Recently i needed a quick way to automate patching and rebooting of servers in our data-center. We felt that just using standard WSUS with GPOs was to fuzzy and not specific enough regarding reporting after patching had completed.

I could have set up our event log collection servers to alert any errors post-reboot, or i could have used System Center 2012 R2 Configuration Manager, but just for kicks i opted to use powershell to patch the servers. I have a plan to get better at powershell, so this is a good way to just do the jobs i need done while learning something in the process. My plan is to modify this to use either SMA or DSC.

I found two good powershell modules for the job of patching servers. The first one is PSWindowsUpdate and the other is PowerShellLogging. Furthermore, the HTML reporting parts are originating from here, and i have modified them slightly to suit my needs.

What i ended up with was three scripts; One for deployment, one script for patching that patches and reboots the server and a second script that runs after boot to do the reporting. At some stages the scripts will write to an event log using a source created in the start of the first script and i also used the PowerShellLogging to give me some way to track what happens in the script when it runs.

To set up a server for patching, i just ran the following script on the server i wanted to set up. This can of course be automated better using SCCM if you have a lot of servers to set up.


After the first patch script has finished patching the server, it creates a scheduled task that runs the second script at the next boot, and the first script then reboots the server. After the reboot, the second script will start of by cleaning up the scheduled task, from the first script, that started it and just collect which updates were installed, in addition to the system and application logs for the past hour. It will then put that info in some CSV files which will be used by the HTML report. The HTML reporting code will get some additional system info and present it, along with the installed updates and logs, taken from the generated CSVs, as an HTML report and then send a mail to the appropriate recipients.

So just a quick and easy way to patch and send a report after.

The scripts are here.


The second script that runs after boot:

By the way, mind the smart quotes if you copy the script from the text above.