Script to microsoft patches - Free Download
Learn how to use a free Windows PowerShell module to audit and install patches on Windows systems. Microsoft Scripting Guy Ed Wilson here. Today, I am proud to present a guest blog post written by Boe Prox. Boe has written a really cool module to audit and install software patches on Windows systems. Boe is currently a senior systems administrator with BAE Systems. He looks to script whatever he can, whenever he can. He is also a moderator on the Hey, Scripting Guy! You can check out his blog and his projects: It does, however, show examples of what I have been able to put together using Windows PowerShell to create an application to manage the patching of servers in an enterprise environment.
Something that I have been working on for a little while as a work project is a way for other users in my shop to be able to patch our servers during a downtime without actually having to log into each server remotely to install the patches that have been downloaded from the local WSUS server.
Initially, I wrote two sets of Windows PowerShell scripts: We needed something that would make it easy for anyone to use a GUI and still perform the same tasks as the original scripts I wrote. If you wish to learn more about what I did to initially build this utility, go to this blog post.
My next post tomorrow will also go into some issues I ran into during the build and what I was able to do to resolve them. From there, unzip the file to wherever you wish. No more double-clicking a system to run an operation. One of the first changes I made was the removal of double-clicking on a system in the server list to perform the specified operation. Instead of doing that, you can now right-click a system and bring up a shortcut menu to select a few different items, such as removing a server, viewing the WindowsUpdatelog.
Clicking Run in the shortcut menu will perform the specified operation that is designated below the server list Audit , Install , Test Network Connection , or Reboot. Adding multiple computers using the Add Server menu. Originally, the Add Server menu only let you add one system at a time.
While this is okay, I felt that it needed the ability to add more than one system at a time. Simply right-click the server list window, click Add Server , type each system name, and then click OK.
After clicking OK , the servers are then added to the server list, as shown in the following figure. Support for operations against multiple systems at a time. One of my most requested features was the ability to perform the operations audit, install, etc.
Doing this allows for a much quicker process of completing whichever operation that you decide to do; otherwise, the operation could take a much longer time than you would expect.
As you can see from another new feature—the Notes column—all the systems are being audited for patches that have been downloaded from the WSUS server. As each system is finished, it will be updated accordingly on the server list with the number of patches found. Depending on the operation you choose, the Notes column and other columns will be affected as well based on the decision.
During these operations, if the system is not reachable on the network, the Notes column will report it as being offline. By default, the number of systems that will be run against at a time is So in this latest version, you can now sort a column by clicking it. The following figure shows sorting the Audited column so that the system with the most patches required is first.
Another option I added was the ability to send a reboot command to the remote systems; it will continue to monitor the system until it is back online. To avoid having too many systems being rebooted at one time, I have hard-coded a limit of five systems at a time to be rebooted. If a machine has not been reported as being back online within five minutes, it will be registered as being offline and will need more investigation into the system to see why it has not came back online.
To do this, first select the Reboot option below the server list, and you can choose to run the command against every system by clicking Run. Or you can run the command against a specific computer or computers by selecting them from the server list, right-clicking the server list, and then clicking Run.
A warning is first presented advising the user that the computer will be rebooted if the user chooses to continue. Clicking Yes will continue the reboot process. When completed, you will see the Completed note in the Notes column or the Offline note. Another option implemented in version 1. This is done by selecting the Test Network Connection check box, clicking Run or selecting the systems, and clicking Run from the menu when right-clicking the server list.
As you can see, two systems are online and the rest are offline. Note that the total time to perform this was just less than 13 seconds.
I thought that this would be a nice and obvious addition to this utility. One big caveat is that this can only be run against one system at a time. Parsing and using Out-GridView to display the output against a file that could possibly contain several thousand lines of information would slow things down quite a bit.
Just right-click a system, click WindowsUpdateLog in the shortcut menu, and then click one of the four options Last 25 , Last 50 , Last , and Entire Log to have the utility grab the remote log and display it. While not necessarily needed, I figured I would add an option to view the currently installed updates on one or more remote systems.
Just select the systems, right-click Installed Updates , and then click View Installed Updates in the shortcut menu. After all of the updates have been gathered, you can then view the installed updates on each system.
