How to maintain the patch status of your Windows and Linux machines
You can use Update Management in Azure Automation to manage operating system updates for your Windows and Linux machines in Azure, in on-premises environments, and in other cloud environments.” Microsoft
To enable on a specific virtual machine in Azure
Note – You only pay for logs stored (Log Analytics)
Enabling the option can take up to 15mins
Useful reference links
Bulk Add Azure VMs and Non Azure Machines
You create a WSUS GPO and apply it to the Computers.
Now how do you validate its working
Open the registry and browse to :
The GPO for WSUS should populate the registry with following values
WUServer …updates server
These values should match the GPO settings for WSUS.
Clients not checking in or checking in and then disappearing
Cloned images – SUSCLIENTID is not reset with Sysprep!!!
This needs to be done if your creating a template for Windows 2016 and Windows 10 in a virtual environment.
So if you have deployed servers from template already, do the following fix. Or if you realised before deployment, just delete the reg keys before converting the virtual machine to a template.
Solutions / Fix
Stop Windows Update service
Open up regedit
Browse to : computer\hklm\software\microsoft\windows\currentversion\windowsupdate
Start Windows Update service
Open up command prompt as admin on the effected Window 2016 or Window 10 client, if the image has already been deployed
The clients should then check in and create a new SusClientId and SusClientIdValidation
So, you deploy a GPO to Window 10 clients, but your in a hurry to get the clients to check in…
As a SysAdmin for many years I would log on to a client, open command prompt and type :
wuauclt /detectnow (Windows 7 / Windows Server 2008/2012 clients)
In Windows 10 you will notice that it doesn’t do anything and doesn’t show you anything. (As shown above)
An example of “Whats New” in Windows 10, and Windows Server 2016 To check or scan “Windows Update” from the command prompt :
CMD (Run As Administrator)
And there is more switches….
StartScan – Used To Start Scan
StartDownload – Used to Start Download of Patches
StartInstall – Used to Install Downloaded Patches
RefreshSettings – Refresh Settings if any changes were made
StartInteractiveScan – May ask for user input and/or open dialogues to show progress or report errors
RestartDevice – Restart device to finish installation of updates
ScanInstallWait – Combined Scan Download Install
ResumeUpdate – Resume Update Installation On Boot