For the past few months, I have been working on a project for work that has pretty much been taking me away from working other items such as PoshWSUS. This project, which I have named PoshPAIG (yea, it’s the best I could come up with for CodePlex) which stands for PowerShell Patch Audit/Installation GUI. This utility allows you to input a server name via a host file, active directory query or by right clicking and adding the name yourself. You then have options to Audit Patches, Install Patches or Reboot Servers. I also included the capability to create a CSV file reporting the status after the Audit or Install of patches and the option GUI report which presents the report via a Grid-View.
Initial Planning
My initial plan was to make this into one file, which would have easily topped out at over 1000 lines of code. But as I started to work and make changes here and there, I found that this would need to evolve into something much more than I had anticipated. The moment I took the leap to add Help files that included pictures and something better than just a simple popup window with text showing a few basic help items, I realized that I would need to use multiple files, not only for the images but actually for specific parts of the help file I was putting together. Once I started down that path, I saw that it would make writing and debugging my code easier by separating some of the functions I used into their own separate files that I would call at the loading of the jobs.
I wrote the GUI using XAML for WPF and then compiled it via PowerShell. I admit that this was my first go at using WPF and have to say that I did enjoy it quite a bit! I went the easy route since it was my first time by using Stack Panels instead of Grids. I’ve started to use Grids more now on my last two projects, but do not feel like re-coding this project to use Grids at this point in time. At some point I may come back to this and re-do it using grids, but not any time in the near future. I used some of my old code that I put together for my command line auditing/installation of patches with some minor adjustments here and there. Most notably is my Get-PendingUpdates script that allowed me to create the remote COM object to perform the patch audit and save some time using PSExec (ok, not sure about saving time, but it makes it easier to compile the report). By doing the auditing this way, I already have my nice object to add into my current report and also update the grid table that shows how many patches are waiting to be install on each server (By the way, the number of patches for each server is updated in real-time as the utility runs thanks to some great background jobs and a lot of research and pain 
).
VBScript as a tool
I did go back in time a little bit and am using the same VBScript code to perform the patch installations. Now why VBScript you ask? Simple. I did not want to go into this with the assumption that PowerShell is installed on each and every server and then have it fail multiple times because there is nothing that can run the script. Using VBScript was an easy and simple decision as I can encase it in a Here-String and then just use Out-File to create it on the remote system which can then be called using the wonderful tool PSexec.exe. After a successful completion, the VBScript outputs a nice CSV file which is then grabbed using Import-CSV which I can then make a few adjustments and add into my report.
Important Notes
This tool is still in an Alpha state, meaning that some features will not work and some bugs that I am working on fixing. The most glaring piece that will not work is the Reboot Host capability. I decided to focus on a few other things and pushed this off until the next version. While I do not like releasing things that are not 100% complete, I felt that the most used features (audit and install) would be available to use to the user with potential bugs that I can pick off as I see them.
I have the project currently out at CodePlex instead of the Technet Script Repository for the time being as this is not in a stabile enough state to have out there yet. But rest assured that after the next couple versions, I will push it out to the repository for another place to download this utility.
PoshPAIG In Action
Ok, I have given a decent amount of background into this utility and now it is time to show it in action. After downloading the zip file from the CodePlex site, you can then unzip it to whichever location you wish. Keep in mind that you must keep all of the files in their same location and not move or delete anything. Doing so could potentially make this utility unusable.
Running PoshPAIG
After you have unzipped the files to the location of your determination, you can then run the utility via the PowerShell console (as an administrator) by navigating to the folder and typing:
. .\Open-WSUSUtility.ps
This must be run using the console and not the ISE due to issues with PSExec and how it is handled in the ISE. A friendly warning is given if you do this on accident. Also, a check is performed to make sure you are running PowerShell in STA mode and if not, it will attempt to re-run the script by opening another instance of PowerShell in STA. Lastly, a check is performed to make sure you are an Administrator. If this check fails, then you should open an instance of PowerShell as an administrator.
Adding servers to server list
Ok, lets start out by adding a server to the server list. There are a few ways to accomplish this and I will start out by showing the way to add just one system into the list. The first way is by Right-clicking on the server list and selecting the “Add Server” context menu. Doing so brings up a dialog to enter a server name to add to the list.
What you have next is the server added to the list and you can now see the current status for the patches on the server. In this case, there are no patches as the server was just added.
Other ways to add servers to the server list are to use the Browse File, which opens a dialog that allows you to locate a file containing a list of servers. Load File allows you to load the file that was designated in the text box to the right of the button. Lastly, we have the Load from AD, which opens a dialog box listing the current domain (if applicable) and allows you to accept the default domain or input another domain and loads all servers that have their accounts residing in that domain. It is important to note that I currently do not have anything configured to allow for alternate credentials for the other domains (but it is something that is on my To-Do list).
Auditing Patches
Auditing patches is a pretty simple process that can be done one of 2 ways depending on what you want to do. The key thing is to make sure that the Radio Button is checked for Audit Patches. You can audit a single server by double clicking on the server, which will begin the auditing of patches on the server. I have plans to add another context menu to right click on the server and select Run or something like that. If you have more than 1 server in the list and you click the Run button, the auditing process will begin for the first 5 servers in the list and will continue to update itself and run until all servers have been processed. During either of these times, the Run button is disabled to prevent any issues from occurring during the process.
