Using PowerCLI to display ONLY WindowsOS and patch...

randy3608 · ‎10-05-2015

I am trying to find a script that will allow me to use vSphere PowerCLI to list ONLY VMs that are running Windows Operating Systems whether they are powered on or not. I also want to see if those OS's require patching. Does anyone have any idea what script will work best?

jpsider · ‎10-06-2015

Good Morning!

Here is a start. One question I have is whether or not you are running WSUS on your network or not. Personally I think it would be better to use powershell to query your WSUS server with the vmname vs. querying the Machine. The reason being that WSUS is your central management location and should be your system of record for the patches.

Here is a way to get the list of VM's that are windows with their power state.

$vms = get-vm
foreach($vm in $vms) {
$vmview = $vm | get-view
if ($vmview.Summary.Config.GuestFullName -like "*Windows*"){
  $vm
  }
}

Now, when/if you want to search for the patch info, you have two options with line 5.

1. Use the $vm name to then invoke a script on the VM to determine patch actions.

2. Use the $vm name to query your WSUS server.

Let me know if you have more questions.

LucD · ‎10-06-2015

Try something like this, but be warned that querying the Update status can take a long time.

The script uses Invoke-VMscript, so VMware Tools shall be installed on the VMs

$cmd = @'

$uSession = New-Object -ComObject Microsoft.Update.Session

$uSearch = $uSession.CreateUpdateSearcher()

$uSearch.Search("IsInstalled=0") |

Select -ExpandProperty Updates |

Select -ExpandProperty Count

'@

Get-VM |

where{$_.Guest.GuestFamily -match "windows"} |

Select Name,@{N='Updates missing';E={

Invoke-VMScript -VM $_ -ScriptText $cmd | Select -ExpandProperty ScriptOutput

}}

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

randy3608 · ‎10-06-2015

Thanks! But how can I run updates on all my machines at once? I am running WSUS by the way, so would I be telling my WSUS to force patching?

randy3608 · ‎10-06-2015

LucD Its not liking Get-VM -Name (Missing an argument for parameter 'Name'. Specify a parameter of type 'System.String[]' and try again.

jpsider · ‎10-06-2015

Well again, you can force this via Group Policy (assuming your machines are on a domain) or you can run Different types of scripts that can force machines to update.

.vbs - https://msdn.microsoft.com/en-us/library/aa387102(VS.85).aspx

.ps1 http://www.gregorystrike.com/2011/04/07/force-windows-automatic-updates-with-powershell/ or http://www.itnotes.eu/?p=1882

It kinda depends on your comfort level.

randy3608 · ‎10-06-2015

Will this force updates to Machines that are also powered off?

jpsider · ‎10-06-2015

No, Windows VM's must be turned on in order to install updates. You could add the logic to your script to power a vm on, if it's power-state is off.

gopanaboena · ‎10-06-2015

Hi

Try this command

Get-WmiObject win32_operatingsystem | Select-Object Name,ServicePackMajorVersion,ServicePackMinorVersion

randy3608 · ‎10-06-2015

What would that look like? I'm not too familiar with scripting..

LittleNickey · ‎10-07-2015

"LucD Its not liking Get-VM -Name (Missing an argument for parameter 'Name'. Specify a parameter of type 'System.String[]' and try again."

Which version of PowerCLI do you have installed? Have you imported the module/snapin?

"Get-WmiObject win32_operatingsystem | Select-Object Name,ServicePackMajorVersion,ServicePackMinorVersion"

"What would that look like? I'm not too familiar with scripting.."

This would give you the OS name and SP version installed. You can try it out in powershell on your desktop to see the result.

If you're using WSUS, I would go with jpsider‌'s suggestion to update servers.

-- Oskar

mypcgeek · ‎10-07-2015

You can install Windows WSUS and create a GPO to point to WSUS that will report this. WSUS is free. It's actually built into Server 2012.

All

Using PowerCLI to display ONLY WindowsOS and patch status