3

I have a simple powershell script which unapproves all patches based on computer group name in WSUS which works great.

All of our servers patch on a specific Day/Week/Time starting on Week0-Wednesday which would be the Wednesday after Microsoft Patch Tuesday (2nd Tuesday of every month) all the way to Week3-Sunday. This obviously causes problems as sometimes not all patches get applied in one reboot cycle, and then will install patches the following week during their group policy scheduled patching day/time which is what I'm trying to prevent.

My question is I'm trying to schedule my script to run based on this schedule and I am finding it next to impossible using Windows Task Scheduler. For instance if I wanted something to always run on the 4th Monday after Microsoft Patch Tuesday, I cant always use the task scheduler option "4th Monday of the Month"

Has anyone run into a similar situation, or know of any task scheduling tools which give you more flexibility than Windows Task Scheduler?

floyd
  • 1,530
  • 4
  • 18
  • 30

1 Answers1

4

This would be pretty complicated, but might work. You need a combination scheduled tasks & scripts.

  • Run a task on patch Tuesday that and sets a flag file in a particular directory with the contents set to "0"
  • Every Monday run a script that looks for the flag file
    • If the flag file is found read it and add 1 to the value found
    • If the flag file is 3 (the 4th week), delete the flag file & run the update script

You could do this by renaming the file instead of edit the contents

uSlackr
  • 6,337
  • 21
  • 36
  • Interesting, thanks for the idea. I had not thought of it yet. What ive done is have one script set the contents of variable.txt to 0 on Patch Tuesday, and then another script to increment that each week. Then included code in my PowerShell script to read that variable.txt in to determine which computer groups to unapprove patches for. – floyd Jun 09 '12 at 00:44