How To Install Windows Updates With Powershell

Since Windows x 1709 and Server 2022, Microsoft has been shipping the Windows Update Provider PowerShell module with the Os. Its functions master the basic tasks of patch management. Admins can besides employ them to remotely initiate the download and installation of updates.

• Author
• Recent Posts

Wolfgang Sommergut has over 20 years of experience in Information technology journalism. He has also worked as a system administrator and equally a tech consultant. Today he runs the German publication WindowsPro.de.

While most Windows features have long supported detailed automation via PowerShell, this option was missing for the update customer; it is at present available to a limited extent. Compared to the popular PSWindowsUpdate by Michal Gajda, Microsoft's ain module is less powerful.

Availability as an advantage ^

The main advantages of Windows Update Provider are its official support by Microsoft and that all newer versions of the operating system already accept information technology on board. Therefore, when using it for remote management, you can presume that the required functions are already available on the target computer. In contrast, third-party modules must starting time exist installed on every managed PC.

Withal, it is not possible to copy Microsoft's Windows Update Provider to older versions of Windows, such as Server 2022 R2 or 2022, because the CIM class required past the functions does non exist on those versions.

More control over updates ^

Command line tools such as usoclient.exe, wuinstall, or PowerShell cmdlets requite admins more command over the update process because they can explicitly request the browse, download, install, or restart. This is useful, for case, if you want to secure a freshly installed computer by installing the latest patches. In addition, PowerShell is useful on Server Core considering there is no GUI for managing updates.

Overview of the range of functions ^

If y'all search for Windows Update modules using

Go-Module -Name *Update*

and so the command returns 2 results. While one of them is WindowsUpdate, the module only contains a function called Get-WindowsUpdateLog.

The commands intended for the direction of the update client tin can be found in WindowsUpdateProvider. They can exist listed with:

Get-Command -Module WindowsUpdateProvider

As you tin see, these are not cmdlets but only functions.

Functions of the WindowsUpdateProvider module

For example, if yous want to display the contents of Start-WUScan with

Become-Content Role:\Start-WUScan

so yous can run across that this part operates on the basis of the CIM form MSFT_WUOperations. The same applies to Install-WUUpdates.

The functions of the WindowsUpdateProvider module employ the methods of the CIM grade MSFT WUOperations

While Become-WULastInstallationDate and Get-WULastScanSuccessDate are used to examine previous updates, and Get-WUAVersion outputs the version of the client, the 3 remaining functions provide the actual update management.

Checking for updates ^

As the name suggests, Start-WUScan looks for available updates. Y'all cannot specify a source for updates; rather, the function queries the update server configured on the computer. This is a WSUS server in most cases.

If you don't specify whatever parameter, all updates that apply to the system will announced in the results. The only way to restrict the listing is with SearchCriteria, which y'all take to pass a search expression:

Start-WUScan -SearchCriteria "Type='Software' AND IsInstalled=0"

The permitted search criteria follow the syntax described in the API documentation, simply Microsoft does not offering whatever specific information on WindowsUpdateProvider equally a whole.

Equally an culling to the settings app, y'all can use Kickoff WUScan to check for new updates

For example, it is practical to query remote computers to find out whether a specific update is installed at that place. Since the ComputerName parameter is non supported, you have to use the Invoke-Command:

$u = Invoke-Control -ComputerName MyPC -ScriptBlock {Starting time-WUScan -SearchCriteria "UpdateId='<GUID-of-Update>' AND IsInstalled=one"} -Credential admin\contoso

Later on executing the command, the variable $u will contain all updates which match the search criteria.

Downloading and installing updates ^

If you want to install pending updates, yous take to salve the upshot of Starting time-WUScan in a variable, as in the example to a higher place. Yous and then pass this on to Install-WUUpdates. Merely commencement you establish a CIM session on the remote estimator:

$cs = New-CimSession -ComputerName MyPC -Credential Credential admin\contoso Install-WUUpdates -Updates $u -DownloadOnly -CimSession $cs

This case command only downloads the updates.

Find, download, and install updates on a remote PC with the WindowsUpdateProvider functions

Yous and so initiate the actual installation past executing Install-WUUpdate once more without the DownloadOnly switch:

Install-WUUpdates -Updates $u -CimSession $cs

Querying pending reboot ^

If the computer must be restarted after installing updates, you cannot initiate information technology via Install-WUUpdates. However, information technology is possible to query whether a reboot is pending with another function of this module:

Become-WUIsPendingReboot

If the command yields the value $true, so you can reboot the PC at the desired time using the Cmdlet Restart-Figurer.

Later installing the updates, you lot can query a pending reboot with Go WUIsPendingReboot

Get-WUIsPendingReboot tin can as well be used to query a pending reboot of a remote computer.

Cheque remotely whether a restart is required

The office simplifies this task considerably compared to the method that looks for it in the registry.

Subscribe to 4sysops newsletter!

Determination ^

With the WindowsUpdateProvider module, Microsoft has provided the basic functions for managing updates via PowerShell, beginning with Windows x 1709 and Server 2022. They are particularly suitable for updating computers remotely. Still, the integrated module does not come close to the capabilities of PSWindowsUpdate.

Source: https://4sysops.com/archives/scan-download-and-install-windows-updates-with-powershell/

Posted by: perryvily1979.blogspot.com

Share this post