Author Posts

November 9, 2015 at 10:04 am

I wish to use DSC to apply all the required windows security patches. From the examples I have seen I have two issues I do not understand.
1. The MS Windows update site or WSUS determines which hotfixes are required for a given node so I'm not sure how this deterministic logic can be incorporated in a DSC node.
2. Does anyone have an example on leveraging WSUS for DSC based hotfixing?

Example using local path.
Configuration DownloadHotfixFromPath {
xHotfix m1 {
Path = "c:\WindowsBlue-KB2937982-x64.msu"
Id = "KB2937982"
Ensure="Present"
}
}

November 13, 2015 at 11:45 am

DSC isn't meant to be a replacement for Windows Update. The best use of DSC would be to ensure that Windows Update was correctly configured – and then letting Windows Update do its thing. You're correct in that DSC doesn't implement any of the logic in WSUS.

DSC's not supposed to replace all the other tooling – you're meant to use DSC to make sure those other tools are set up the way you want.

November 13, 2015 at 12:47 pm

That makes sense but what value does the DSC module xWindowsUpdate have?

November 13, 2015 at 12:51 pm

It's an open-source module. Open it up in the ISE and have a look at its parameters ;).