PowerShell | Windows Update Cumulative Patch Review
Monthly Cumulative Updates (CUs) for Windows are essential for maintaining the security, stability, and performance of Windows operating systems. These updates are released by Microsoft on the second Tuesday of each month, known as "Patch Tuesday." Here’s an overview of what Monthly Cumulative Updates entail:
​
What Are Cumulative Updates?
Cumulative Updates are comprehensive packages that include all previously released fixes and improvements for the Windows operating system. Each Cumulative Update is superseding the previous one, meaning that installing the latest update brings the system up to date with all patches and fixes.​​
Best Practices
-
Test Updates:
-
Always test updates in a staging environment before deploying them to production systems to ensure compatibility and stability.
-
-
Regular Backups:
-
Maintain regular backups of critical systems and data before applying updates to mitigate the risk of potential issues.
-
-
Review Patch Notes:
-
Review the release notes for each update to understand the changes and fixes included, and to identify any known issues.
-
-
Plan for Downtime:
-
Schedule updates during maintenance windows to minimize disruption to users and services.
-
Check for Installed Cumulative Patch
<#
.SYNOPSIS
PowerShell Script to Check Systems for Monthly Cummulative Patch
.DESCRIPTION
Required - Set KB For Month Checking
Required - Administrative Access to Systems
Import From TxT File and Check OS Via Active Directory
Check Each System for Installed Patch
Export Results Corresponding By Operating Sytstem
.Author
Scott Head
ScriptsbyScott.com
#>
$Pinged=@()
$All += Get-Content C:\temp\ComputerList.txt
$Pinged+= $All | % {new-object psobject -Property @{Computername=$_; Reachable=(test-connection -ComputerName $_ -Quiet -Count 1)}} | Where-Object {$_.Reachable -eq "True"} | Select -ExpandProperty ComputerName -ErrorVariable A -ErrorAction SilentlyContinue
$WIN10 = @()
$WIN2012 = @()
$WIN2016 = @()
$WIN2019 = @()
$WIN2022 = @()
Foreach($Comp in $Pinged){
$WIN10+=Get-ADComputer $Comp -Properties * | Where{$_.OperatingSystem -like "Windows 10*"} | Select -ExpandProperty Name
$WIN2012+=Get-ADComputer $Comp -Properties * | Where{$_.OperatingSystem -like "Windows Server 2012*"} | Select -ExpandProperty Name
$WIN2016+=Get-ADComputer $Comp -Properties * | Where{$_.OperatingSystem -like "Windows Server 2016*"} | Select -ExpandProperty Name
$WIN2019+=Get-ADComputer $Comp -Properties * | Where{$_.OperatingSystem -like "Windows Server 2019*"} | Select -ExpandProperty Name
$WIN2022+=Get-ADComputer $Comp -Properties * | Where{$_.OperatingSystem -like "Windows Server 2022*"} | Select -ExpandProperty Name
}
CLS
Write-Host "`n------------------------------------------Windows 10-------------------------------------------------------"
#Windows 10 KB
Invoke-Command -ComputerName $WIN10 -ScriptBlock {
Get-HotFix KB5023696 -ErrorAction SilentlyContinue -ErrorVariable ScottsError
if($ScottsError -ne ""){"Error on -$Env:Computername"}
} | Tee-Object C:\temp\SYS-10.txt
Write-Host "`n-----------------------------------------Windows Server 2016-----------------------------------------------"
#WIN 2106 KB
Invoke-Command -ComputerName $WIN2016 -ScriptBlock {
Get-HotFix KB5023697 -ErrorAction SilentlyContinue -ErrorVariable ScottsError
if($ScottsError -ne ""){"Error on -$Env:Computername"}
} | Tee-Object C:\temp\SYS-2016.txt
Write-Host "`n-----------------------------------------Windows Server 2019------------------------------------------------"
#WIN 2019 KB
Invoke-Command -ComputerName $WIN2019 -ScriptBlock {
Get-HotFix KB5023702 -ErrorAction SilentlyContinue -ErrorVariable ScottsError
if($ScottsError -ne ""){"Error on -$Env:Computername"}
} | Tee-Object C:\temp\SYS-2019.txt
Write-Host "`n-----------------------------------------Windows Server 2022-----------------------------------------------"
#WIN 2022 KB
Invoke-Command -ComputerName $WIN2022 -ScriptBlock {
Get-HotFix KB5023705 -ErrorAction SilentlyContinue -ErrorVariable ScottsError
if($ScottsError -ne ""){"Error on -$Env:Computername"}
} | Tee-Object C:\temp\SYS-2022.txt