locked
Patch Installation on Remote Machines RRS feed

  • Question

  •  

    Hello,

     

    I am relatively new to Powershell, and so far I've found that it is quite a powerful tool, and allows me to do a lot of things much more efficiently than I had done before.


    The question I have is whether or not it is possible to create a script in powershell, that could be used to install Microsoft Hotfixes remotely.  I know there are "other ways" to do this such as a WSUS, however none of these are options, because I am on an network that has no access to the outside world and most of them need access in order to DL the patches.

     

    If it's possible or someone has done it, I'd love to see a quick sample that I could use as a guide to put together my own script for deploying patches.  If not, at least I can stop all the google searching I've done trying to find tidbits that lead nowhere.

     

    Thanks

    Wednesday, January 16, 2008 1:35 PM

Answers

  • PSH>get-wmiobject -computer some_server win32_quickfixengineering

     

    Assuming you are currently logged on with an account that has access to the remote system.

    Monday, February 11, 2008 2:45 PM

All replies

  • Well, now it kind of depends on a few things I've not all tested.

     

    If you're dealing with v1, you'd have to use WMI to talk to the remote servers.  So you either need WMI running on all the machines, but having WinRM could also be useful.

     

    You'd likely only be able to deal with patches that have a silent mode (no interface required if you provide the proper switches).

     

    How did you plan to copy the patches over?  For example, have a shared drive all of these systems can access?

     

    Marco

    Wednesday, January 16, 2008 6:11 PM
  • I currently have a shared drive that I use to go to the machines and apply the patches that we get.

    Thursday, January 17, 2008 3:27 PM
  • I just need to go find a patch I can test, before providing you with some code.

     

    Friday, January 18, 2008 4:02 PM
  • This will work assuming your are using a *Domain Admin* account:

    PSH>([WMICLASS]"\\10.10.10.10\root\cimv2:win32_process").create("cmd.exe /c `"c:\\WindowsServer2003-KB941644-x86-ENU.exe /quiet /norestart`" /q")

     

    I have to work through/test the process for this to run if you need to specify alternate credentials.  To specify alternate credentials, you cannot use a type accelerator.

    Thursday, February 7, 2008 1:43 AM
  • Is there a way to check if the patch has already been installed and avoid running installation the 2nd time?

     

    Friday, February 8, 2008 6:57 PM
  • PSH>get-wmiobject -computer some_server win32_quickfixengineering

     

    Assuming you are currently logged on with an account that has access to the remote system.

    Monday, February 11, 2008 2:45 PM
  • Here is high level step-by-step overview

    1. use runas to run Powershell as domain admin
    2. use copy-item cmdlet to copy the patch to client computers (\\clientcomputer\c$)
    3. use psexec tool or use Marcos Shaw's script to install the patch
    4. once completed delete the patch from client computer

    www.infotechguyz.com - Server 2008, Exchange 2007 Tutorials
    Wednesday, July 9, 2008 6:40 AM
  • OK dragging an old one up, the script example listed here does work and it does run the KB. I am trying to run multiple KB's and have run into the issue of Powershell not waiting for the first to get through executing before it starts the next.
    PSH>([WMICLASS]"\\10.10.10.10\root\cimv2:win32_process").create("cmd.exe /c `"c:\\$var1\$file`"") | out-null
    is not the answer as it loops and I watch the next 5 cmd shells open while the first KB is still extracting. The variables earlier in the loop are setting the path, file and proper switches. all that is working fine just need a way to tell PS to stop until it completes the install. I did try invoke-expression same issue and invoke-item which plain doesn't work.
    Thoughts??

    Bret
    Monday, February 1, 2010 2:47 PM
  • OK dragging an old one up, the script example listed here does work and it does run the KB. I am trying to run multiple KB's and have run into the issue of Powershell not waiting for the first to get through executing before it starts the next.
    PSH>([WMICLASS]"\\10.10.10.10\root\cimv2:win32_process").create("cmd.exe /c `"c:\\$var1\$file`"") | out-null
    is not the answer as it loops and I watch the next 5 cmd shells open while the first KB is still extracting. The variables earlier in the loop are setting the path, file and proper switches. all that is working fine just need a way to tell PS to stop until it completes the install. I did try invoke-expression same issue and invoke-item which plain doesn't work.
    Thoughts??

    Bret

    When a thread is marked as answered, I think you should start a new one.  My suggestion, use WMI to send a query maybe every minute to determine if the patch is installed.  That leads to the issue of when exactly will the patch get listed by WMI?  Will it get listed when the install starts or as it is ending...  I don't know the answer without extensive testing.  Maybe someone else will know the answer to that though.
    Monday, February 1, 2010 2:54 PM
  • thanks Marco , it worked !!
    Sunday, November 13, 2011 8:57 PM
  • There's an app that will do what you're looking for called BatchPatch.  You can install Windows updates remotely with integrated reboots and monitoring.  It can also install third-party patches, software, individual hotfix files, reg keys, custom scripts etc, using the Patch Deployment feature, so I think this is what you'd want to be using in your scenario.  It can also do Wake On LAN.  The evaluation version is free and fully functional, with the only limitation being that you cannot do more than 7 simultaneous remote hosts. 
    • Proposed as answer by Kumar BB Thursday, October 29, 2015 3:14 PM
    Tuesday, May 15, 2012 12:27 AM
  • Excellent Suggestion Works Well, Easy Use Of Interface , Thanks DougZuck

    Thursday, October 29, 2015 3:15 PM
  • ([WMICLASS]"\\X.x.x.x\root\cimv2:win32_process").create("cmd.exe /c `"c:\Windows-KB943729-x86-ENU.exe /quiet /norestart`" /q")

    how this will work? pasted same as it is?



    Saturday, July 23, 2016 8:54 AM