Looking at the next image, you can see that the process has finished and the progress bar is at the maximum position. Also, and the more important part in my opinion, is that the server list has updated itself to show that there are now 43 patches waiting to be installed. As each server completes the auditing process, the server list automatically updates itself in real time to show you how many patches are available to install.
Audit Reporting
Now that I have performed the auditing of the server, the next step is to find out what those patches are that are waiting to be installed. How do we do that, you ask? Simple! To view a simple report just to see what is waiting, you can click the Open Report Window to open up a GridView report that can be sorted and filtered as needed.
As you can tell, I have quite a few patches that have not been downloaded, but are available to install. I can filter for KBs, Download status, title and computer. Another option for reporting is to create a CSV report that can be emailed to others. Another thing to note is that the report is created in the same directory as the utility (this will be changed in the future to allow the user to determine where it will be saved to) and also the path is displayed in the status bar.
Installing Patches
Installing the patches works exactly like the Auditing of patches. The only exception is that you must have the radio button checked for Install Patches. By doing this, you are telling the utility to perform a patch installation when clicking the Run button or double clicking on the server.
Looking at the image above, we can see that 1 patch did install successfully out of the 43 that were available to install. We know that only 1 patch was downloaded to the system, so this is ok. Had there been issues with a patch that was being installed, it would be reflected in the InstallErrors column. Much like the auditing, this information is updated in real-time as the installation is completed for each system.
Install Reporting
Again, just like the Audit Reporting, the reporting of patches that are installed is performed the same way. Let’s take a look at the gridview report and see what it shows.
As you can see, the patch shows as being installed successfully. Note that if the patch does not install successfully, the error will show in the report. The same goes for the CSV report that is created. I did have to cheat a little as I forgot to clear the report prior to the installation and had to filter for the patch that was installed.
Extra Items
Some extra things that are available in the utility are the menu items at the top of the utility. The include an Exit, Clear All, Clear Report, Clear Server List, About and Help. These are pretty much self explanatory. The Help is a set of help files (still work in progress) that will help a user to figure out what to do with the utility.
Conclusion
I hope that you find this utility to be useful and I welcome everyone’s opinion either on this site or on CodePlex. This is still in Alpha and I have a list of things to do to include adding the reboot feature, more information for the help files, fix a bug in the reporting for the installation of patches, etc… Thanks again for giving me support in making this utility a success!
Coming up next version…
At the time of this being published, I have already made some significant updates to PoshPAIG to include the following items:
- Notes section that displays the status of activity for each server
- Ability to select multiple servers to audit/install/remove
- Get a report of all installed patches on server/s
- View entire WindowsUpdate.log or last 25/50/100 lines
- Run wuauclt with detectnow or resetauthorization switches on servers
- Reboot selected servers
- Better reporting for patch installations
- Time taken for completion of actions
Here is a screenshot of it showing the new Notes column as well as some right-click menus.
I still have more testing to do with a few of these features but am hopeful that this will be released within the next few weeks.
Love the script. Right now I am having a issue with installing patches though. About a week ago I used it on a test batch of servers and it worked perfectly. This week since there were no problems I decided to increase my test server list to 50. It successfully audited the servers, but when I went to run the patches it errored out on all servers within a matter of seconds. I am not a domain admin just a admin in my OU. Is there any group policy that would prohibit me from successfully patching? Is there a error log that I can view to try and troubleshoot this problem further?
Hey Boe…. Like the way the script is written , its cent % awsome… but the way , it would be nice if you had an option to start stoped services from PAIG aswell.
You know, I think it would be much easier for you to do this with a PowerPack for PowerGUI. You get so much extra for free this way, plus you can mobile-enable the PowerPack and allow users to do this from their mobile device.
Hi Kirk!
Thanks for the comment. That is a great idea to build a PowerPack for PowerGUI. I am already committed to finish up PoshPAIG and add the help files for it, Once that is done, I think I will turn my attention to learning about building a PowerPack and get the ball rolling on this. Probably would have started this up at work if I wasn’t waiting still to get PowerGUI approved to be on the network (long story).
Thanks for the great idea!
Boe
This looks fantastic. I’m looking forward to trying it out. One small request – if there are known problems with the code as it stands, can you please use the Issue Tracker functionality of CodePlex to log them so that users can be more aware of what might go wrong?
Thanks.
Good idea, I will look at adding some stuff to the Issue Tracker. Thanks!
Pingback: Episode 150 – Glenn Sizemore on NetApp and PowerShell « PowerScripting Podcast
Boe…. I love this! I’m on a massive windows update run this afternoon and this has made my job a million times easier. I can only begin to imagine the amount of effort that’s gone into this. Just in case you’re interested, here’s a couple of things I think would make it easier:
1) Ability to browse a tree of AD to select root (Might be fun in WPF)…
2) Some sort of indicator that a server could not be contacted rather than just showing “0″ Audited updates. I’d love to see “–offline–” or even “-1″ or something…Just a thought.
The extra ideas are simply me nit-picking, the tool itself is mind-blowingly useful!
All the best,
Chris
Thanks Chris! Any feedback is good feedback for me! The idea of having a tree to browse is pretty cool and something I will look into for a future version. As for the second suggestion, I can tell you that it I implemented something like that for the next version release that brings a “Notes” column that will display the status of each system to include it being offline or completed during an operation. Glad you are liking this tool! It has been fun to build and is a nice learning opportunity for me as well.
Boe