-
Notifications
You must be signed in to change notification settings - Fork 23
/
check_windows_updates_with_report_from_wsus.yml
executable file
·136 lines (118 loc) · 4.99 KB
/
check_windows_updates_with_report_from_wsus.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
- name: check Windows Updates
hosts: '*windows_target'
vars:
wsus_server: 192.168.1.36
win_update_category_names:
- CriticalUpdates
- DefinitionUpdates
- SecurityUpdates
- UpdateRollups
- Updates
roles:
- configure-update
tasks:
- name: find computer sus update id (1/2)
win_reg_stat:
path: HKLM:\SOFTWARE\Microsoft\Windows\Currentversion\WindowsUpdate
name: SusClientId
register: reg_sus_client_id
- name: register with WSUS server
win_shell: 'wuauclt.exe /resetauthorization /detectnow'
when: reg_sus_client_id.value is undefined
- name: restart update service
win_service:
name: wuauserv
state: restarted
- name: check for available updates
win_updates:
category_names: "{{ win_update_category_names }}"
state: searched
- name: find computer sus update id (2/2)
win_reg_stat:
path: HKLM:\SOFTWARE\Microsoft\Windows\Currentversion\WindowsUpdate
name: SusClientId
register: reg_sus_client_id
until: reg_sus_client_id.value is defined
delay: 5
retries: 60
- name: set sus client id
set_fact:
sus_client_id: "{{ reg_sus_client_id.value }}"
- debug:
msg: "{{ sus_client_id }}"
- name: missing updates from wsus
win_shell: |
[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | Out-Null
$wsus = $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer("{{ wsus_server }}",$False,8530)
$updateScope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
$updateScope.IncludedInstallationStates = 'Downloaded','NotInstalled'
$Comp = $wsus.GetComputerTarget("{{ sus_client_id }}")
$updates = $Comp
$availableUpdatesReport = @()
$availableUpdatesReport += $Comp.GetUpdateInstallationInfoPerUpdate($updateScope) | ForEach {
$update = $_.GetUpdate()
[pscustomobject]@{
title = $update.Title
UpdateInstallationStatus = $update.UpdateInstallationState
IsApproved = $update.IsApproved
PatchReleaseDate = $update.CreationDate
kb = "KB"+($update.KnowledgebaseArticles)
Severity = $update.MsrcSeverity
}
}
ConvertTo-Json @($availableUpdatesReport)
register: available_updates_report
delegate_to: "{{ wsus_server }}"
- name: show available updates report
debug:
msg: "{{ available_updates_report.stdout }}"
- name: set available_updates variable
set_fact:
available_updates:
found_update_count: '{{ (available_updates_report.stdout | from_json | list if available_updates_report.stdout | length > 0 else []) | length | int }}'
updates: '{{ available_updates_report.stdout | from_json | list if available_updates_report.stdout | length > 0 else [] }}'
- name: show available_updates
debug:
msg: "{{ available_updates }}"
- name: installed updates from wsus
win_shell: |
[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | Out-Null
$wsus = $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer("{{ wsus_server }}",$False,8530)
$updateScope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
$updateScope.IncludedInstallationStates = 'Installed'
$Comp = $wsus.GetComputerTarget("{{ sus_client_id }}")
$updates = $Comp
$installedUpdatesReport = @()
$installedUpdatesReport += $Comp.GetUpdateInstallationInfoPerUpdate($updateScope) | ForEach {
$update = $_.GetUpdate()
[pscustomobject]@{
title = $update.Title
UpdateInstallationStatus = $update.UpdateInstallationState
IsApproved = $update.IsApproved
PatchReleaseDate = $update.CreationDate
kb = "KB"+($update.KnowledgebaseArticles)
Severity = $update.MsrcSeverity
}
}
ConvertTo-Json @($installedUpdatesReport)
register: installed_updates_report
delegate_to: "{{ wsus_server }}"
- name: show installed updates report
debug:
msg: "{{ installed_updates_report }}"
- name: set installed_updates variable
set_fact:
installed_updates:
found_update_count: '{{ (installed_updates_report.stdout | from_json | list if installed_updates_report.stdout | length > 0 else []) | length | int }}'
updates: '{{ installed_updates_report.stdout | from_json | list if installed_updates_report.stdout | length > 0 else [] }}'
- name: show installed_updates
debug:
msg: "{{ installed_updates }}"
- name: generate report
hosts: '*windows_target'
gather_facts: no
tasks:
- name: generate html report
include_role:
name: generate-update-report-from-wsus
run_once: yes