1

I have 10 application servers all running Windows Server 2008 R2 Standard, company security policies have disabled automatic install of windows update packages but I am still a local administrator on all those servers and I would like to automate the execution of windows update check, install all what available and reboot.

it should be safe to do it because all these servers are just for DEV, INT and QA environments and if I could script/automate this I would not need manual RDP login to all 10 machines to run this update/reboot manually.

any idea? thanks :)

Davide Piras
  • 163
  • 8

3 Answers3

4

You'll need to see if it's possible to get a different policy applied to your group of servers. Even with something like WSUS which Robin mentions, you won't be able to control any of your servers update schedules unless you can replace the group policy settings that apply to them.

Chris McKeown
  • 7,128
  • 1
  • 17
  • 25
1

Look at WSUS http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx http://en.wikipedia.org/wiki/Windows_Server_Update_Services

Robin Gill
  • 2,503
  • 13
  • 13
  • This won't solve the problem if he can't override the policy that is currently setting the Windows Update options. – Chris McKeown Jul 13 '12 at 13:02
  • @ Chris McKeown - Very true - I had a dozy moment where I thought the policies preventing the updates were procedural policies for people to comply with rather than GPO. Off to beat my self with the biggest stick I can find! – Robin Gill Jul 13 '12 at 14:02
1

i use this script to force installation of wsus updates:

http://theitoolbox.com/2012/vbscript-force-windows-update-2-6b-email-results/

execute this scripts via psexec on the servers and save yourself an hour every month.

cheapstyle
  • 11
  • 1