Patching 20-30 Windows VMs on My Laptop

Jul 20, 2008
So, I keep around 20-30 Windows VMs on my laptop.
I use VMWare Workstation.

What technique or tool do you use to keep your monthly patches up?

Right now I am booting each one up and connecting it to the Internet to check for patches.

It sucks. I know there's a better way.

What is it?

Not have 20 - 30 VMs?

Are these persistent VMs that are always kept, or are they really just throw aways that you're cycling through? If you are just creating a VM, using it for a bit, then discarding it, you might want to look into linked clones. You can basically take 1 VM you create, and snapshot it and roll that into it's own VM. From that point on you'll still have to individually patch it from that point on.

If you actually have a full labs worth of VMs all on one laptop that just need to have, then setting up a WSUS server is definitely going to be the best bet. Not because it's going to make patching easier (It really won't) but because it will save time and bandwidth because everything will download a lot faster. I'd probably entertain some type of startup script on your pcs to call wuauclt /detectnow when you power on the VM. That way it will basically force the VM to check for updates when it's powered on. Since there is no way you're powering them all on at once just go ahead and set updates to automatic. If it tries to detect updates when you power on, automatic should try to install them and reboot the VM for you.

I'm not really even sure what kind of workflow you have to try to make this happen honestly. Even if you automate the installation of updates, you still are going to be manually powering on and turning off all of these VMs and having to wait while they try to install in the background.
You don't even need the domain or GPO's, registry entry for auto update pointing to the location of the wsus server will work

A domain is incredibly easy to set up and can add further customization on the fly for 20-40 vms.

If they remained in workgroups, then yeah, you could easily powershell the entire WSUS setup and configuration to all the vms.
If you don't have a domain or don't feel like messing with it... use WSUS Offline Updater and place a shortcut to the batch file to update systems on startup... or just run the batch normally.
I'd recommend that the OP simply configure the patching policies via GPEDIT on one machine and then export/import the appropriate registry keys to all other systems. You can even add this to your VM template so you don't need to deal with it in the future.