Creating a Patch Compliance Report for VMware and Windows using Powercli and Powershell
In my daily work managing a multi-tenant cloud I found that being able to provide documentation on patch management was very important. Through this post you will see the process I use to be able to provide the documentation that all our management servers and infrastructure is patch compliant. I will post a github link at the bottom of this post if you would like a copy of this script to use in your environment.
For this script to work it uses 3 different powershell modules. All these can be installed from the powershell gallery with the import-module command. The 3 modules are
I have not added any code to verify the modules are added as of today. So please be sure the modules have been added before using this script.
The only other advise I would give when using this script be sure to run it from a machine that has access to WSUS and vCenter, otherwise the script will not work.
Ok, lets get started going through the script.
The first part of the script will ask a series of questions to define variables. It will define the IP/Name of the WSUS, and vCenter. Then ask a few questions for the report creation. After the variables have been created it will make connections to WSUS and vCenter.
The next part of the script is the code for the report Title page and Table of Contents. This is all created using the PScribo powershell module.
The next section is the actual meat of the script. First the script will grab all the server details from the WSUS server and create a table with all the information. Next the script connects to the VMware Update manager and checks compliance for each baseline and creates a table with the information. The last section of this script will list some details of any missing patches for the ESXi host. I thought this was a good addition. This way I can see what if any patches were missing. I have the script creating a HTML and Word Document. After the script runs it will drop these files on your desktop. See the code below;
That is it for the script. Pretty short for all the details that are given. Below I will show some examples of the report.
Table of Contents Page
Windows Patches Page
VMware Baseline Compliance
Vmware Missing Patches
I also wanted to show a picture of the table if there were missing Windows patches
The here is one of the table if there were missing VMware patches
Here is a link the script in my github repo.