsun earned 150 total points
ID: 39676093
There is a PowerShell utility PoshPAIG.tool, you can check and see if it works for you..

http://blogs.technet.com/b/heyscriptingguy/archive/2011/08/13/use-powershell-to-audit-and-install-windows-patches.aspx
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 39676095
4 - Auto download and schedule the install
This policy option works very well in environments where known business hours and maintenance windows are fairly stable and predictable. For systems in an environment with predictable usage schedules, downloading in the background and setting a scheduled installation to occur at specific hours after core business works well for environments with static systems that are left on or in energy-saving modes. If this policy is enabled, the default time for the scheduled install is 3:00 A.M. once a day. If an update requires a reboot in order to complete installation, the client will automatically reboot. If an administrative user happens to be logged on during this time, they will see a restart notification and have the option to delay the reboot. Non-administrative users will see the notification (enabling them to save their work). They will not be able to delay the restart, but they can initiate the reboot.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 47

Expert Comment

by:dstewartjr
ID: 39676100
Sorry...missed that you wanted once a month :(
0
 
LVL 47

Assisted Solution

by:dstewartjr
dstewartjr earned 150 total points
ID: 39676104
This is a good option for you

http://www.wuinstall.com/
0
 

Accepted Solution

by:
flatleyld earned 0 total points
ID: 39690040
I found a program called BatchPatch This gets me around my issue of scheduling the installs to take place.
0
 

Author Closing Comment

by:flatleyld
ID: 39702867
It provided the best work around to my original issue.  It didn't solve it how I wanted, but works another way.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Recently, I was assigned the task of performing a hardware refresh in the datacenter. The previous Windows 2008 systems were connected to the SAN via fiber channel HBA’s and among other thing, had PowerPath installed in order to provide sufficient f…
This article will review the basic installation and configuration for Windows Software Update Services (WSUS) in a Windows 2012 R2 environment.  WSUS is a Microsoft tool that allows administrators to manage and control updates to be approved and ins…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now