We have a very tight outage window and for many of our systems, the servers must be rebooted in the correct order. Because of this, I would like to script our updates.
I have attempted to use this Powershell script found in the Microsoft Script Repository, however, for me it does not work remotely, doesn't always work using Invoke-Command and it starts the installation then returns without waiting for installation to complete. I would like each system rebooted after the installations are complete, this is difficult to script without the installation blocking or status information to block upon. After spending far too much time, attempting to make the CCM_SoftwareUpdate and CCM_SoftwareUpdatesManager WMI classes do what I need, I thought it was time to ask how others might be handling similar situations.
A friend of mine says his company solved this problem by using Shavlik, unfortunately, that is not an option here.
We are using SCCM 2012 and have a mix of 2003, 2008 and 2012 servers.
Yes. You can do this with powershell similar to what the script you posted tries to do. I came across that script a while back, can't remember if it worked or not but I did get something to work. don't know why his wouldn't work, it does use the same methods, but I was able to do this with .NET and WMI using C#, so I know it can be done with powershell.
In a nutshell, I used the WMI query
"SELECT * FROM CCM_SOFTWAREUPDATE WHERE COMPLIANCESTATE=0 AND EVALUATIONSTATE < 2"
and passed each update one by one to the InstallUpdates method, because I wanted to display the progress similar to how Microsoft does it. You must pass an array to the InstallUpdates method, even if you're only passing a single update object. You could pass the entire returned array if you want, and it will queue them up like it always does, installing them one by one.Also, what about configuring a maintenance window for this collection, and telling sccm not to install updates outside the maintenance window? When one update is finished, if it's past the maintenance window then it will stop installing updates (in theory for me, I've never had the maintenance window luxury).
if you're a gimmiedehcodez kinda person, that code should compile in with .NET 4.0 and
More info on the CCMClientSDK here
Here is what I put together from various web pages. Using Powershell. Please note that you will have better success using WinRM (winrm quickconfig on the remote servers to enable WinRM) which can use the
Invoke-Command
cmdlet instead of theInvoke-WmiMethod
but this method works for me on Server 2008 and newer. For Server 2003, the Updates deployment evaluation scan works but Powershell will complain about something. Run the commands locally to work around that.