I hope everyone enjoyed this post displaying some of the new features of my latest project. This is a work in progress and will have more releases in the future. If you have any feature requests or any bugs that you find, be sure to log them in the Issue Tracker on CodePlex. Tomorrow, I will address some issues I ran into while creating this utility and the steps I took to resolve them. I promise you will see some code in that post. I invite you to follow me on Twitter and Facebook.
If you have any questions, send email to me at scripter microsoft. Save my name, email, and website in this browser for the next time I comment. I believe that feature was requested on the codeplex site, but if not, you can certainly use the issue tracker to request that feature and I will look into adding it.
There was a lot of sweat, blood and tears spent working on this. But I am very happy with the results thus far. I'll keep my eyes open for your comments on codeplex, especially regarding the issue running the utility.
I see what you are saying now regarding the updates. Something I should have mentioned in this article and will be sure to update on the codeplex page is that the optimal environment for using this utility is that the systems should have their WU settings set to "download but do not install" either through Group Policy or Local Policy and have an internal WSUS server to approve specific patches for their environment.
It will fine outside this environment, but this way a sys admin has complete control over what is being installed on their network. Jeremy What version are you currently running? I know at one point there was a bug in the Audit code that listed updates which were available but had not yet downloaded which would give inaccurate numbers.
Wolfgang The tool is still being supported. Can you provide more information on this? Do you see all of the patches during the audit but only one is installed? Any errors showing up? This will create a fresh file and you will no longer have the errors. I have made several UI changes to the utility since this article was published.
I no longer use radio buttons and instead use combo boxes at the top of the utility along with a run button to perform the operations. I understand the not installing a patch remotely.
Yes — you cannot just point at a package and install it. It has to be downloaded into the patch distribution folder and registered. Only WU can do this. You must have sweat bullets. You also introduce a bunch of interesting techniques for coding Forms and complex programs. I will spend more time looking through you code. Glad you like the utility I wrote. The code you posted is actually very similar to what I use on the back-end to perform the queries for updates.
I have just a couple of small changes as I want to be able to query for updates on remote systems. I would be very interested if you found a way to utilize the COM object remotely without the need of an outside dependency to remotely install the updates.
That really nice Ed. It is sort of a manual version of WSUS. There are a lot of admin out there who will go nuts or this thing. Ashleyh Glad you like the utility! Are the servers on a domain or are they standalone systems? If domain, you can use an administrative account that has access to those systems to run the utility.
Because of the way I currently have the utility coded, adding alternate credentials will take some time to work. But I do encourage you to log it in the Issue Tracker on the codeplex page. Any way you can add these options to control the Windows Update service by right-clicking on the server? RTL I will have to take a look at this and see if I can reproduce the issue.
Can you please file a bug here:
PowerShell script to list all installed Microsoft Windows Updates
January 20, at 8: Tech News You Can Use We deliver the top business tech news stories about the companies, the people, and the products revolutionizing the planet. This way i dont have to download the same updates when i want to update my PC desktop running widows 7. Ensure that the target PC doesn't have the patch already applied. And Thx to myselfidem. I believe that feature was requested on the codeplex site, but if not, you can certainly use the issue tracker to request that feature and I will look into adding it. Sign up or log in Sign up using Google.
Use PowerShell to Audit and Install Windows Patches
However, after having translated it into powershell, it woked also for me. Microsoft Product Support Services distributes hotfixes to customers who are severely affected by a specific problem. Search for for A ll updates or R ecommended updates only? Post as a guest Name.
How to download Microsoft Office 2010/2013/2016 Updates the Easy Way *UPDATED*
Please disable ad-blocking software or set an exception for MSFN. For additional information about these topics, see the following Microsoft Web sites: I have tried to run this multiple times and cannot get it to even launch. September 9, at 7: For Windows Server Your feedback will help us improve the support experience. That way when you were running a post patch audit, you could pick up any systems you forgot to reboot. A ll updates, N o updates or S elect a single update? If you wish to learn more about what I did to initially build this utility, go to this blog post. He looks to script whatever he can, whenever he can. Our editors highlight the TechRepublic articles, galleries, and videos that you absolutely cannot miss to stay current on the latest IT news, innovations, and tips.