2

I am automating the install of some software on Windows Server. As a pre-req, the OS should have the latest service pack and monthly update packs installed, or the apps won't be supported. The servers don't have internet access so no WU/MU. WSUS is not updated and outside my control. Need to figure out the latest updates for WS 2012, 2012R2 and 2016 and apply them - from a network repository. The servers are rebuilt on every release (every 2 weeks). Has to be scripted in Powershell and maintenance free - won't manually browse through the MU Catalog or other Microsoft resources to check on the latest and hard code the latest KB every month.

Need to build my own repository with the latest updates. Is there an official Microsoft list that can be queried (via Powershell if possible) and supports advanced searches for OS, date, type of update ? as listed here: https://www.catalog.update.microsoft.com/Home.aspx

Razvan Zoitanu
  • 655
  • 1
  • 11
  • 26
  • 6
    Install WSUS and you can then use Powershell alongside it to do exactly what you want. It also has the benefit of being able to manage the updates so you only install the latest rather than everything that has been superseeded – Drifter104 Oct 20 '17 at 10:51
  • @Drifter104 You really should post that as an answer, it is the correct one. – jscott Oct 20 '17 at 12:53
  • I won't steal Drifter104's thunder. "As a pre-requisite, the OS should have the latest SP and monthly update packs installed." - So why do you need to query anything? Sounds like you can turn on automatic updates to either auto install and reboot, or if you need to manually install then turn on automatic updates as "download but let me choose to whether to install them" or use WSUS? When you say "Update Catalog...web based" it makes me think you are going out to the Catalog and looking for updates manually. WSUS/SCCM or the built in Automatic Updates will tell you what the server needs. – TheCleaner Oct 20 '17 at 13:02
  • There's no support for the 3rd party apps unless the Windows updates requirement is met. WSUS is configured but it's about a year behind, I have no control over that. There's no internet access on the servers. The workaround is to download the latest updates from another box with internet access, save to a file server, and deploy to the targets. Need to edit the question to clarify, thank you. – Razvan Zoitanu Oct 20 '17 at 13:21
  • 2
    You really need to get the person/team who manages WSUS on board. If this is as critical as it appears then WSUS is the answer.... Other than that there is a `xlsx` file that MS produce with all the updates listed. Powershell will loop through that for you, but it has links to windows catalog not direct download links. – Drifter104 Oct 20 '17 at 15:56
  • 2
    So build your own WSUS server on the "box with internet access" and have your servers point to your own WSUS server. – TheCleaner Oct 21 '17 at 16:01

0 Answers0