How to build an Automated Patch-Management System using PowerShell & Task Scheduler

Configurare noua (How To)

Situatie

Solutie

Part 1: Create a Patch-Automation PowerShell Script

Step 1 — Open PowerShell ISE or VS Code

You’ll write a script that:

  1. Checks for available Windows updates

  2. Installs them

  3. Generates a log file

Step 2 — Use the Windows Update Module

Install the module (only needed once):

Install-Module PSWindowsUpdate -Force

Step 3 — Create an Update Script

Save this as AutoPatcher.ps1:

Import-Module PSWindowsUpdate

$logPath = “C:\Logs\AutoPatch_$(Get-Date -Format yyyyMMdd).txt”

# Scan for updates
$updates = Get-WindowsUpdate

if ($updates) {
$updates | Out-File -FilePath $logPath -Append
Install-WindowsUpdate -AcceptAll -AutoReboot -IgnoreReboot
Add-Content $logPath “`nInstallation completed at $(Get-Date).”
} else {
Add-Content $logPath “No updates available for $(Get-Date).”
}

Step 4 — Test the Script

Run:

.\AutoPatcher.ps1

Confirm it:

  • Produces a log file

  • Installs updates normally

Part 2: Automate Using Task Scheduler

Step 1 — Open Task Scheduler

Create a Basic Task → Name it “Auto Patch”

Step 2 — Set the Trigger

Choose:

  • Weekly (recommended)

  • During off hours (e.g., 3:00 AM)

Step 3 — Set the Action

Action → Start a Program
Program/Script:

powershell.exe

Add arguments:

-ExecutionPolicy Bypass -File "C:\Scripts\AutoPatcher.ps1"

Step 4 — Run With Highest Privileges

Check Run whether user is logged on or not and Run with highest privileges.

Verification

After the scheduled time:

  1. Check C:\Logs\ for patch logs.

  2. Confirm reboot behavior is acceptable.

  3. Review Event Viewer → Task Scheduler.

Optional Enhancements

  • Email notifications using Send-MailMessage

  • Push logs to a central SIEM

  • Add software updates (Chrome, Java, etc.) with Chocolatey.

Tip solutie

Permanent

Voteaza

Up Down
(11 din 19 persoane apreciaza acest articol)
Share
Tweet
Share

Despre Autor

Leave A Comment?