I might be barking up the wrong tree here, but Im writing my first powershell script to make my life easier managing the patching deployment process across a number of sites I work with. So I thought I was doing well so far by first of all checking that I have no active backup jobs running with any servers, making sure my terminal servers have no one logged on and opening a session to all my servers. I next did a bit of googling and found that a module was written to already control the windows updates process which I tested manually on a machine
So my next step is to either deploy this module or host it centrally on a unc so I can use it with all my servers. What ive tried so far is playing around with $env:PSModulePath = $env:PSModulePath + “;\myserver\myshare\PSWindowsUpdate” from inside a invoke-command using my session I opened which didnt work. Im wondering what others do in this situation, do you xcopy deploy the module to the servers or work with it centrally ? I guess being very new to powershell I want to try and do it the correct way
Rather than updating the PSModulePath variable on all your machines, a possible alternative is to use a full path to the module in the Import-Module command of whatever scripts are using it. I haven’t tried using a UNC path in this situation, but it’s worth a shot.
From a performance perspective, it might be even better to have your script copy down the module to the local machine, then import the local copy into your PowerShell session:
Thanks for the quick response. Ive had a bit of a play with the copy down method and had to enable credssp for accessing the unc path which I setup. Is it considered standard practice to leave credssp enabled or do people turn it on and off all the time ?
If you’re running the sample code I posted with Invoke-Command against a remote computer, then yes, you’d need to use CredSSP to enable the “second hop” scenario. I’m not sure if there’s a compelling reason to leave CredSSP support disabled on your machines, but maybe someone else here can pipe in on that.
Assuming you don’t want to leave it enabled, you have a couple of options:
Enable CredSSP on the target computer, use it, and disable it, all in the same script.
Have the calling script handle pushing the files from the UNC share to the target computer, so the script executed by Invoke-Command no longer has to access a remote resource.