Workspace Environment Management

Automatically apply Windows updates using scripted tasks

As an administrator, you might have many devices to manage. They might exist in different domains and have different security levels or Windows OS versions. Updating those devices in a timely manner to prevent potential risks can be a tedious task. To achieve this goal, you might do the following:

  • Collect information related to updates.

  • Draw comparisons between the collected information to identify the devices where updates are missing.

  • Apply one or more updates to relevant devices one by one.

Workspace Environment Management (WEM) provides you with a scripted task feature that simplifies the task of applying updates to your devices.

All you need to do is configure two scripted tasks. A general workflow is as follows:

  1. Prepare two scripts and create a file

  2. Add two scripted tasks

  3. Configure the two scripted tasks

  4. View the task execution report

Prepare two scripts and create a file

  1. Prepare a script that monitors available updates.

    $List = Get-Content \\hyenvwemserver\share\hotfix.list
    $Applied = Get-HotFix | Select-Object -ExpandProperty HotFixID
    $ExitCode = 0
    $List | ForEach-Object {
        if(-not ($Applied.Contains($_)))
        {
            Write-Host $_
            $ExitCode = 1
        }
    }
    Exit $ExitCode
    <!--NeedCopy-->
    
  2. Prepare another script that applies updates.

    Param(
      [string]$consoleOutputPath
      )
    $List = Get-Content $consoleOutputPath
    $List | ForEach-Object {
      Write-host "Installing hotfix: $_"
      Get-WindowsUpdate -Install -KBArticleID $_
    }
    <!--NeedCopy-->
    
  3. Create a file that includes a list of updates.

    Note:

    Put this file in a place that the WEM agent can access, for example, in a shared path: \\hyenvwenserver\share\hotfix.list.

    File including a list of updates

Add two scripted tasks

The following information is supplemental to the guidance in Add a scripted task. To create the two scripted tasks, follow the general guidance in that article, minding the details below.

In Web Console > Scripted Tasks, add the two scripted tasks.

Scripted Tasks

Configure the two scripted tasks

The following information is supplemental to the guidance in Configure a scripted task. To configure the two scripted tasks, follow the general guidance in that article, minding the details below.

  1. Go to the relevant configuration set, navigate to Scripted Task Settings, and configure the “Apply updates” task.

    In this example, the task is specifically configured as follows:

    1. Select Yes to enable the task.

    2. Clear Verify the signature before running the task.

    3. In Triggers, create a “Scheduled” trigger as follows.

      Create trigger 1

  2. In the same configuration set, configure the “Monitor updates” task.

    In this example, the task is specifically configured as follows:

    1. Select Yes to enable the task.

    2. Clear Verify the signature before running the task.

    3. In Triggers, create a “Custom scripted task result” trigger as follows.

      Create trigger 2

View the task execution report

After the tasks run successfully, you can view the results by checking the reports. For more information, see Reports. In this example, you can see the following reports:

Report summary:

Report summary

Report detail of the “Apply updates” task:

Report detail 1

Report detail of the “Monitor updates” task:

Report detail 2

Automatically apply Windows updates using scripted tasks