After having updates pushed to all servers from WSUS, in order to avoid the manual operation of installing updates, we can automatic this process to a whole lots of servers on AWS using the RunCommand.
In order to apply Updates on WSUS Suing the run command
Here are what needs to be considered.
There are some prerequisites that must be met before applying windows updates to production servers. They are as follows;
Ensure these updates are deployed to the Test-servers-group (Test servers) on WSUS, updates are applied on the test servers and these servers are then accessed via RDP before proceeding to apply the updates to Production servers.
Others factors that must be considered:
- Pull an AMI of all Production Server AMI (Ensure this is complete before applying windows updates)
- Same updates approved and installed for the test-server-group should be approved both for the Production servers after they are tested and applied.
Step 2: Proceed to AWS
- Navigate to the RunCommand (under Systems Manager and Services) and
- Select AWS-ConfigureWindowsUpdates (This is needed to allow windows updates to be installed automatically when triggered)
on the same page, select the instances.
The prerequisites to have these servers available are as follows
- Ensure the EC2config For Windows Server 2008 / 2012 or EC2 Lunch for Windows Server 2016 is up to date.
- And the Right Role for SSM agent is attached to all instances. If this is not the case, you can never find the instances here.
And click on run.
This will ensure the updates are installed and that the server is rebooted automatically.
Note, you can view the status of the run command to see if any failed or succeeded as shown below
– On the WSUS console, you should find that the servers are 100% patched as shown below. >I also verified that the updates installed are not problematic and servers can be accessed via the remote desktop manager (RDP)
Note: There are prerequisites to make an instance eligible or to be found via the run command. The RunCommand output will look like this below