Windows – Scheduled task based on Microsoft patch release cycle

I have a simple powershell script which unapproves all patches based on computer group name in WSUS which works great.

All of our servers patch on a specific Day/Week/Time starting on Week0-Wednesday which would be the Wednesday after Microsoft Patch Tuesday (2nd Tuesday of every month) all the way to Week3-Sunday. This obviously causes problems as sometimes not all patches get applied in one reboot cycle, and then will install patches the following week during their group policy scheduled patching day/time which is what I'm trying to prevent.

My question is I'm trying to schedule my script to run based on this schedule and I am finding it next to impossible using Windows Task Scheduler. For instance if I wanted something to always run on the 4th Monday after Microsoft Patch Tuesday, I cant always use the task scheduler option "4th Monday of the Month"

Has anyone run into a similar situation, or know of any task scheduling tools which give you more flexibility than Windows Task Scheduler?

Best Answer

This would be pretty complicated, but might work. You need a combination scheduled tasks & scripts.

Run a task on patch Tuesday that and sets a flag file in a particular directory with the contents set to "0"
Every Monday run a script that looks for the flag file
- If the flag file is found read it and add 1 to the value found
- If the flag file is 3 (the 4th week), delete the flag file & run the update script

You could do this by renaming the file instead of edit the contents

Best Answer

Related Solutions

Windows – How to schedule a task for multiple days of a month using schtasks.exe

Windows – How to get a scheduled task to run for a user regardless of which computer the user is logged onto

Related Topic