Introduction
Even though the Azure Update Center is already in preview many of our customers are still using Azure Update Management (the solution that uses Automation Account and Log Analytics workspace) to patch their servers. During one of these engagements, we realized that some of the Operating System Settings for Windows Update was not configured the way business required and this leads to erratic reboots and servers not patching on their expected schedules.
We needed a way to ensure our machines have the appropriate settings.
Requirements
Some of our answers can be found in the official documentation here, but for the reboots we need to dig a little deeper. Below are the registry settings we can configure for restart behavior.
If you would like to see more here is a great web site that looks at group policy settings and can help you find what is and is not configurable.
This PowerShell Script can be run to see which current Windows Update Registry settings are applied on your machines.
For our Specific Solution we will choose Option 2 from the above article.
In my GitHub Repository you can find the Desired State Configuration File that will remove all other settings and apply the above settings
Save this file as "WindowsUpdate.ps1"
Solution
Now for our last few steps we will use Azure Automation State Configuration (DSC) to import the Configuration and Compile it.
Click on Configurations and add
Choose the WindowsUpdate.ps1 file that you saved
Compile the Configuration
Once the compilation is complete, we can add machines (called Nodes)
Go to nodes and click Add
Choose Connect for your Node
and then choose your configuration name as "WindowsUpdate.localhost"
Now you are ready to go. Once the machine comes back and applies this configuration it will adhere to the update schedules set in Automation Account Update Management.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.