RSS

Category Archives: WSUS

PowerShell – WMF5 (including PowerShell) 5 can be deployed using WSUS again, but there is a catch …

A couple of weeks ago I was thinking that I should blog that it’s a pity that Windows Management Framework (including PowerShell) could be not distributed through WSUS anymore. In the past it was available on through WSUS, but it was removed (expired) at some point due to some issues.

This meant to deploy PowerShell you could not deploy it through regular WSUS, but you had to either:

  • Include it in your base image
  • Install it manually
  • Install it using scripting
  • Install it using GPO
  • Install it using WSUS add-on solutions to deploy 3rd party packages. Example solutions include, but are not limited to Local Update Publisher (LUP), WSUS package publisher, SolarWinds patch manager.
  • Install it using enterprise systems management software. Example solutions include, but are not limited to System Center Configuration Manager (SCCM), Altiris, Landesk Management Suite, Tivoli Endpoint Manager (BigFix)
  • Install it using Intune

At many customers of ours this meant that PowerShell was left at version 2.0 for older operating systems unfortunately. For newer operating systems luckily version 3.0 was shipped by default. Still the version would never be updated in most cases.

Apparently the PowerShell team also thought something had to be done about that, because they made the Windows Management Framework (WMF) 5.0 RTM available via the Microsoft Update Catalog. Since it is published to the Microsoft Update Catalog, you have to manually import it to your WSUS environment. Also as the blog post states, before installing ensure you have reviewed known product incompatibilities (Exchange, SharePoint and System Center Virtual Machine Manager) and that the prerequisites are met.

I hope this will mean I will be seeing more up-to-date versions of PowerShell on systems of customers from now on.

One of the disadvantages however is that for operating systems before Windows 8.1/2012, a prerequisite is that WMF4 is installed, which cannot easily be deployed using WSUS unfortunately.

 

 

 

 

 

 

 

Advertisements
 
 

Tags: , , , ,

Microsoft – Important changes to the update mechanism in Windows 8 and Windows Server 2012

For a very long time, the update mechanism for both Windows clients and Windows servers have been the same. With Windows 8 and Windows Server 2012 this has changed.

Even though I’d already found out that something had changed with the Windows 8/Windows Server 2012 update mechanism by using it, I didn’t really know what changed and why.

  1. Windows 8 Modern (Metro) Apps security patching does not work the same as regular security patching. For more information, read “Microsoft’s new security patching routine raises concerns“.
  2. Default behavior after you install an important update in Windows 8 or in Windows Server 2012 is that you receive a notice that you have to restart the computer in three days. If the restart does not occur in three days, the computer displays a 15-minute countdown and then automatically restarts. By default, this automatic restart is delayed if the computer is locked, and the countdown will begin the next time that you sign in to the computer. Update KB2835627 has been released that introduces a new registry key called AlwaysAutoRebootAtScheduledTime which enables you to configure a forced restart after installation if desired.
  3. This great blog post provides more insight: “Managing Updates with Deadlines in an era of Automatic Maintenance“. The reactions are also very interesting.Some of the key takeaways from this post:
    • A new feature called Automatic Maintenance, runs nightly and performs various tasks such as lightly defragmenting hard drives (or TRIMming SSDs if necessary), checking, repairing, and optimizing the system component store, running anti-virus scans, installing updates, and more.
      • The setting for when to download and install updates doesn’t work in the same way as it did. While you can still set Windows Update to download updates and install them automatically or not, the day-of-the-week setting is not effective. It is included in the automatic maintenance and there isn’t a way to individually specify which maintenance tasks run on which day.
      • The Windows Update Agent doesn’t have to be active in the background all the time because of this. This consolidation reduces system resource usage and battery usage.
    • If you want to be in control of when updates will be installed you have to use WSUS and set deadlines for updates.

Even though I understand the reasoning behind the change, I would have preferred that Microsoft gave customers options to choose their preferred method. In my opinion this method makes sense for clients, but not so much for servers.

Also for some (smaller) companies the specific day and time patching method (including downloading from Microsoft Update) worked fine and now they might have to install, configure and maintain a WSUS server (including patch approvals) to achieve the same result.

What do you think about this ? Leave a comment on either my blog or on the original blog post : Managing Updates with Deadlines in an era of Automatic Maintenance

 

Tags: , , , , , , , , , , , , , , , , , ,

Powershell – Get WSUS clients Without Sync Or Report In X Days

One of the tasks of a WSUS administrator is to make sure that WSUS clients are up-to-date. This requires the WSUS clients to report to the WSUS server on a regular basis.

So if clients do not report to the WSUS server, you need to investigate and resolve the issue.

This script will show you which WSUS clients haven’t reported in X days:
http://bjornhouben-web.sharepoint.com/Lists/Scripts/DispForm.aspx?ID=21

Another use case would be if you manage a WSUS infrastructure with an upstream server and multiple downstream servers for each customer. If one or more 3rd parties are responsible for managing the WSUS clients, you could use this script to automatically mail them the clients they’re responsible for that haven’t reported for X days.

 
Leave a comment

Posted by on February 17, 2013 in Automation, ICT, Microsoft, Powershell, Windows, WSUS

 

Tags: , , , , , , , ,

 
%d bloggers like this: