In the last couple of weeks I’ve been working a lot with Citrix Lifecycle Management. I’m happy to see that more and more blueprints are getting shared by Citrix, vendors and the community.
The only thing I’m missing is for Community people like myself to share scripts and blueprints in Citrix Lifecycle Management. Until then, here we go!
Update 10/10/2015: I’m the first private person authorized to publish Blueprints to the Community Catalog. Now you don’t need to add my custom script, just add my Blueprint from the Catalog and the WSUS Server will install and configure itfself.
When you deploy a PoC you most certainly have a WSUS server in your Datacenter that you can leverage, but what if you want to setup a completly isolated PoC environment? What if you want to run it in Amazon or Azure without a VPN connection to your Datacenter?
How are you going to run a proper LoginVSI test without the Recommended Hotfixes for XenApp 7.x and Available Updates for Remote Desktop Services in Windows Server 2012 R2?
The following script is ripped out of my Automation Framework which does install and configure WSUS automatically as part of my Framework.
The nice thing is that you can use it anywhere you want, as standalone or integrated in any kind of OSD solution.
What I’ve done is to customize it too make sure it works perfectly with Citrix Lifecycle Managment and also provide some extra logging features.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 |
# PowerShell Wrapper for MDT, Standalone, Chocolatey and LifeCycle Management - (C)2015 xenappblog.com # Example 1: Start-Process "XenDesktopServerSetup.exe" -ArgumentList $unattendedArgs -Wait -Passthru # Example 2 Powershell: Start-Process powershell.exe -ExecutionPolicy bypass -file $Destination # Example 3 EXE (Always use ' '): # $UnattendedArgs='/qn' # (Start-Process "$PackageName.$InstallerType" $UnattendedArgs -Wait -Passthru).ExitCode # Example 4 MSI (Always use " "): # $UnattendedArgs = "/i $PackageName.$InstallerType ALLUSERS=1 /qn /liewa $LogApp" # (Start-Process msiexec.exe -ArgumentList $UnattendedArgs -Wait -Passthru).ExitCode Write-Verbose "Setting Arguments" -Verbose $startDTM = (Get-Date) $Vendor = "Microsoft" $Product = "KB Hotfixes" $LogPS = "${env:SystemRoot}" + "\Temp\$Vendor $Product PS Wrapper.log" $url = "http://download.microsoft.com/download/3/a/e/3aeb7a63-ade6-48c2-9b6a-d3b6bed17fe9/ReportViewer.exe" $TempDir = "${env:SystemRoot}" + "\Temp\" $output = "$TempDir\ReportViewer.exe" Start-Transcript $LogPS Write-Verbose "Install .NET 3.5 and WSUS" -Verbose Install-WindowsFeature -name NET-Framework-Core Install-WindowsFeature -Name UpdateServices -IncludeManagementTools Write-Verbose "Downloading Microsoft Report Viewer 2008 SP1...please wait" -Verbose $wc = New-Object System.Net.WebClient $wc.DownloadFile($url, $output) Write-Verbose "Installing Microsoft Report Viewer 2008 SP1..." -Verbose Start-Process "$TempDir\ReportViewer.exe" -verb RunAs -ArgumentList '/q' -Wait -PassThru Write-Verbose "Configure WSUS Content Directory" New-Item -Path $env:SystemDrive\WSUS -ItemType Directory -Force sl "C:\Program Files\Update Services\Tools" .\wsusutil.exe postinstall CONTENT_DIR=C:\WSUS Write-Verbose "Get WSUS Server Object" -Verbose $wsus = Get-WSUSServer Write-Verbose "Connect to WSUS server configuration" -Verbose $wsusConfig = $wsus.GetConfiguration() Write-Verbose "Set to download updates from Microsoft Updates" -Verbose Set-WsusServerSynchronization -SyncFromMU Write-Verbose "Set Update Languages to English and save configuration settings" -Verbose $wsusConfig.AllUpdateLanguagesEnabled = $false $wsusConfig.SetEnabledUpdateLanguages("en") $wsusConfig.Save() Write-Verbose "Get WSUS Subscription and perform initial synchronization to get latest categories" -Verbose $subscription = $wsus.GetSubscription() $subscription.StartSynchronizationForCategoryOnly() While ($subscription.GetSynchronizationStatus() -ne 'NotProcessing') { Write-Host "." -NoNewline Start-Sleep -Seconds 5 } Write-Verbose "Sync is done" -Verbose Write-Verbose "Disable Products" -Verbose Get-WsusServer | Get-WsusProduct | Where-Object -FilterScript { $_.product.title -match "Office" } | Set-WsusProduct -Disable Get-WsusServer | Get-WsusProduct | Where-Object -FilterScript { $_.product.title -match "Windows" } | Set-WsusProduct -Disable Write-Verbose "Enable Products" -Verbose Get-WsusServer | Get-WsusProduct | Where-Object -FilterScript { $_.product.title -match "Windows Server 2012 R2" } | Set-WsusProduct Write-Verbose "Configure the Classifications" -Verbose Get-WsusClassification | Where-Object { $_.Classification.Title -in ( 'Critical Updates', 'Definition Updates', 'Feature Packs', 'Security Updates', 'Service Packs', 'Update Rollups', 'Updates') } | Set-WsusClassification Write-Verbose "Configure Synchronizations" -Verbose $subscription.SynchronizeAutomatically=$true Write-Verbose "Set synchronization scheduled for midnight each night" -Verbose $subscription.SynchronizeAutomaticallyTimeOfDay= (New-TimeSpan -Hours 0) $subscription.NumberOfSynchronizationsPerDay=1 $subscription.Save() Write-Verbose "Kick Off Synchronization" -Verbose $subscription.StartSynchronization() Write-Verbose "Monitor Progress of Synchronisation" -Verbose Start-Sleep -Seconds 60 # Wait for sync to start before monitoring while ($subscription.GetSynchronizationProgress().ProcessedItems -ne $subscription.GetSynchronizationProgress().TotalItems) { #$subscription.GetSynchronizationProgress().ProcessedItems * 100/($subscription.GetSynchronizationProgress().TotalItems) Start-Sleep -Seconds 5 } #Change server name and port number and $True if it is on SSL $Computer = $env:COMPUTERNAME [String]$updateServer1 = $Computer [Boolean]$useSecureConnection = $False [Int32]$portNumber = 8530 Write-Verbose "Load .NET assembly" -Verbose [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") $count = 0 Write-Verbose "Connect to WSUS Server" -Verbose $updateServer = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($updateServer1,$useSecureConnection,$portNumber) Write-Verbose "Connected successfully" -Verbose $updatescope = New-Object Microsoft.UpdateServices.Administration.UpdateScope $u=$updateServer.GetUpdates($updatescope ) foreach ($u1 in $u ) { if ($u1.IsSuperseded -eq 'True') { $u1.Decline() $count=$count + 1 } } Write-Verbose "Total Declined Updates : $count" -Verbose trap { write-host "Error Occurred" write-host "Exception Message: " write-host $_.Exception.Message write-host $_.Exception.StackTrace exit } Write-Verbose "Configure Default Approval Rule" -Verbose [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") $rule = $wsus.GetInstallApprovalRules() | Where { $_.Name -eq "Default Automatic Approval Rule"} $class = $wsus.GetUpdateClassifications() | ? {$_.Title -In ( 'Critical Updates', 'Definition Updates', 'Feature Packs', 'Security Updates', 'Service Packs', 'Update Rollups', 'Updates')} $class_coll = New-Object Microsoft.UpdateServices.Administration.UpdateClassificationCollection $class_coll.AddRange($class) $rule.SetUpdateClassifications($class_coll) $rule.Enabled = $True $rule.Save() Write-Verbose "Run Default Approval Rule" -Verbose $rule.ApplyRule() Write-Verbose "Stop logging" -Verbose $EndDTM = (Get-Date) Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalSeconds) Seconds" -Verbose Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalMinutes) Minutes" -Verbose Stop-Transcript |
Detailed logging.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
VERBOSE: Get WSUS Server Object VERBOSE: Connect to WSUS server configuration VERBOSE: Set to download updates from Microsoft Updates The Update Server was successfully configured with the following parameters: Synchronize from Microsoft Update VERBOSE: Set Update Languages to English and save configuration settings VERBOSE: Get WSUS Subscription and perform initial synchronization to get latest categories VERBOSE: Sync is done VERBOSE: Disable Products VERBOSE: Enable Products VERBOSE: Configure the Classifications VERBOSE: Configure Synchronizations VERBOSE: Set synchronization scheduled for midnight each night VERBOSE: Kick Off Synchronization VERBOSE: Monitor Progress of Synchronisation VERBOSE: Load .NET assembly VERBOSE: Connect to WSUS Server VERBOSE: Connected successfully VERBOSE: Total Declined Updates : 174 VERBOSE: Configure Default Approval Rule VERBOSE: Run Default Approval Rule |
Automatically download and install ReportViewer.
Automatically decline superseded updates.
Automatically configure Products and Classifications.
Configure and run Automatic Approvals.
And that’s how you Perform WSUS Installation using PowerShell.
hi Trond,
I stumbled upon your blog and noticed your comment about not being able to share your Blueprints. Just wanted to let you know that you could publish your Blueprint to the Catalog (provided you are authorized to do so). Please reach out to me if you are interested in doing so. I can put you in touch with the right people in Citrix.
btw, I am part of the CLM Engineering team.
– Jay