Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Virtualization / VMWare / Updating Windows VM Templates on VMWare with PowerShell

April 5, 2021 PowerShellVirtualizationVMWareWindows Server 2016

Updating Windows VM Templates on VMWare with PowerShell

To deploy new virtual machines in VMWare, VM templates are typically used. A VMWare VM template is a reference virtual machine copy with the configured settings, installed software and security updates. An administrator needs to regularly update the VM template to keep it up-to-date: install new Windows security updates (at least once a month), update system and application apps, update antivirus definitions, etc.

The update process of a VM template on VMWare consists of the following stages:

  1. A template from the Content Library is converted to a virtual machine.;
  2. After starting it, an administrator logs on, installs approved Windows updates using WSUS, updates the required software;
  3. After the updates have been installed, the VM is restarted, then turned of and converted back to the template.

In this article we will show how to install Windows updates to a VMWare virtual machine template automatically without doing anything manually.

For VMWare virtual machines, you won’t be able to directly use the methods of integrating updates into a Windows image that are used for stand-alone images or distros.

You can use PowerCLI to install updates to a Windows virtual machine. We assume that the VMWare tools, PowerShell version 4 (or newer), and the PSWindowsUpdate module are installed in the virtual machine template. Running PowerShell scripts must be allowed in the guest OS by the script execution policy.

The PowerCLI script below will help you to automatically convert a VMWare template into a VM and install security updates from WSUS:

# Import the PowerCLI module
Import-Module VMware.VimAutomation.Core -ErrorAction SilentlyContinue
# Connect to vCenter
connect-viserver de-vcenter1
$TeplateVMName="Win2016StdTemplate"
# Convert a template to a VM
Set-Template -Template $TeplateVMName -ToVM -Confirm:$false –RunAsync
# Make a 60 seconds delay
Start-sleep -s 60
# Start the virtual machine
Start-VM -VM $TeplateVMName | Get-VMQuestion | Set-VMQuestion -DefaultOption -Confirm:$false
Start-sleep -s 120
# Get an administrator credentials from an encrypted file (if you do not want to keep the password in the PS script in clear text)
$adminname = "administrator"
$Pwd = Get-Content c:\Scripts\VMWare\vm_admin_passfile.txt | ConvertTo-SecureString $
cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $adminname, $Pwd
# Run the command to install all available updates in the guest OS using VMWare Tools (the update installation log is saved to a file: C:\temp\Update.log)

It is supposed that the VM is located in a virtual network where it can get an IP address from a DHCP server. WSUS settings in a virtual machine are stored in the registry instead of deploying through a GPO.

Invoke-VMScript -ScriptType PowerShell -ScriptText "Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot" -VM $TeplateVMName -GuestCredential $Cred | Out-file -Filepath C:\temp\Update.log -Append
Start-sleep -s 1800
# Update VMTools version
Update-Tools -VM $TeplateVMName -NoReboot
# Clean up the WinSxS component store and optimize the image with DISM
Invoke-VMScript -ScriptType PowerShell -ScriptText "Dism.exe /Online /Cleanup-Image /StartComponentCleanup /ResetBase" -VM $TeplateVMName -GuestCredential $Cred
Start-sleep -s 1800
# Force restart the VM
Restart-VMGuest -VM $TeplateVMName -Confirm:$false
# Shut the VM down and convert it back to the template
Shutdown-VMGuest –VM $TeplateVMName -Confirm:$false –RunAsync
Start-sleep -s 180
Set-VM –VM $TeplateVMName -ToTemplate -Confirm:$false

How to automate monthly update Windows templates on VMWare using PowerShell script

You can add this PowerShell script to the Task Scheduler to automatically install updates to the template once a month a few days after Microsoft Patch Tuesday. Then if you deploy a new virtual machine from a VMWare template, you may be sure that the latest Microsoft security updates are installed in it.

0 comment
3
Facebook Twitter Google + Pinterest
previous post
Running Multiple IIS Websites on the Same Port or IP Address
next post
How to Create and Manage Scheduled Tasks with PowerShell?

Related Reading

Enable Windows Lock Screen after Inactivity via GPO

April 8, 2021

How to Create and Manage Scheduled Tasks with...

April 7, 2021

Running Multiple IIS Websites on the Same Port...

April 1, 2021

Can’t Copy and Paste via Remote Desktop (RDP)...

March 31, 2021

UAC: This App Has Been Blocked for Your...

March 30, 2021

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • How to Disable NetBIOS and LLMNR Protocols in Windows Using GPO?

    April 9, 2021
  • Enable Windows Lock Screen after Inactivity via GPO

    April 8, 2021
  • How to Create and Manage Scheduled Tasks with PowerShell?

    April 7, 2021
  • Updating Windows VM Templates on VMWare with PowerShell

    April 5, 2021
  • Running Multiple IIS Websites on the Same Port or IP Address

    April 1, 2021
  • Can’t Copy and Paste via Remote Desktop (RDP) Clipboard

    March 31, 2021
  • UAC: This App Has Been Blocked for Your Protection on Windows 10

    March 30, 2021
  • How to Unlock a File Locked by Any Process or SYSTEM?

    March 29, 2021
  • Configuring a Domain Password Policy in the Active Directory

    March 26, 2021
  • Using Native Package Manager (WinGet) on Windows 10

    March 24, 2021

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Find the Source of Account Lockouts in Active Directory domain?
  • How to Create a UEFI Bootable USB Drive to Install Windows 10 or 7?
  • Using PowerShell Behind a Proxy Server
  • How to Create a Self-Signed Certificate in Windows with PowerShell?
  • RDP Brute Force Protection with PowerShell and Windows Firewall Rules
  • Managing User Photos in Active Directory Using ThumbnailPhoto Attribute
  • Auditing Weak Passwords in Active Directory
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top