How can I automate Windows patching on desktop images and session hosts?
Keeping your Windows environment up to date is critical for security, stability, and performance. However, manual patching can be time-consuming, prone to human error, and disruptive. Automating Windows patching in Nerdio Manager ensures that your environments remain secure and compliant, while reducing administrative overhead.
Automated patching provides the following key benefits:
Security and compliance: Protects against vulnerabilities and ensures regulatory compliance.
Operational efficiency: Frees IT teams from manual patching across multiple environments, allowing them to focus on strategic tasks instead.
Consistency and reliability: Eliminates human error and ensures timely desktop updates.
Minimized downtime: Allows scheduled updates to control when patches are applied, reducing user disruptions.
Using Nerdio Manager’s built-in automation capabilities, you can schedule and manage Windows patching to ensure a seamless and optimized desktop experience.
You can set up automated Windows patching on either your desktop images or directly on your session hosts. Consider the following methods to automate the process:
Method 1: Automate Windows patching on desktop images and re-image hosts
You can automate Windows patching on desktop images and re-imaging of your hosts with the updated image version. For this, create schedules for the following tasks:
Step 1: Schedule Windows patching on a desktop image
Use Nerdio Manager's Scripted Actions to schedule Windows patching on desktop images.
To schedule Windows patching on a desktop image:
Navigate to Desktop images.
Locate the desktop image where you want to schedule Windows patching, and from the action menu next to it, select Run script.
In the new dialog box, select the calendar icon to create a schedule.
-
On the New schedule tab, provide the following information:
-
Run the following Scripted actions on desktop image [your image name]: From the drop-down list, select one of the following options to match the OS of the desktop image:
Update Windows 10
Update Windows 11
Restart VM after script execution: (Optional) Select this option if Windows patching requires a reboot after installation.
-
In the Schedule section:
Name: Enter a name for the Windows patching schedule.
Description: (Optional) Provide the schedule description.
Start date: Either keep the start date as today's date or choose a future date for the schedule to begin.
Time zone: Select your desired time zone. It should match the desktop image's VM time zone.
Start time: Select the start time for the Windows patching process.
-
Repeat: From the drop-down list, select your desired repeat option.
Note:
For scheduling Windows patching, we recommend selecting Monthly after “Patch Tuesday”. This option schedules updates based on Microsoft's "Patch Tuesday", which occurs on the second Tuesday of each month.
When this option is selected, the Days after field is displayed.
Days after: Specify the number of days after "Patch Tuesday" to run the task on a monthly basis. For example, if you specify 2 days, Windows patching will run two days after "Patch Tuesday".
-
Once you have entered all the desired information, select Save & close.
The Run Script settings are saved and will be executed according to the schedule you set. Next, you need to schedule creating a new desktop image version to re-image your session hosts with.
Step 2: Schedule creating a new image version
Schedule a task to create a new image version to re-image your session hosts with. In Nerdio Manager, use the Set as image feature to accomplish this.
Note: The Set as image task should be scheduled to run after the desktop image is patched.
To schedule the Set as image task:
Navigate to Desktop images.
Locate the desktop image for which you scheduled Windows patching, and from the action menu next to it, select Set as image.
In the new dialog box, enable the Schedule option.
-
Provide the following information:
Name: Enter a name for the Set as image schedule.
Description: (Optional) Provide the schedule description.
Start date: Either keep the start date as today's date or choose a future date for the schedule to begin.
Time zone: Select your desired time zone. It should match the desktop image's VM time zone.
-
Start time: Select the start time for the Set as image process.
Note: The start time must be set after the image has been patched.
-
Repeat: From the drop-down list, select your desired repeat option.
Note:
For scheduling the Set as image task, we recommend selecting Monthly after “Patch Tuesday”. This option schedules updates based on Microsoft's "Patch Tuesday", which occurs on the second Tuesday of each month.
When this option is selected, the Days after field is displayed.
-
Days after: Specify the number of days after "Patch Tuesday" to run the Set as image task on a monthly basis, for example, specify 3 days.
Important: If you scheduled Windows patching to run 2 days after "Patch Tuesday" (see Step 1: Schedule Windows patching on a desktop image), the Set as image task should run after patching is complete, typically on the following day.
-
Stage new image as inactive: Select this option to create the new image version without setting it as active. Any existing configurations continue using the current version of the image.
Tip: To activate the new version, locate the desktop image, and from the action menu next to it, select Activate staged image.
Activate staged image after: (Optional) Enable this option to automatically activate the image a number of days after staging. This triggers an image update for any linked host pools.
Change log: (Optional) Describe the changes you made to the desktop image.
Apply tags: (Optional) Expand this section and select Azure tags to apply.
Once you have entered all the desired information, select Save & close.
