Recently, I was playing with PoshPAIG, a great GUI tool to audit and patch servers. This utility requires a WSUS server and a group policy to “Download updates and do not install” set for the servers. Unfortunately, at my company, our group policy is “Notify for download and notify for install”.
Changing a group policy that will affect over 1000+ servers and not knowing the impact is impossible, so I had to modify the script a little bit to suit my needs. As a matter of fact, the script that PoshPAIG uses to install patches is a modified VBScript version that originates from this site.
First, make a copy of the original Install-Patches.ps1 script that’s in PoshPAIG_InstallFolder\Scripts folder. Then look for the following piece of code:
Insert the following code after “Else” and before “For I = 0…”
'Creating collection of updates to download Set updatesToDownload = CreateObject("Microsoft.Update.UpdateColl") For I = 0 to searchResult.Updates.Count-1 Set update = searchResult.Updates.Item(I) Set objCategories = update.Categories strCatName = lcase(objCategories.Item(0).Name) updatesToDownload.Add(update) Next 'Downloading updates... If updatestoDownload.count = 0 Then WScript.Quit End If Set downloader = updateSession.CreateUpdateDownloader() downloader.Updates = updatesToDownload downloader.Download()
…or just use the attached file and replace Install-Patches.ps1. Now, when you do the audit, and then install patches, the script will first download the patches from WSUS (it takes a while) and then install them.