WSUS Deprecation: Your Next Move in Patch Management

This Wednesday | 12 PM EST / 11 AM CET

Action1 5 How-to Articles 5 How to Use Powershell Script to Install Windows Updates Remotely

How to Use Powershell Script to Install Windows Updates Remotely

February 8, 2019

By Peter Barnett

Special PowerShell script PSWindowsUpdate is a great way to run Windows updates remotely from the command line on a separate computer. The PSWindowsUpdate module is not built into Windows and it is a third-party module available in the Technet Script Gallery. PSWindowsUpdate allows administrators to remotely check for updates on computers and workstations, install, remove and hide certain updates. The PSWindowsUpdate module is especially valuable when used to manage Windows updates in the Core editions of Windows Server, which do not have a graphical interface, as well as when setting up a Windows image in audit mode.

In this article, we will use Powershell for patch management. I will show a Powershell script to install Windows updates remotely also you will find another module that helps to get a list of all the missing Windows updates, as well quick guide on how to push Windows updates remotely on multiple computers using Action1 security patch management feature.

Using Builtin Tools:

1. Installing the Update Management Module PsWindowsUpdate

If you have Windows 10 installed, you can install the PSWindowsUpdate module from the online repository via the Package Manager PackageManagement with just one command:

Install-Module -Name PSWindowsUpdate

If you have an older version of Windows (Windows 7 / 8.1 / Windows Server 2008 R2 / 2012 R2) or do not have direct Internet access, you can install the PSWindowsUpdate module manually.

This module can be installed on any supported version of Windows, starting with Vista / Windows Server 2008 with PowerShell 2.0 installed (but PoSh 3.0 and higher is recommended).

  • Download the latest version of the PSWindowsUpdate module from the page: https://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc and unlock the downloaded file.
how to install windows updates remotely
  • Unpack the archive with the module into one of the% USERPROFILE% \ Documents \ WindowsPowerShell \ Modules or% WINDIR% \ System32 \ WindowsPowerShell \ v1.0 \ Modules directories (using the module permanently is the best option).
  • Allow script execution: Set-ExecutionPolicy RemoteSigned
  • Now you can import a module into your PowerShell session: Import-Module PSWindowsUpdate
installing windows updates remotely with powershell
1Note. In Windows 7 / Server 2008 R2, when importing a PSWindowsUpdate module, you may encounter an error like the following: The name “Unblock-File” is not recognized as the name of the cmdlet. The point is that the module uses some functions that appeared only in PowerShell 3.0. To use these functions, you will have to update PowerShell, or manually remove the line | Unblock-File from the PSWindowsUpdate.psm1 file. If you installed the Windows Update Management Module on your computer, you can install it remotely on other computers and / or servers. Use this script to copy the module to the two specified remote servers:

$Targets = "PC1-name", "PC2-name"

Invoke-Command ($Targets) {
If ($null -eq (Get-Module -Name PSWindowsUpdate -ListAvailable) ) {
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Install-Module PSWindowsUpdate -Force
Import-Module PSWindowsUpdate
}
}

2. Overview Module PSWindowsUpdate Commands

The list of available cmdlets for the module can be displayed as:

get-command-module PSWindowsUpdate

Briefly describe the purpose of the module commands:

Get-WindowsUpdate an alias for Get-WUList.

Hide-WindowsUpdate alias for Hide-WUUpdate.

Install-WindowsUpdate alias for Get-WUInstall.

Uninstall-WindowsUpdate alias for Get-WUUninstall.

Add-WUOfflineSync the function allows you to install updates from the local cache using the file wsusscan.cab or wsusscn2.cab.

Add-WUServiceManager register the update server on a computer.

Get-WUHistory displays a list of installed updates.

Get-WUInstall is the main cmdlet of the PSWindowsUpdate module. Allows you to download and install updates from the server WSUS or Microsoft Update. Allows you to select categories of updates, specific updates and specify the rules for restarting the computer when installing updates.

Get-WUInstallerStatus check the status of the Windows Installer service.

Get-WURebootStatus allows you to check whether a reboot is necessary to apply a specific update.

Get-WUList lists the updates that meet the specified criteria, allows you to find and install the desired update.

Get-WUServiceManager check for update sources.

Get-WUUninstall cmdlet allows you to remove a specific update by KB ID.

Hide-WUUpdate allows you to hide certain updates from the installation.

Invoke-WUInstall manage remote installation of updates.

Remove-WUOfflineSync remove offline scan source.

Remove-WUServiceManager remove update server.

how to install windows updates remotely with powershell

3. Get a List of Available Updates for the Computer

List the available updates for your computer on the update server:

Get-WUInstall -ListOnly

To check the list of available updates on a remote computer, run:

Get-WUList –ComputerName server2

You can check where your Windows should get updates from. Run the command:

Get-WUServiceManager

ServiceID IsManaged IsDefault Name

powershell script to install windows updates remotely
As you can see, the computer is configured to receive updates from the local WSUS and Windows Update service. If you want to scan your computer on Microsoft Update servers (besides Windows updates, these servers contain Office updates and other products) on the Internet, run the following command:

Get-WUinstall -MicrosoftUpdate –ListOnly

You get a warning:

Can’t find registered service Microsoft Update. Use Get-WUServiceManager to get registered service.

