Over the last few years, we here at TriCon Elite have been using what we call “The Patch Solution”. Boring name, but it also fits its purpose. Who loves deploying patches and reporting? There are many ways to patch your Windows Servers, but our slim, simple, PowerShell solution was created to solve a few key areas, for free. It has been released to the community for quite some time, but keep reading on why you should use it too!

In this blog series I’m going to breakdown each of its components and explain how it works and the decisions that were made during the process.

The Patch Solution has been tested on many of our clients and some have been running it in production for around 5 years. Now it’s time to get more people in the community onboard. We need to keep our machines patched and updated. Security is paramount! Many people we talk to in our work lives and at events such as MVP Days, patching is a conversation that always seems to get people worked up, questions, stories and debates going! The downside is, environments are not being patched as often as they COULD BE!

Let’s peak your interest again

  • IT IS FREE!
  • IT USES POWERSHELL
  • USES WSUS or MICROSOFT UPDATES
  • Invoke the Script from a file server, or save it locally on a machine
  • Patch machines on the days and during the times you define
  • Ability to Send Reports on machines that will be patched in the next schedule
  • Does not require any install of SCCM or 3rd party software

Automatic Updates

Most organizations will have an installation of WSUS. This minimizes the amount of updates that needs to be downloaded from the internet and distributed to servers or workstations. In turn, these devices have been configured to use WSUS. By default, download and install the patches at 03:00. This is so far away from a optimal solution for any company, regardless of size. There are many ways to configure automatic updates to download and install or notify the users or administrators to install patches.

The Patch Solution aims at simplifying and centralizing the process. The Patch Solution is basically a wrapper that calls into the Windows Update API and forces it to do a update scan. Now again, as this uses the general Windows Updates API, if the computer is target to use the Microsoft Updates servers on the internet, then it will do just that. Of course after the scan has completed, Patch Solution will then install the patches. Again, regardless of where the patches come from, either Microsoft Update servers, or a from a WSUS installation, if the patches have been approved and are visible through the Windows Update GUI, they will be applied.

If you haven’t figured it out, The Patch Solution, controls and triggers when Windows Update scans are run. So this is why we do not need 3rd party software. If the configuration file is on a file share, this makes it easy to control your infrastructure patch from a single point!

What’s Next?

Stay tuned for the part of this blog series!

Happy Patching!??!!? Or???