question

POLINENIKiran-1542 avatar image
0 Votes"
POLINENIKiran-1542 asked jiayaozhu-MSFT answered

any custom script to deploy windows updates on multiple VMs across multiple resource groups

we have a requirement of scheduling update deployments for different Windows VMs. we have 3 Windows VMs in 3 different resource groups and these 3 VMs are connected to 3 different LA workspace of there corresponding resource group. we need to schedule update deployment from single automation account to install the selected windows classification updates. Any custom script available please let me know.

windows-server
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

You don't need any scripting, there are many ways to deploy and manage updates like WUfB , WSUS and so on.
Take a look at:
https://docs.microsoft.com/en-us/windows/deployment/

0 Votes 0 ·

Hi,

I would like to check if your issue has been solved and if the reply could be of help? If yes, please help accept answer, so that others meet a similar issue can find useful information quickly. If you have any other concerns or questions, please feel free to feedback.

Best Regards,
Joan

0 Votes 0 ·

Hi,

We have lost you for a couple of days and I would like to check if the reply could be of help? If yes, please help accept answer, so that others meet a similar issue can find useful information quickly. If you have any other concerns or questions, please feel free to feedback.

Best Regards,
Joan

0 Votes 0 ·
POLINENIKiran-1542 avatar image
0 Votes"
POLINENIKiran-1542 answered

@Reza-Ameri, thanks for the reply.
The documentation link which you shared related update deployment for Windows 10 using WSUS.

Let me brief my requirement again:
1. We have Azure 3 windows server 2019 Data center VMs across three different resource groups.
2. All these 3 windows VMs are connected to different LA workspace(s), and update management is configured separately for each windows VM.
3. We need to define a process to schedule the update deployment across all three VMs to install only critical and security updates and need to view the consolidated results with list of updates installed on all VMs like Dashboard results.

Please share the steps or procedure to configure the schedule update deployment to multiple VMs which hosted across multiple resource groups and connected to different LA workspace.




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

jiayaozhu-MSFT avatar image
0 Votes"
jiayaozhu-MSFT answered jiayaozhu-MSFT edited

Hi,

Thanks for posting on our forum!

Based on your descriptions, I suggest that you may find this article useful:

https://docs.microsoft.com/en-us/azure/automation/update-management/overview

Besides, as long as your VMs are in the same domain, you should not worry about limitations from different resource groups or different workspaces. Since your VMs are Windows OS, you can use WSUS or group policy to configure automatic update for these VMs. Just go to control panel>> Edit group policy>> Computer Configuration>> Administrative Templates>> Windows Components, and then click Windows Update. In the details panel, choose configure automatic update and click Enable and 4-Auto download and schedule the install:
99690-group-policy.jpg


And here is the article about configuring group policy:

https://docs.microsoft.com/de-de/security-updates/windowsupdateservices/18127451

Thanks for your support!

BR,
Joan


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


group-policy.jpg (142.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

POLINENIKiran-1542 avatar image
0 Votes"
POLINENIKiran-1542 answered

Thanks @jiayaozhu-MSFT for the reply.

The article what you shared is related to configuring the windows updates for virtual machines which are connected to same domain. I missed to mention in earlier post as all the windows virtual machines are not connected to domain as they belongs to individual customers. We deployed our product in Azure cloud on different virtual machines for different customers . Those VMs are not connected to any domain and will not be connected to domain as customers are different.

Our requirement is to have a single scheduled update deployment which install the specific updates like critical and security updates on all the configured VMs across different resource group and these virtual machines are connected to separate log analytics workspace and also need to have abort option for cancelling the updates installation. If they are connected to single Log analytics workspace we can schedule update deployment for all VMs at single schedule update deployment instance.

In our case they are connected to different log analytics workspaces, need to have single schedule update deployment where we can see the list of VMs for update deployment and after deployment, we can view the list of VMs with installed updates with status like Dashboard results. Is this customization possible, if so please share the steps to configure and configuration procedure.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

jiayaozhu-MSFT avatar image
0 Votes"
jiayaozhu-MSFT answered

Hi,

Thanks for your reply!