To enable scanning on Microsoft Update, run the following command:

Add-WUServiceManager -ServiceID “7971f918-a847-4430-9279-4a52d1efe18d” -AddServiceFlag 7

Now you can perform a scan on Microsoft Update.

To remove certain products or specific packages from the list of updates your computer receives, you can exclude them by:

  • Categories (-NotCategory);
  • Name (-NotTitle);
  • Update number (-NotKBArticleID).

For example, exclude from the list of updates for drivers, OneDrive, and one specific KB:

Get-WUInstall -NotCategory “Drivers” -NotTitle OneDrive -NotKBArticleID KB4011670 -ListOnly

4. Powershell Script to Install Windows Updates Remotely PsWindowsUpdate

To automatically download and install all available updates for your operating system, run:

Get-WUInstall -AcceptAll –IgnoreReboot

The AcceptAll key includes installation approval for all packages, and IgnoreReboot suppresses automatic restarts of Windows after installing updates.

You can install only specific update packages:

Get-WUInstall -KBArticleID KB4011670,KB4456655 –AcceptAll

If you want to remove some updates from the installation list, run:

Get-WUInstall -NotCategory “Drivers” -NotTitle OneDrive -NotKBArticleID KB4011670 -AcceptAll -IgnoreReboot

To automate the installation of updates with exceptions on multiple computers, you can use the following script:

PowerShell -ExecutionPolicy RemoteSigned -Command Import-Module PSWindowsUpdate; Get-WUInstall -NotCategory “Language packs” -NotTitle OneDrive -NotKBArticleID KB4011670 -AcceptAll –IgnoreReboot

The module allows you to remotely start the installation of updates on several computers at once or on a server (the PSWindowsUpdate module should be present on the computers). This is especially convenient, as it allows the administrator not to go manually to all servers during the scheduled installation of updates. The following command will install all available updates on three remote servers:

Invoke-WUInstall -ComputerName server1, server2, server1-Script {ipmo PSWindowsUpdate; Get-WUInstall -AcceptAll -AutoReboot | Out-File C:\Windows\PSWindowsUpdate.log } -Confirm:$false -Verbose -SkipModuleTest –RunNow

5. View the History of Installed Updates

Using the Get-WUHistory command, you can get a list of updates installed on your computer earlier. You can get information about the date of installation of a specific update:

Get-WUHistory| Where-Object {$_.Title -match “KB4011*”} | Select-Object *|ft

To obtain information about the presence of an installed update on several remote computers, you can use the following code:

“server1”,“server2” | Get-WUHistory| Where-Object {$_.Title -match “KB4011634”} | Select-Object *|ft

6. The Next Feature Is Uninstalling Updates

To remove updates, use the Remove-WindowsUpdate cmdlet. You only need to specify the KB number as an argument to the KBArticleID parameter. To postpone the automatic restart of the computer, you can add the –NoRestart key:

Remove-WindowsUpdate -KBArticleID KB4011634 -NoRestart

7. How to Hide Unnecessary Updates Using Powershell

You can hide certain updates so that they are never installed by Windows Update on your computer. For example, to hide the KB4011670 and KB4456655 updates, run the following commands:

$HideList = “KB4011670”, “KB4456655”

Hide-WindowsUpdate -KBArticleID $HideList –Hide

The next time you scan for updates using the Get-WUInstall –ListOnly command, hidden updates will not be displayed in the list of patches available for installation.

You can list the updates that are hidden on this computer as follows:

Get-WindowsUpdate -IsHidden

To remove updates from hidden, run:

Hide-WindowsUpdate -KBArticleID $HideList -Hide:$false

8. Additionally: As a Bonus Use Script for Getting a List of All the Missing Windows Updates

Unlock the full code below:

Install Windows Updates Using Action1:

Step 1: Sign-up for Free

 

Step 2: Enter AD Domain in Discovery Settings

how to install windows updates remotely with action1

Step 3: See All Managed Computers

Action1 will automatically find all domain computers and show them in the list of managed endpoints:

how to install os updates remotely with action1

Step 4: Review Available and Missing Updates

Navigate to Patch Management to see the entire list of all patches and updates available for all computers on your entire network. To ease your work, Action1 combines all types of updates, including both Window updates and 3rd party updates (such as Google Chrome, Dropbox etc), into one uniform view.

install windows updates remotely action1

Step 5: Option 1 Install Missing Updates Immediately or Later

Select one or more computers to update and click Deploy Update in the list of actions. You will then be prompted to deploy immediately or schedule at a later time.

installing windows updates remotely

Step 6: Option 2 Approve Updates for Deployment

For more streamlined workflow, you can approve updates for deployment at pre-configured maintenance windows, such as over the weekend or during non-business hours, to avoid disrupting your users.

install windows update remotely patch management action1

Consider Using Action1 to Install Windows Updates Remotely if:

See What You Can Do with Action1

 

Join our weekly LIVE demo “Patch Management That Just Works with Action1” to learn more

about Action1 features and use cases for your IT needs.

 

spiceworks logo
getapp logo review
software advice review
trustradius
g2 review
spiceworks logo

Related Posts