Recently, I was playing with PoshPAIG, a great GUI tool to audit and patch servers. This utility requires a WSUS server and a group policy to “Download updates and do not install” set for the servers. Unfortunately, at my company, our group policy is “Notify for download and notify for install”.
Changing a group policy that will affect over 1000+ servers and not knowing the impact is impossible, so I had to modify the script a little bit to suit my needs. As a matter of fact, the script that PoshPAIG uses to install patches is a modified VBScript version that originates from this site.
First, make a copy of the original Install-Patches.ps1 script that’s in PoshPAIG_InstallFolder\Scripts folder. Then look for the following piece of code:
Insert the following code after “Else” and before “For I = 0…”
'Creating collection of updates to download Set updatesToDownload = CreateObject("Microsoft.Update.UpdateColl") For I = 0 to searchResult.Updates.Count-1 Set update = searchResult.Updates.Item(I) Set objCategories = update.Categories strCatName = lcase(objCategories.Item(0).Name) updatesToDownload.Add(update) Next 'Downloading updates... If updatestoDownload.count = 0 Then WScript.Quit End If Set downloader = updateSession.CreateUpdateDownloader() downloader.Updates = updatesToDownload downloader.Download()
…or just use the attached file and replace Install-Patches.ps1. Now, when you do the audit, and then install patches, the script will first download the patches from WSUS (it takes a while) and then install them.
4 comments
I have a mixed environment. How will your script changes affect servers that are configured to download updates and do not install? Will PoshPAIG continue to install updates for these servers as well? Thanks!
Whops, forgot to hit the follow-up by email. Thanks again.
It will probably overwrite the existing downloaded files or most likely, it will just exit and do nothing. In both cases, it wont’ mess up anything since it won’t install the updates.
Thanks for your reply. FYI, I found a another developer’s contribution that bridges both modes: https://poshpaig.codeplex.com/discussions/500210
My tests worked whether the server had downloaded updates or not.