Thist free utility called PoshPAIG (PowerShell Audit Installation GUI) is developed and maintained by Boe Prox at learn-powershell.net. The tool allows you to Audit installed patches, Install patches remotely. The possibility to export the results to CSV files is also included. This very interesting feature for doing PowerShell Audit and Patch Installation on windows server systems, where you need to gather a list of patches deployed etc.
It provides you with GUI interface where you can:
- Add list of servers from file
- From interactive window where you separate multiple systems by comas or semicolon.
- You can also pull servers directly from AD.
PoshPAIG tool works in any Windows environment, with an ideal configuration with WSUS installed and the GPO policy setup to have the Windows updates Downloaded but not installed. – “Download and do not install”. The latest release of PowshPAIG is 2.1.5 where the developer precise that it's still alpha phase.
How to install and use this PowerShell Utility?
- The PoshPAIG tool (download from this page) needs PSExec.exe from Microsoft as helper. You can download it from here: https://technet.microsoft.com/en-us/sysinternals/bb897553
- Unzip both downloaded files and put the PSExec.exe file into the same directory as PoshPAIG. Don't use network share and UNC path.
- Open PowerShell Window and run Start-PoshPAIG.ps1
The Full list of features of the latest release:
- Updated ListView UI
- PSJobs replaced with Background runspaces for better performance
- New reports for installed updates
- Keyboard Shortcuts
- F1: Display Help
- F5: Run the selected command. Ex. Audit Patches,Install Patches
- F8: Run a select report to generate
- Ctrl+E: Exits the PoshPAIG applicaton
- Ctrl+A: Select all systems in the Computer List
- Ctrl+O: Opens up the Options menu
- Ctrl+S: Opens window up to add more systems to Computer List
- Ctrl+D: Removes a selected System or Systems
- Services Reporting for non-running services set to Automatic
- New UI changes
- Better interaction with Windows Update Service
- New reporting options available
- Options menu to adjust some settings
- MultiThreading of operations (Supports running 20 jobs at one time) without UI freeze
- Add multiple computers with Add Server button using comma to separate each server
- Select multiple computers in server list and perform operations on only those servers
- Able to reboot systems with a monitored reboot
- Ping sweep of all systems in server list
- View windowsupdate.log on an individual server
- View installed updates on servers
- Remotely run wuauclt /detectnow on servers
- Generate host list of servers
- Sort columns
- Notes column to track running operations
- Error report
PowerShell Audit and Patch Installation
When job has finished running, you are able to generate Grid-View report which you can view directly on the GUI interface, OR you can generate the CSV.
A quote from the product source page:
One of the best features about this tool is that it uses background jobs to perform all of the actions while the front end GUI is not affected. This means that you can freely move the GUI around as it does not get locked up like a normal WPF gui would in PowerShell if you attempted to run a job of some kind. You will also notice that the data in the GUI updates automatically as each job finishes for a server
Source: PoshPAIG Codeples Page
This looks great. The only thing that concerns me is if there is a way to control what is installed. Is it everything from Windows Update, only high priority, etc?
Vladan SEGET says
Would need to test furher. If you got the free resources, don’t hesitate to share the results…
Boe Prox says
Currently, PoshPAIG doesn’t support selecting which updates to install on the servers. When I wrote this utility, I was only looking at systems which used group policy to set the Windows Update Agent to ‘download but do not install’ the updates and it was also assumed that there was someone approving updates via a WSUS server. I am looking at offering a way to select which patches to install in a future update.
Also, thanks a ton for mentioning my utility here!
Boe, thanks for sharing this wonderful utility but this only works on 5 objects at a time. Can we increase that number anyhow?
Thanks Vladan SEGET for the wonderful block. but i’m facing issue while run the script can you please help me on this.
I’m Using win2k8 R2 Datacenter and Power Shell V3
17 Exception setting “RunspacePool” System.Management.Automation.ErrorRecord NotSpecified $powershell.RunspacePool = $runspaceHash.runspacepool
644 ExceptionWhenSetting SetValueInvocationException
13 You cannot call a method on a null-valued expression.
at CallSite.Target(Closure , CallSite , Object )
at System.Management.Automation.Interpreter.DynamicInstruction`2.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) System.Management.Automation.ErrorRecord InvalidOperation $runspaceHash.runspacepool.Open()
633 InvokeMethodOnNull RuntimeException
13 Exception calling “CreateRunspacePool” with “4” argument(s) System.Management.Automation.ErrorRecord NotSpecified $runspaceHash.runspacepool = [runspacefactory]::CreateRunspacePool(1, $maxConcurrentJobs, $sessionstate, $Host)
632 PSArgumentException MethodInvocationException
sathish kumar says
I have did few test on recent September patch. but what i noticed that.
1) on the first round scanning(audit) it shows 8 patches to be installed…then
2) I proceed to install it and reboot…and after server is online ran audit again it shows there is 2 more patch required.
3) But this time when i run patch for the 2patch…within 5sec it say’s completed. so i recheck by login into the machine saw it was not installed…tried to clear all the cache n etc thought it was the cache or something issue i did almost everything but same problem. the tool didnt install the second round of patches for unknown reason.
4) i tried on almost 10 different machines on different environment..result was the same.. sadly..leads me to believe something is not right….
5) best part is the patches is older KB from 2017 ? for my surprise… (its a “update” category).
Hope any power shell experts can help….is there any thing need to be modified.??
is this due to security category or update category..that is why its not executing the patch.??
Hello, this looks nice. Is there a chance of further development?