Automating Complex Server Update Maintance windows and Update Deployments

In our environment, we have a fair bit of complexity when it comes to server patching and maintenance windows.  keeping up with updating the maintenance windows manually on each group and creating the deployments that honored those windows was a little bit of a pain.  I hope now with the new server groups in 1602 we can reduce the number of these groups but until then this workflow saves me a lot of time and mistakes  forgetting to change the maintenance window or selecting the wrong date! oops!

If you search for Patch Tuesday server maintenance scripts in google you’ll find a whole lot of different solutions as this is a common problem. Here’s my the way I found to make it  work.

Step 1: Create your Collection Variables.

First, of everyone should have a “Dev” or “Test” patch group. This should have a good mix of servers. I encourage my application owners that have production applications to add at least one of their applications servers into this group.

When you create this collection I set a variable called “NumDaysAfterPatchTuesday) I know its long but it’s pretty clear what it’s for :).  We patch our DEV collection the weekend after Patch Tuesday so 4 days after patch Tuesday, production servers are then patched the weekend afterward, 11 days after patch Tuesday.


Step 2.. run the update script on the first of the month.

In the script you feed it a list of your Update Group collection ID’s  It then gets the “NumDaysAfterPatchTuesday” , Current maintenance window name and times. After determining the current patch Tuesday it will use these variables to create a new one.