Scan and Install Windows Updates using PowerShell (without SCCM)
I was working on a Project assignment that wanted us to deploy Windows update on over 200 servers, and we figured out that there is no native PowerShell based support from Microsoft for remote patch deployment. We didn’t have tools like SCCM deployed in the environment to make our life easy, and we could not use Group Policy based auto-patch deployment because we wanted to deploy patches in specific order on servers and restart them as necessary.
Therefore, this script was written and below are the details. If you are in similar situation and need something readily available then please feel free to download and use the script.
.DESCRIPTION – This script will SCAN or DEPLOY the Windows Update on computers in Network. – This script create a registry hive on the servers that it scans – HKLMSoftwareWindowsPatch to store the script job outputs for later use. – This script gets computers list from DomainName and CSVfile – This script restart the servers after Patch deployment and selectively when using CSV file
– DomainName = Pass the Domain Name that you need it to get the computer names to get Current update status or deploy the Windows updates.
– ScanOnly = Checks for current Windows Update Status. Reports Ping status, Restart status and Pending updates waiting to get deployed on the .
– DomainServerSearchString = Used with parameter DomainName to filter the searchlist. Sometimes, you want to use filters and patch only set of servers that are present in the domain
– Reboot = If Windows patch demand computer reboot and this switch is passed then Servers will get auto-restarted after Windows patch deployment. – Deploy = This switch will scan for updates and then deploy the Windows update on the computers.
– csvfilename = Pass the full path of the CSV or the filename from the current directory where script is executed from. Valid CSV fields are – Name,Reboot ServerA,Yes ServerB,No This option will restart servers based on CSV values after patch deployment
1. Scans for Windows Updates on domain sarveshgoel.local and search for computers starting with name IND Deploy-WindowsUpdate.ps1 -ScanOnly -DomainName sarvesh.local -DomainServerSearchString IND*
2. Deploys Windows Updates on domain sarveshgoel.local and search for computers starting with name IND Deploy-WindowsUpdate.ps1 -Deploy -DomainName sarvesh.local -DomainServerSearchString IND*
3. Deploys Windows Updates on domain sarveshgoel.local, search for computers starting with name IND and Restarts the computer Deploy-WindowsUpdate.ps1 -Deploy -DomainName sarvesh.local -DomainServerSearchString IND* -Reboot
4. Deploys Windows Updates on computers listed in CSV file. Please note that if “-Reboot” switch is specified in the command then CSV Reboot option will be ignored and all servers will be restarted Deploy-WindowsUpdate.ps1 -Deploy -csvfilename C:myfolderservers.csv
5. Scans Windows Updates on computers listed in the CSV file. Deploy-WindowsUpdate.ps1 -scanonly -csvfilename C:myfolderservers.csv
Author: Sarvesh Goel