Here is my suggestion:

1) You can set up a same automatic update configuration for each VM seperately through group policy (i.e. the same frequency, date, etc.). For each configuration, just follow my guidance in my previous answer:

Go to control panel>> Edit group policy>> Computer Configuration>> Administrative Templates>> Windows Components, and then click Windows Update. In the details panel, choose configure automatic update and click Enable and 4-Auto download and schedule the install. Also see the screenshot I offered.

2) Then, download and install our free tool RDCMan on your computer and create a group, add the three VMs into the group, then you can view their update status:

http://woshub.com/using-rdcman-remote-desktop-connection-manager/

Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

Thanks for your support!

BR,
Joan


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

POLINENIKiran-1542 avatar image
0 Votes"
POLINENIKiran-1542 answered

@jiayaozhu-MSFT , Thanks for the reply.

The links shared related to RDCMan that tool is no more supported and as you suggested we need to separately configure the each VM in AD.

our requirement is to configure the schedule update deployment all three VMs with the update management like with single schedule need to install selected updates on three different VMs which are connected to different LA workspace and need to view the installed updates at single place like dashboard. Is there any workaround for this requirement or with any customization on existing update management is this possible.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

jiayaozhu-MSFT avatar image
0 Votes"
jiayaozhu-MSFT answered

Hi,

Thanks for your reply!

Firstly, I have checked that RDCM, as you said, has been discontinued with Microsoft. And Microsoft now recommends using the Windows in-box remote desktop client (MSTSC) (%windir%\system32\mstsc.exe) or universal Remote Desktop client instead. Here is an article for describing these services:

https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-clients

For enabling remote desktop client:

https://www.youtube.com/watch?v=-1iVGFA3y5E

Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

Secondly, I have clearly understood your requirement and I have researched this demand with our senior support engineers, the way that I gave you before can be an appropriate method for you. If you want a more customized method, which is beyond our scope, I will recommend you to find some third-party tools which can write customized scripts or have a design more flexible for your own use. But in any cases, the principle should be similar: you need seperately configure the each VM in AD and you need a script or tool (apps for instance) that can manage the seperately configured VMs as a whole and these VMs are not in a same domain.

Thanks for your support and understanding! And I would appreciate it if you could help me accept answer to support my work! : )

BR,
Joan


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

POLINENIKiran-1542 avatar image
0 Votes"
POLINENIKiran-1542 answered

@jiayaozhu-MSFT thanks for the reply.

Configure the VMs with AD is cost consumed and can you please share the detail steps related to configure the VMs with AD for update deployment. For POC work can we use our visual studio enterprise subscription by configuring the AD in that subscription. if so can you please share the steps related AD configuration and connecting to VMs to AD and then update deployment.

Can you please also suggest any custom script available for our requirement or possibility of customization of requirement , that would be very helpful.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

jiayaozhu-MSFT avatar image
0 Votes"
jiayaozhu-MSFT answered

Hi,

Thanks for your reply!

1) "the detail steps related to configure the VMs with AD for update deployment."
——The steps were shared before, those are the GPO methods mentioned in my first answer (attached a picture).

2) “For POC work can we use our visual studio enterprise subscription by configuring the AD in that subscription."
——I am not so familiar with Visual Studio, but I think this demand also needs custom script.

3) You seems to prefer to using custom script, which I agree with, while writing custom scripts is not covered in Microsoft's business. In this case, I strongly recommend you to find out some professional offices online. We can recommend you with Github. Github is a place where IT pros including our customers can post their scripts and you may find appropriate scripts for your demands. You can also ask for help on this website and there may be people who can write custom script for you.

Here are the links:
https://github.com/
https://docs.microsoft.com/en-us/samples/browse/?redirectedfrom=TechNet-Gallery

I really hope you can get your custom script soon. Using custom script is one of the most suitable solutions in this moment. Thanks for your support and understanding for my work! Have a nice day!

Besides, if possible, please help me Accept Answer to support my work!

BR,
Joan


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.