Contents
Introduction
If you are anything like me, you probably get fed up managing Windows Server updates manually pretty quickly. Logging onto servers, checking for updates, installing them, rebooting them, trying to keep track of which servers have been updated, what updates were installed etc… etc…
I wanted to automate the process but still have control over when the updates were installed, get notifications on when/what was installed.
My requirements were:
- Have updates download, installed and reboot server if neccassary (at time I choose)
- Email me when updates were installed telling me what was installed and if required a reboot
- Save a log of what was installed for each server on a file share
Using the PSWindows-Update module I was able to come with the scripts to do just what I needed, and it was relatively straight forward.
The email notifications from the server updates give you the following info:
- KB number
- Status (Accepted, Installed, Rebooted)
- Title
- Size
The log files give you the same info:
The Script
1. Install PSWindowsUpdate Module
First thing you need to do is install the PSWindowsUpdate module on the server:
Install-Module -Confirm:$false -Force PSWindowsUpdate
2. Create folders to save Update logs
I like to save a log for each server in a \\fileserver\Year\Month\ServerName-DateUpdatesInstalled.log filing format. EG: my storage of the logs looks like this:
\\fileshare\ServerUpdates\2022\July\server1.2022-07-21.log
This way I can easily go through each month and see what servers had updates and which updates were installed. This is handy is you are checking to see if a particular update KB was installed
Every time the script runs it checks if the folder for this year and month exists, if not it creates them.
# Set Variables for todays date, year and month
$currentYear = get-date -Format yyyy
$currentMonth = Get-date -Format MMMM
$TodaysDate = (Get-Date).ToString('yyyy-MM-dd')
#Set where logs will be stored
$logLocation = "\\fileshare\ServerUpdates"
#Check if year folder exists, if not create it
$yearFolder = "$logLocation\$CurrentYear"
if(!(Test-Path -Path $yearFolder ))
{
New-Item -ItemType directory -Path $yearFolder
}
Else
{
Write-Output "Folder already exists"
}
#Check if month folder exists, if not create it
$monthFolder = "$logLocation\$CurrentYear\$currentMonth"
if(!(Test-Path -Path $monthFolder ))
{
New-Item -ItemType directory -Path $monthFolder
}
Else
{
Write-Output "Folder already exists"
}
3. Install updates, output info to log, send email notifications
The piece of the piece of the script does the following:
- Accepts and installs the updates
- Reboots if required
- Outputs a log of what was installed to the specified location
- Sends an email notification with what was installed
#Set varibale for path for log files
$logFile = $monthFolder + "\$env:COMPUTERNAME.$TodaysDate.log"
#The following line does all the magic
Install-WindowsUpdate -MicrosoftUpdate -SendReport -SendHistory -AcceptAll -AutoReboot -Verbose -PSWUSettings @{SmtpServer="YourSmtpServer.com";From="ServerUpdates@yourdomain.com";To="yourEmail@yourdomain.com";Port=25} | Out-File $logFile -Append
Conclusion
Thats it, its a pretty short script. You could run this script manually on the servers at a time that suits you, or simply setup a scheduled task that will run the script at specific time.
Feel free to ask any questions and I will do my best to answer them!