The Set as an image settings are saved and will be executed according to the schedule you set. You can now create a schedule to re-image your host pools with the updated image.
Step 3: Schedule session hosts re-imaging with the updated image
Once you have scheduled the Set as image task for your desktop image, schedule applying the new image version to your session hosts.
Note: The host re-imaging task should be scheduled to run after the Set as image task is complete.
To schedule session hosts re-imaging with the updated image:
Navigate to Workspaces and select the necessary workspace.
Locate the host pool for which you wish to schedule hosts re-imaging, and from the Manage Hosts action menu, select Hosts > Resize/Re-image.
In the new dialog box, select the calendar icon to create a schedule.
-
On the New schedule tab, provide the following information:
Desktop image: Select the updated desktop image version.
-
Process hosts in groups of: Either keep this option at the default of 1, or change to your preference.
This option determines the number of concurrent operations when performing the bulk action.
Note: Increasing the number can speed up the process, but a high concurrency level may lead to multiple hosts encountering errors if an issue occurs in Azure.
-
Number of failures before aborting: Either keep this option at the default of 1, or change to your preference.
This option determines how many failures are allowed before the process stops. Adjusting this setting can help prevent an Azure issue from affecting all session hosts and disrupting user access.
-
In the Schedule section:
Name: Enter a name for the hosts re-imaging schedule.
Description: (Optional) Provide the schedule description.
Start date: Either keep the start date as today's date or choose a future date for the schedule to begin.
Time zone: Select your desired time zone. It should match the VMs time zone.
Start time: Select the start time for the hosts re-imaging process.
-
Repeat: From the drop-down list, select your desired repeat option.
Note:
For scheduling hosts re-imaging, we recommend selecting Monthly after “Patch Tuesday”. This option schedules updates based on Microsoft's "Patch Tuesday", which occurs on the second Tuesday of each month.
When this option is selected, the Days after field is displayed.
-
Days after: Specify the number of days after "Patch Tuesday" to run the task on a monthly basis. For example, if you specify 4 days, hosts re-imaging will run four days after "Patch Tuesday".
Important! Hosts re-imaging should run once the image patching and the Set as image tasks are complete. See previous steps for details.
Once you have entered all the desired information, select Save & close.
The hosts Resize/Re-image settings are saved and will be executed according to the schedule you set.
Method 2: Automate Windows patching on session hosts
You can schedule Windows patching to run directly on session hosts.
To schedule Windows patching for session hosts:
Navigate to Workspaces and select the necessary workspace.
Locate the host pool for which you wish to schedule Windows patching, and from the Manage Hosts action menu, select Hosts > Run script.
In the new dialog box, select the calendar icon to create a schedule.
-
On the New schedule tab, provide the following information:
-
Run the following Scripted actions on all VMs in [your pool name]: From the drop-down list, select one of the following options to match the OS of the desktop image:
Update Windows 10
Update Windows 11
Restart VM after script execution: (Optional) Select this option if Windows patching requires a reboot after installation.
Exclude non-running hosts: (Optional) Select this option to exclude hosts which are deallocated, shut down, or in the process of shutting down.
-
Process hosts in groups of: Either keep this option at the default of 1, or change to your preference.
This option determines the number of concurrent operations when performing the bulk action.
Note: Increasing the number can speed up the process, but a high concurrency level may lead to multiple hosts encountering errors if an issue occurs in Azure.
-
Number of failures before aborting: Either keep this option at the default of 1, or change to your preference.
This option determines how many failures are allowed before the process stops. Adjusting this setting can help prevent an Azure issue from affecting all session hosts and disrupting user access.
-
Messaging: (Optional) Enable this option to notify users that are active on the session host before the task runs.
Delay: Specify the delay in minutes (default: 10 minutes). This determines how long to wait after sending the message and setting the host to drain mode before proceeding with the operation.
Message: Either use the default message or enter a custom one.
-
In the Schedule section:
Name: Enter a name for the Windows patching schedule.
Description: (Optional) Provide the schedule description.
Start date: Either keep the start date as today's date or choose a future date for the schedule to begin.
Time zone: Select your desired time zone. It should match the VMs time zone.
Start time: Select the start time for the hosts re-imaging process.
-
Repeat: From the drop-down list, select your desired repeat option.
Note:
For scheduling Windows patching, we recommend selecting Monthly after “Patch Tuesday”. This option schedules updates based on Microsoft's "Patch Tuesday", which occurs on the second Tuesday of each month.
When this option is selected, the Days after field is displayed.
Days after: Specify the number of days after "Patch Tuesday" to run the task on a monthly basis. For example, if you specify 2 days, Windows patching will run two days after "Patch Tuesday".
-
Once you have entered all the desired information, select Save & close.
The Run Script settings are saved and will be executed according to the schedule you set.
Comments (0 comments)