The WSUS Integration Management Pack (WiMP) is the latest addition to the Virtual Engine Toolkit (VET). We have been using this internally and at customers’ sites for a while and thought it was about time we released this to the community. It’s purpose is very simple; automate the installation of Microsoft security updates/patches. WSUS is great for patching workstations but not so hot for servers. For example, we would typically like to patch servers in a predetermined order and wait for them to return to service before continuing with the next. Is it simple to automate recursively patching a new computer with WSUS?
Standard Microsoft Windows Update/WSUS group policies do not grant us this level of flexibility or granularity, but RES Automation Manager does! Have you ever tried to patch Windows servers on the last Friday of the month with the standard Microsoft toolset? To put it another way; patching every Friday is a little easier to achieve.
The WSUS Integration Management Pack is primarily a standalone .EXE that will install (on demand) any required WSUS (or Windows Update if not configured) updates. The secret sauce in this process is detecting whether an update is pending and also recursively installing updates (if required) until the machine is fully patched. Included with VET v1.3 is both the WiMP.EXE and a RES Automation Manager building block. Note: RES Automation Manager is not required to use or deploy WiMP.
Within the RES Automation Building block there is a selection of modules and a project:
The “Install WSUS Updates” modules will install updates and reboot if needed. You would typically include this in a run book to patch individual agents or teams in a particular order.
If you’d like to recursively patch a machine then run the “Install WSUS Patches (Recursive)” project. This project is useful for recursively patching a machine until its fully up-to-date (have you ever manually patched a Windows XP SP3 install?!). This can be very useful in build processes. For example, rather than waiting for WSUS to patch a machine, you could now ensure that all new RES Automation Manager agents are fully patched as soon as possible. If you have patch dependencies, then the project will also help whether a reboot is required or not.
To get started, download the latest Virtual Engine Toolkit build and import the WiMP building block into the RES Automation Manager console. If you don’t have RES Automation Manager then the WiMP.EXE is also included if you’d like to automate the deployment either via scripts or your own deployment tools!