From c60f824ffd9bb45c8c2ccacbadf41b29326403c7 Mon Sep 17 00:00:00 2001
From: "mhorak@totalservice.cz" <mhorak@totalservice.cz>
Date: Mon, 18 Aug 2025 14:00:12 +0200
Subject: [PATCH] 3

---
 patch-dc-controllers.yaml | 29 ++++++++++++-----------------
 1 file changed, 12 insertions(+), 17 deletions(-)

diff --git a/patch-dc-controllers.yaml b/patch-dc-controllers.yaml
index 5d2083d..69ebd78 100644
--- a/patch-dc-controllers.yaml
+++ b/patch-dc-controllers.yaml
@@ -1,23 +1,18 @@
 ---
-- name: Patch Domain Controllers via SYSTEM task
+- name: Patch DCs directly via JEA (no scheduled task)
   hosts: domain_controllers
   gather_facts: no
 
   tasks:
-    - name: Start the SYSTEM patch task
-      community.windows.win_scheduled_task:
-        name: "Patching-windows-task"
-        state: started
-
-    - name: Wait for task to finish
-      community.windows.win_scheduled_task_stat:
-        name: "Patching-windows-task"
-      register: taskstat
-      until: taskstat.task.state in ['Ready','Disabled']
-      retries: 180
-      delay: 60
-
-    - name: Reboot if required
-      ansible.windows.win_reboot:
+    - name: Install security & critical updates
+      ansible.windows.win_updates:
+        category_names:
+          - SecurityUpdates
+          - CriticalUpdates
+        reboot: yes
         reboot_timeout: 3600
-      when: taskstat.task.state == 'Ready'
+      register: updates_result
+
+    - name: Show summary
+      ansible.builtin.debug:
+        var: updates_result