none
WSUS_Patching_Non_Compliant_server RRS feed

  • Question

  • Hi All,

    i need assistance for making set of servers compliant using PowerShell scripting.

    There are set of around 800 servers which include both 2008 R2 & 2012 R2 which are not patched since 2012, only critical updates,security updates are installed. 

    Now we need to make these servers compliant i.e patched up to date using PowerShell scripting.

    I tried some scripts like : New-Object -c Microsoft.Update.Session).CreateUpdateSearcher().Search("IsInstalled=0").Updates|Select Title

    to get the missing updates but it is not listing all the updates, apart this the challenges are :

    i. We can not go online for patching, we have only wsus repository to get the required patches

    ii. how do i identify the patch(.cab file in wsus repository having some random hexadecimal name) with the KB article name that i identified missing over a non compliant server.

    Please suggest me the approaches that i can take to get this task closed using powershell scripting.

    Please let me know if extra information is required

    Thanks 

    • Moved by Bill_Stewart Monday, March 12, 2018 9:20 PM This is not "design WSUS patching solution for me" forum
    Sunday, February 4, 2018 4:32 PM

All replies

  • This would be done with WSUS.  With WSUS you can download all updates to a server that is on net and copy the database to the off net copy of WSUS.  WSUS can also be set p in many ways to address isolated nets.

    Post in WSUS forum for assistance.

    The searcher is only useful on-net. WSUS can download ALL updates to its database.


    \_(ツ)_/

    Sunday, February 4, 2018 7:10 PM
  • Thanks Jrv,

    We have a connectivity to WSUS downstream servers, is there a way to pull or push(from wsus console) the patches in sequence released after 2012, using powershell.

    I'll also connect with WSUS forum.

    Monday, February 5, 2018 5:52 AM
  • Post in WSUS forum to learn how to use WSUS when not connected to the Internet.


    \_(ツ)_/

    Monday, February 5, 2018 6:01 AM
  • I can also nte that you can use the searcher to find KBs in WSUS.  You can find an extract all KB data, You can also use the WSUS Net assemblies to query WSUS and retrieve assigned groups and retrieve the KB IDs of required patches.

    https://blogs.technet.microsoft.com/heyscriptingguy/2013/05/27/use-the-updateservices-module-to-manage-wsus/

    Also:

    find-module PoshWSUS


    \_(ツ)_/

    Monday, February 5, 2018 6:09 AM