Answer the question
In order to leave comments, you need to log in
A
A
Artyom Sakharov2016-05-12 15:22:53
Artyom Sakharov, 2016-05-12 15:22:53
Utility for bulk installation of Windows updates on servers?
Faced with the insanity of the employer - once a month to go out on a day off to install Windows updates on servers (raised by WSUS). The use of SCCM is excluded, unfortunately, so I began to look for third-party solutions. I tried to use Powershell for this purpose, but remote script execution is disabled on the servers (you can enable it, but after a reboot the setting crashes). Since I do not have access to policies, this option has also been eliminated. Found a great utility BathPatch, which is just made for this job, but it is terribly paid ($400 for one license for a year, considering that the costs will fall on me). Is there a free analogue or alternative options that do not provide for the installation of ANY additional software on servers (only agentless update)?
UPD: I am clarifying the condition of the problem. There are about 2000 virtual servers, on which updates are installed once a month (manually, by connecting to each server via RDP). It is necessary, without using GPO and installing any agent software, to automate the installation of updates and rebooting PART of these servers (server monitoring is available, so there is no need to solve this part of the task).
3 answer(s)
@Re1ter
You can configure the servers to automatically apply updates on weekends.
If you need to monitor the success of applying updates , WSUS itself shows visual reports about this, by which you can see which servers received the update and reported on it, and which of them the update did not reach.
If you need to force restart after updates all servers at the same time on weekends, this can be done:
If you need to monitor if servers come back after a reboot , you can deploy Zabbix and add all servers to it by connecting the ICMP ping reachability template to all. You do not need to install agents for this. If one of the servers does not return for too long, you can deal with it privately without checking all the others.
If you need to remotely fix servers not booting after reboot then:
If they are physical: this can only be achieved with IPMI/iLO/KVM devices. No software solutions will help you.
If they are virtual: you can connect to them through the browser from the hypervisor.
All third-party software solutions that perform mass application of updates, unfortunately, do not deprive you of the described concerns, since both they and WSUS do the same thing according to the same principle - they send updates and monitor their application. They do not magically cure servers hanging in the middle.
At the same time, freezing of servers during the update process is a relatively rare occurrence.
Also, in order not to kill the entire server park with some bad update, it is considered good practice to run updates first on a couple of test benches - individual servers that will receive updates first. If they are not frozen and everything works as expected, you can apply these updates to all the others.
@xydope
@ifaustrue
L
landergate, 2016-05-12 @Re1ter
raised by WSUS
You can configure the servers to automatically apply updates on weekends.
If you need to monitor the success of applying updates , WSUS itself shows visual reports about this, by which you can see which servers received the update and reported on it, and which of them the update did not reach.
If you need to force restart after updates all servers at the same time on weekends, this can be done:
If you need to monitor if servers come back after a reboot , you can deploy Zabbix and add all servers to it by connecting the ICMP ping reachability template to all. You do not need to install agents for this. If one of the servers does not return for too long, you can deal with it privately without checking all the others.
If you need to remotely fix servers not booting after reboot then:
If they are physical: this can only be achieved with IPMI/iLO/KVM devices. No software solutions will help you.
If they are virtual: you can connect to them through the browser from the hypervisor.
All third-party software solutions that perform mass application of updates, unfortunately, do not deprive you of the described concerns, since both they and WSUS do the same thing according to the same principle - they send updates and monitor their application. They do not magically cure servers hanging in the middle.
At the same time, freezing of servers during the update process is a relatively rare occurrence.
Also, in order not to kill the entire server park with some bad update, it is considered good practice to run updates first on a couple of test benches - individual servers that will receive updates first. If they are not frozen and everything works as expected, you can apply these updates to all the others.
W
William Thorn, 2016-05-12 @xydope
What is insane about this? It's a perfectly normal requirement for an employer. Have you thought about what you will do if updates fail to install and/or result in server death/loss of any data? Restore on Monday? How many employees will not be able to work while you restore the server? How much will downtime cost the company?
1. Such work must be paid in accordance with the Labor Code of the Russian Federation.
2. If not possible on the weekend, try Friday night. Again, pay for your time.
3. If you don't want to control updates after business hours, change your employer/responsibility.
4. Increase fault tolerance, make a duplicate server, install updates one by one during business hours, if, of course, this is appropriate.
ps
On the topic of the question, I did not use the analogue of SCCM - OPSI.
C
Cool Admin, 2016-05-12 @ifaustrue
I think you can use either remote administration, or psexec or something like that. I don't understand why you have to go out physically for something like that.
The server is not a brand? Without RMC\iLo\KVM?
Similar questions
D
A
L
J
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question