There is an simple method to help keep your PC safer and running smoothly – I mean by using Windows Update of course. All you have to do is turn it on, and you will get the latest security and other important updates from Microsoft automatically.
However, running it on a mission critical server is the last thing you want. You do not get a chance to evaluate updates before installing them, nor are you protected when Windows Update decides it’s time to reboot. What if it reboots in the middle of your latest backup, for example? Most people set updates and backups in the same early hours of the morning to avoid disruption. So in the majority of cases, administrators often disable automatic updating all together. We all make plans to check updates on a regular basis and install them within a reasonable time frame, but the best-laid plans of mice and men….
And before you know it there are potentially hundreds of critical updates waiting to be installed. Mainly security updates – meaning your servers are susceptible.
So we created a LogicModule, CriticalUpdateCheckPS, which checks your servers using Powershell for any available updates, and alerts you by email, text or voice using LogicMonitor.
In our first design, the time taken to establish a Microsoft Update Session and then interrogate it for updates was too long; scripts were tying up threads and using collector resources more rapidly than required. So back to the drawing board, and we wrote a script that runs locally on the servers, uses Task Scheduler to run once a day and which quizzes the update site for the number of critical updates and writes the number to a file stored on the server. Then we created the CriticalUpdateCheckPS DataSource with a much simpler script that simply logs onto the server being monitored for updates and reads the contents of the file written by the scheduled script. This allowed us to collect the data in seconds.
You can set your thresholds however you want we suggest > 5 10 20, so you get an warning alert on 5 or more, an error alert on 10 or more, a critical alert on 20 or more. But this is, of course, your choice.
An example alert is shown here:
- ID: LMD12345
- This server, APP013XYZ, has 17 outstanding critical updates to be installed.
By alerting you to the fact and reminding you, (a.k.a. nagging) you are more likely to deal with it.
The DataSource applies to any device that has a system category of “CheckUpdates”.
Using the CriticalUpdateCheckPS DataSource
Here’s how you’d use it in LogicMonitor:
- Navigate to the Devices tab.
- Navigate to the level that you want to set the property – the root level for your device tree, a group, or a device
- Click the Manage button for that group or device.
- From the Manage dialog box, you can change the value for a system category by clicking on the value field and adding CheckUpdates. It there are already values in there, remember to separate them with a comma.
- You will also need two new properties PS.USER and PS.PASS (credentials which allow you to run remote scripts in Powershell).
- Additionally you will need to deploy the local script, a folder (C:/LMCriticalUpdates) which contains the local script, and set it to run once per day.
Note: Your servers must be set for remote Powershell scripts as per LogicMonitor’s help page.