by azhskr at 2013-01-14 12:18:27
First, if this is in the wrong forum section, I apologize. However, what I am going to ask seems pretty advanced to me.by nohandle at 2013-01-15 00:06:09
I am fairly familiar with Powershell, I can do basic stuff and can usually figure out how to modify existing scripts to get what I want. I just started a new job, and on the 3rd Sunday of every month whoever happens to be on call gets stuck manually updating Windows across about 52 different servers, a process that takes upwards of 8 hours (if everything goes right).
My question is, is it possible to write a script (or scripts) that could automate all or most of this process? The complications arise where some servers cannot be patched until others are done, some servers need specific services stopped before patching, some servers require specific logons and some servers are in 2-node clusters (so only one node can be done at once). Also, some servers are Server 2003 and some are Server 2008.
To put it mildly, if this is something that can be done it would firmly place me in "hero" status. Not to mention that we have plenty of other processes that are similar to this that could then also be automated.
Thanks in advance
Hi. Seems quite possible.by RichardSiddaway at 2013-01-15 01:50:58
This and similar articles would be my reading start to find if the core task (updating) is possible http://blogs.technet.com/b/heyscripting … pdate.aspx
[quote="azhskr"]The complications arise where some servers cannot be patched until others are done, some servers need specific services stopped before patching, some servers require specific logons and some servers are in 2-node clusters (so only one node can be done at once). Also, some servers are Server 2003 and some are Server 2008.[/quote]
I would generalize this to few categories that would help me outline the main paths through the process. Then do a good analysis of the problem to see what problems may arise and if my categories are reasonable.
Then define few general tasks to let me build the logic around without having to think about it too much, and to add additional servers without being powershell expert.
Let me just show you the outline of what I have in mind:
1)Servers that can run right away ->>InstallUpdates > report to orchestrator
2)Servers that need some work done (e.g. stopping services) –> UpdateServer (StopServices, InstallUpdates > report to orchestrator)
3)Servers that wait for others (including cluster servers) –> WaitForServer () -> UpdateServer (StopServices, InstallUpdates > report to orchestrator)
Build tasks to that define each server, its dependencies and the type of the update…
UpdateCluster -ServersToUpdate server1,server2 -UpdatesToApply update1,Update2 -ServicesTostopBefore Updating
{
while MoreServers {
UpdateServer CurrentServer
WaitForServer CurrentServer
}
}
Define the functions above using Jobs, the Update module and powershell remoting. Implement them and test them on testing machines.
Create the ‘orchestrator’ (script that runs the Jobs and manages the status).
----
Hope this helps you a bit.
The problem you will hit is that you can’t trigger a remote machine to check for updates - the underlying technologies actively block it. create a scheduled task that runs on the box to do the work for youby azhskr at 2013-01-15 05:25:36
[quote="RichardSiddaway"]The problem you will hit is that you can’t trigger a remote machine to check for updates - the underlying technologies actively block it. create a scheduled task that runs on the box to do the work for you[/quote]by RichardSiddaway at 2013-01-16 11:34:51
I don’t think should be a problem as the servers are set to automatically download approved updates when they are available, so it’s just a matter of installing the updates that are already waiting, and restarting the servers.
[quote="nohandle"]Hi. Seems quite possible.
This and similar articles would be my reading start to find if the core task (updating) is possible http://blogs.technet.com/b/heyscripting … pdate.aspx
[/quote]
Good information there, thanks! I have a feeling that getting started will be the hard part, but once I get it going it shouldn’t be too difficult.
The only way you will remotely trigger the installation of the updates is to use PSExec, Updates are handled by a piece of COM technology. I, and a number of other MVPs, have tried various ways to trigger the installation. PSExec was the only thing we got to workby azhskr at 2013-01-16 19:08:28
[quote="RichardSiddaway"]The only way you will remotely trigger the installation of the updates is to use PSExec, Updates are handled by a piece of COM technology. I, and a number of other MVPs, have tried various ways to trigger the installation. PSExec was the only thing we got to work[/quote]by i255d at 2013-03-11 17:53:41
You would definitely know better than I would so I will take your word for it. I will keep that in mind for sure.
Is it possible to create the scheduled task on remote computers and then invoke the task and then take it all away when done, All from within PowerShell?by gpduck at 2013-04-12 15:06:24
Yes, we create a scheduled task called "InstallUpdates" that is set to run manually on our base OS build. Then when we want to force a "manual" update install we can just use "schtasks.exe /run /tn InstallUpdates" to kick them off, and this works with Powershell remoting.by i255d at 2013-04-15 05:55:42
qpduck,by luesec at 2013-04-23 00:27:41
I am pretty new to all of this, can you give me something I can start with to get started on this?
Hi, how do you check for Errors after you’ve started the ps1 file through a scheduled task. Do you report in a logfile or is there a way to report the resullt to the console where you invoked the sheduled task (Remote Session)?
Would also aprecciate if you’d share your script.