You like server core, I know, I like it to sometimes, especially when there is a domain environment present and you can centralize everything. In a domain environment you can build up a WSUS server in a couple of minutes then use Group Policy to configure the clients to get all the patches from the WSUS server. And you do this from a single computer, your technician computer, but there are networks out there that have just a few servers, and some of them are installed without a GUI, and now the patching process just got a little bit complicated. Patching the core edition of Windows server can be done in multiple ways, and the most popular one is using the built-in server configuration menu.
By typing sconfig in the command prompt it will open the menu where you can do a lot of server configurations.
Right now we are interested to just update the server, so press 6 then Enter.
This will open another window where you need to chose what type of updates you want the tool to check for. If you want to check only for recommended updates go ahead and press R, but I I usually go for all. It’s up to you.
Checking for updates will take a few minutes and at the end you will be presented will all the available updates that apply to the server. Also, you can choose to revoke the operation and not install any updates, install just a single one or install all.
After all the updates were installed you will be asked to reboot the server, so click Yes on the message box button to do so. And that’s it ! Server is patched.
Another way to check for updates and install them is to use a tool like Core Configurator for 2008 R2 or Corefig for Windows server 2012/R2. Just mount the ISO (if you are using the ISO version of the utility not the ZIP one) and run Start_Corefig.wsf or Start_Coreconfig.wsf depending on which of the two utilities are you using.
As you can see, you can change a lot of settings in the OS using this tool, but since we are interested in updates only, click the Control Panel button then Windows Updates.
In the new window that opens click the Check for Updates menu then hit Download updates.
A list of them available for the server will be presented after a few minutes. Check the one(s) you want to install and click the Install Updates button.
After installation you are asked to reboot the server. Click the Restart Now button to do so. After reboot the server will be fully patched containing all the security and critical updates.
This tools is great because you have a nice GUI where you can see all the updates, but there are situations where you can’t run it. Maybe a high security environment, or the server does not have a DVD drive, or something. Plus, during my testing I noticed that installing updates using it takes way more time than using the built in method presented at the beginning of the article.
Manually installing updates takes a lot of time and needs a lot of work, plus you don’t have reporting. Just as a hint, if you have a spare server somewhere, go ahead and install WSUS on it and configure your workgroup clients to get all the updates from that WSUS server. It will be much easier since everything after that happens automatically.
Want content like this delivered right to your