Patching 20-30 Windows VMs on My Laptop

Discussion in 'Virtualized Computing' started by atreidesgoldenpath, Jul 20, 2017.

  1. atreidesgoldenpath

    atreidesgoldenpath Limp Gawd

    Messages:
    395
    Joined:
    Jul 20, 2008
    So, I keep around 20-30 Windows VMs on my laptop.
    I use VMWare Workstation.

    What technique or tool do you use to keep your monthly patches up?

    Right now I am booting each one up and connecting it to the Internet to check for patches.

    It sucks. I know there's a better way.

    What is it?

    Thanks!
     
  2. st4rk

    st4rk Gawd

    Messages:
    728
    Joined:
    Sep 19, 2003
    Domain + WSUS + GPOs.
     
  3. Eickst

    Eickst [H]ard|Gawd

    Messages:
    1,456
    Joined:
    Aug 24, 2005
    You don't even need the domain or GPO's, registry entry for auto update pointing to the location of the wsus server will work
     
    REDYOUCH likes this.
  4. bman212121

    bman212121 [H]ard|Gawd

    Messages:
    1,036
    Joined:
    Aug 18, 2011
    Not have 20 - 30 VMs?

    Are these persistent VMs that are always kept, or are they really just throw aways that you're cycling through? If you are just creating a VM, using it for a bit, then discarding it, you might want to look into linked clones. You can basically take 1 VM you create, and snapshot it and roll that into it's own VM. From that point on you'll still have to individually patch it from that point on.

    If you actually have a full labs worth of VMs all on one laptop that just need to have, then setting up a WSUS server is definitely going to be the best bet. Not because it's going to make patching easier (It really won't) but because it will save time and bandwidth because everything will download a lot faster. I'd probably entertain some type of startup script on your pcs to call wuauclt /detectnow when you power on the VM. That way it will basically force the VM to check for updates when it's powered on. Since there is no way you're powering them all on at once just go ahead and set updates to automatic. If it tries to detect updates when you power on, automatic should try to install them and reboot the VM for you.

    I'm not really even sure what kind of workflow you have to try to make this happen honestly. Even if you automate the installation of updates, you still are going to be manually powering on and turning off all of these VMs and having to wait while they try to install in the background.
     
  5. st4rk

    st4rk Gawd

    Messages:
    728
    Joined:
    Sep 19, 2003
    A domain is incredibly easy to set up and can add further customization on the fly for 20-40 vms.

    If they remained in workgroups, then yeah, you could easily powershell the entire WSUS setup and configuration to all the vms.
     
  6. Cmustang87

    Cmustang87 2[H]4U

    Messages:
    3,995
    Joined:
    Oct 4, 2007
    If you don't have a domain or don't feel like messing with it... use WSUS Offline Updater and place a shortcut to the batch file to update systems on startup... or just run the batch normally.
     
    Cerulean likes this.
  7. ChristmasGT

    ChristmasGT Limp Gawd

    Messages:
    335
    Joined:
    Oct 17, 2007
    Batchpatch, it's super super awesome!
     
    Cerulean likes this.
  8. REDYOUCH

    REDYOUCH [H]ardness Supreme

    Messages:
    4,520
    Joined:
    Mar 17, 2001
    It's not that great once you get past around 50 VM's.
     
  9. REDYOUCH

    REDYOUCH [H]ardness Supreme

    Messages:
    4,520
    Joined:
    Mar 17, 2001
    I'd recommend that the OP simply configure the patching policies via GPEDIT on one machine and then export/import the appropriate registry keys to all other systems. You can even add this to your VM template so you don't need to deal with it in the future.