Monday, December 01, 2008

Patching via Command Line

An interesting article about patching via command line. Below outlines the process and the command involves step-by-step.

  • Create a list of server to be patched.
get-qadobject -sizelimit 0 -type computer | where {$_.osname -match "server"} | select name > c:\servers.txt
  • Deploy the patch from a share folder.
psexec @serverlist.txt -c "\\File-Server\SecurityPatches$\MS08-067.exe /quiet /norestart /overwriteoem"
  • Reboot the servers.
gc c:\servers.txt | ForEach-Object { gwmi win32_operatingsystem -ComputerName $_ | ForEach-Object { $_.reboot() }}
  • Verify if any server failed the patching.
function Get-HotFix($server,$hotFixID) {
PROCESS{
$results = gwmi win32_quickfixengineering -computer $_ -filter "HotFixID='$hotFixID'"
if ($results) {
$results | select CSName,HotFixID,@{n="Installed";e={"Yes"}}
} else {
$results = "" | select CSName,HotFixID,Installed
$results.CSName=$_
$results.HotFixID=$hotFixID
$results.Installed="No"
$results
}
}
}
gc (Read-Host "Please provide path to server list file") | Get-HotFix -hotFixID (Read-Host "Hotfix ID") | ft -auto
>>>> See Poor Mans Patching with PSExec and PowerShell