Home ProgrammingPowerShell Windows, PowerShell: PoshPAIG GUI tool for patching servers

Windows, PowerShell: PoshPAIG GUI tool for patching servers

by Kliment Andreev
6.5K views

Recently, I was playing with PoshPAIG, a great GUI tool to audit and patch servers. This utility requires a WSUS server and a group policy to “Download updates and do not install” set for the servers. Unfortunately, at my company, our group policy is “Notify for download and notify for install”.
Changing a group policy that will affect over 1000+ servers and not knowing the impact is impossible, so I had to modify the script a little bit to suit my needs. As a matter of fact, the script that PoshPAIG uses to install patches is a modified VBScript version that originates from this site.

First, make a copy of the original Install-Patches.ps1 script that’s in PoshPAIG_InstallFolder\Scripts folder. Then look for the following piece of code:

Insert the following code after “Else” and before “For I = 0…”

'Creating collection of updates to download
Set updatesToDownload = CreateObject("Microsoft.Update.UpdateColl")
For I = 0 to searchResult.Updates.Count-1
    Set update = searchResult.Updates.Item(I)
	Set objCategories = update.Categories
	strCatName = lcase(objCategories.Item(0).Name)
	updatesToDownload.Add(update) 
Next

'Downloading updates...
If updatestoDownload.count = 0 Then
	WScript.Quit
End If
Set downloader = updateSession.CreateUpdateDownloader() 

downloader.Updates = updatesToDownload
downloader.Download()

…or just use the attached file and replace Install-Patches.ps1. Now, when you do the audit, and then install patches, the script will first download the patches from WSUS (it takes a while) and then install them.

Install-Patches

Related Articles

4 comments

Steven Jordan November 13, 2014 - 2:21 PM

I have a mixed environment. How will your script changes affect servers that are configured to download updates and do not install? Will PoshPAIG continue to install updates for these servers as well? Thanks!

Steven Jordan November 13, 2014 - 2:23 PM

Whops, forgot to hit the follow-up by email. Thanks again.

Kliment Andreev November 14, 2014 - 7:23 AM

It will probably overwrite the existing downloaded files or most likely, it will just exit and do nothing. In both cases, it wont’ mess up anything since it won’t install the updates.

Steven Jordan November 17, 2014 - 5:37 PM

Thanks for your reply. FYI, I found a another developer’s contribution that bridges both modes: https://poshpaig.codeplex.com/discussions/500210

My tests worked whether the server had downloaded updates or not.

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More