Skip to main content

POSH for adding Security Updates to a Software Update Group in CM12

Ever used ADRs (Automatic Deployment Rules) functionality in CM12?  Use it!  Granted, the search engine in there could use some work, but it's probably the best feature that was added in CM12!   I have to give my buddy Mason credit for this, for he has a lot to do with this addition :).

Anyway, we leverage ADRs in our environment for simply downloading the Monthly patches. Then we just turn around and add these downloaded patches to our Monthly patching groups with a deployment set to it. Well ok, we’ve automated the monthly downloads, now I kind of wanted to automate the group membership addition step here, for managing and patching our own servers. Well, how do we do that without having to recreate the patch deployment to our servers or kicking off the patch installs on our servers right away and impacting them?   Granted we have maintenance windows set for them, but we still wanted to tightly control this process and set the deployment deadline time appropriately in the future. So the answer is, we set the Update deployment to our Pilot collection first (to avoid impact), then add the newly downloaded patches from the ADRs to our group. Then modify the existing deployment’s deadline time later when pilot servers are validated.

So the POSH script below is what I had put together for this process.   So after the ADRs are done downloading, intent is to run this script and here’s what it does:

  1. Loads the CM12 PS module and connects to the CAS
  2. Sets or points the existing deployment to our pilot collection
  3. Then it grabs the downloaded updates from the ADR groups, and add them to our Software Update Group

NOTE: You can change that Pilot collection to an Empty collection, for added safety measures.  And this also ensures that itanium updates are not added. For every now and then, those clowns get added in our group somehow. So this should avoid that. Oh, this would also go hand in hand with my other script/posting “Posh to remove expired and/or superseded updates from a CM12 Software Update Group”.

Use it at your own risk! :)

CMCB, PowerShell

  • Created on .