search

CompositionalIT / farmer

Repeatable Azure deployments with ARM templates - made easy!
https://compositionalit.github.io/farmer
MIT License
523 stars 157 forks source link

VMs: Automatic Windows updates? #1002

Closed Thorium closed 1 year ago

Thorium commented 1 year ago

Are the Windows-updates (and security patches) automatically on or off with deployed VMs?

The ARM template does:

    "osProfile": {
          "adminPassword": "[parameters('password')]",
          "adminUsername": "MyAdmin",
          "computerName": "MyServer"
    },

...where the automatic updates goes at windowsConfiguration:

  "osProfile": {
        "adminPassword": "[parameters('password')]",
        "adminUsername": "MyAdmin",
        "computerName": "MyServer",
    "windowsConfiguration": {
        "enableAutomaticUpdates": true,
        "patchSettings": {
            "patchMode": "AutomaticByPlatform",
            "assessmentMode": "AutomaticByPlatform"
        }
    }
  },

But what is the default setting? I expect this is not a parameter in Farmer template?

isaacabraham commented 1 year ago

Looks like it's already on.

https://learn.microsoft.com/en-us/azure/templates/microsoft.compute/virtualmachines?pivots=deployment-language-arm-template#windowsconfiguration-1

Thorium commented 1 year ago

This gives you false sense of security. Here is an actual screen-capture of remote-desktop to a standalone VM created by Farmer script:

image

What organization? This was a standalone test machine, not an AD computer...

image