After having updates pushed to all servers from WSUS, in order to avoid the manual operation of installing updates, we can automatic this process to a whole lot of servers on AWS using the RunCommand. In order to apply Updates on WSUS Suing the run command. For more articles I have written, see the following hyperlinks: Configuring WSUS Email Notification to Work With Office365, How to setup and configure Windows server update services (WSUS), Important Areas to Master on WSUS (Installed and not applicable, Install 1/4, and Installed / Not applicable 100), Targeting WSUS Client with the Registry keys: How to configure WSUS Clients to get Updates from the WSUS server using Registry settings, How to Configure SSL between WSUS servers (Upstream and Downstream Servers), Handy WSUS Commands, Windows Server Update Services Commands, WAUACLT, PowerShell and USOClient, How to Start, Stop and Restart Windows Server Update Services (WSUS) via PowerShell and CMD, Windows Server Update Services: Windows 2016 Servers does not show up on WSUS console, and WSUS clients appear and disappear from the WSUS Update Services console.
Here are what needs to be considered. There are some prerequisites that must be met before applying windows updates to production servers. They are as follows;
Ensure these updates are deployed to the Test-servers-group (Test servers) on WSUS, updates are applied on the test servers and these servers are then accessed via RDP before proceeding to apply the updates to Production servers.
Others factors that must be considered:
- Pull an AMI of all Production Server AMI (Ensure this is complete before applying windows updates)
- Same updates approved and installed for the test-server-group should be approved both for the Production servers after they are tested and applied.
Step 2: Proceed to AWS
- Navigate to the RunCommand (under Systems Manager and Services) and
- Select AWS-ConfigureWindowsUpdates (This is needed to allow windows updates to be installed automatically when triggered)
on the same page, select the instances.
The prerequisites to have these servers available are as follows
- Ensure the EC2config For Windows Server 2008 / 2012 or EC2 Lunch for Windows Server 2016 is up to date.
- And the Right Role for SSM agent is attached to all instances. If this is not the case, you can never find the instances here.
And click on run. This will ensure the updates are installed and that the server is rebooted automatically.
Note, you can view the status of the run command to see if any failed or succeeded as shown below
Check on the WSUS server after the updates are applied
– On the WSUS console, you should find that the servers are 100% patched as shown below. >I also verified that the updates installed are not problematic and servers can be accessed via the remote desktop manager (RDP)
Note: There are prerequisites to make an instance eligible or to be found via the run command. The RunCommand output will look like this below
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session. I welcome you to follow me on Twitter and Facebook.