Automating the Update of Baselines in System Center Virtual Machine Manager

Recently I’ve seen a request that asked if there was a way to automate the update of a baseline in System Center Virtual Machine Manager. I then remembered that I actually did play around with this and wrote a PowerShell script a while back. Seeing that this might be a helpful to the community, I dug up the script to post on my blog. This specific script was in a SCVMM 2008 R2 environment. This has not been tested for SCVMM 2012, so I’m not exactly sure if this will port directly to SCVMM 2012.

As I try to recall the specifics of the environment that I used this script in, SCVMM had an update server specified, a baseline was configured, and the baseline was targeted to a specific host group. What this script does is gets the baseline and the host group and looks for the fifty (50) newest updates from the update server with classification of “Security Updates” and “Critical Updates” for Windows Server 2008 R2. These were the only classifications the customer was interested in and I chose to look up the newest 50 updates with the rational that there could never be more than 50 updates between each Patch Tuesday each month :-). Once I get the newest 50 updates, I then compare them to what is currently listed in the current baseline and then build an array with the difference. Which ever updates are not listed in the current baseline will get updated with the newest updates.

Try it out and let me know if there’s any questions. Again I developed this script a while ago and haven’t tested it recently.

Import-Module VirtualMachineManager

$ContosoBaseline = Get-SCBaseline | where { $_.Name -eq "Contoso Baseline" }
$ContosoHostGroup = Get-SCVMHostGroup | where { $_.Name -eq "Contoso Host Group" }

$baseline = Get-SCBaseline -ID $ContosoBaseline.ID

$addedUpdateList = @()
$scope = Get-SCVMHostGroup -Name $ContosoHostGroup.Name -ID $ContosoHostGroup.ID

$SCVMMJobGUID = [System.Guid]::NewGuid()

$ContosoLatestUpdates = Get-SCUpdate -Newest 50 | where { ($_.UpdateClassification -eq "Security Updates" -or $_.UpdateClassification -eq "Critical Updates") -and $_.Products -eq "Windows Server 2008 R2" }

# Nested For Loop needed to filter against existing updates to new updates and only add new updates to the $addedUpdateList
ForEach ($Update in $ContosoLatestUpdates)
      {
            ForEach ($ContosoUpdate in $ContosoBaseline)
        {
            If ($Update -eq $ContosoUpdate)
             {
                $UpdateExistsInBaseline = $True   
             }
            Else
             {
                $UpdateExistsInBaseline = $False
             }
        }

        If (!$UpdateExistsInBaseline)
         {
                $addedUpdateList += Get-SCUpdate -ID $Update.ID
                }

      }

Set-SCBaseline -Baseline $baseline -AddAssignmentScope $scope -JobGroup $SCVMMJobGUID.ToString() -RunAsynchronously

Set-SCBaseline -Baseline $baseline -Name $ContosoBaseline.Name.ToString() -RunAsynchronously -AddUpdates $addedUpdateList -JobGroup $SCVMMJobGUID.ToString() -StartNow