Hotfixing with DSC

I wish to use DSC to apply all the required windows security patches. From the examples I have seen I have two issues I do not understand.

  1. The MS Windows update site or WSUS determines which hotfixes are required for a given node so I’m not sure how this deterministic logic can be incorporated in a DSC node.
  2. Does anyone have an example on leveraging WSUS for DSC based hotfixing?

Example using local path.
Configuration DownloadHotfixFromPath {
xHotfix m1 {
Path = “c:\WindowsBlue-KB2937982-x64.msu”
Id = “KB2937982”

DSC isn’t meant to be a replacement for Windows Update. The best use of DSC would be to ensure that Windows Update was correctly configured - and then letting Windows Update do its thing. You’re correct in that DSC doesn’t implement any of the logic in WSUS.

DSC’s not supposed to replace all the other tooling - you’re meant to use DSC to make sure those other tools are set up the way you want.

That makes sense but what value does the DSC module xWindowsUpdate have?

It’s an open-source module. Open it up in the ISE and have a look at its parameters ;).