fb
Homepage 5 How-to Articles 5 How to Use Powershell Script to Install Windows Updates Remotely

How to Use Powershell Script to Install Windows Updates Remotely

Manage remote endpoints, deploy software and patches with Action1 cloud RMM solution.

Sign up and use free on up to 50 endpoints with no functionality limits or expiration.



February 8, 2019

Special PowerShell script – PSWindowsUpdate is a great way to install Windows updates remotely from the command line on a separate computer. The PSWindowsUpdate module is not built into Windows and it is a third-party module available in the Technet Script Gallery. PSWindowsUpdate allows administrators to remotely check for updates on computers and workstations, install, remove and hide certain updates. The PSWindowsUpdate module is especially valuable when used to manage Windows updates in the Core editions of Windows Server, which do not have a graphical interface, as well as when setting up a Windows image in audit mode.

In this article, I show a Powershell script to install Windows updates remotely also you will find another module that helps to get a list of all the missing Windows updates, as well quick guide on how to install Windows updates remotely on multiple computers using Action1 security patch management feature.

Using Builtin Tools:

1. Installing the Update Management Module PsWindowsUpdate

If you have Windows 10 installed, you can install the PSWindowsUpdate module from the online repository via the Package Manager PackageManagement with just one command:

Install-Module -Name PSWindowsUpdate

If you have an older version of Windows (Windows 7 / 8.1 / Windows Server 2008 R2 / 2012 R2) or do not have direct Internet access, you can install the PSWindowsUpdate module manually.

This module can be installed on any supported version of Windows, starting with Vista / Windows Server 2008 with PowerShell 2.0 installed (but PoSh 3.0 and higher is recommended).

  • Download the latest version of the PSWindowsUpdate module from the page: https://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc and unlock the downloaded file.
how to install windows updates remotely
  • Unpack the archive with the module into one of the% USERPROFILE% \ Documents \ WindowsPowerShell \ Modules or% WINDIR% \ System32 \ WindowsPowerShell \ v1.0 \ Modules directories (using the module permanently is the best option).
  • Allow script execution: Set-ExecutionPolicy RemoteSigned
  • Now you can import a module into your PowerShell session: Import-Module PSWindowsUpdate
installing windows updates remotely with powershell

Note. In Windows 7 / Server 2008 R2, when importing a PSWindowsUpdate module, you may encounter an error like the following: The name “Unblock-File” is not recognized as the name of the cmdlet. The point is that the module uses some functions that appeared only in PowerShell 3.0. To use these functions, you will have to update PowerShell, or manually remove the line | Unblock-File from the PSWindowsUpdate.psm1 file.If you installed the Windows Update Management Module on your computer, you can install it remotely on other computers and / or servers. Use this script to copy the module to the two specified remote servers:$ Targets = "Server1", "Server2" Update-WUModule -LocalPSWUSource "C: \ Windows \ system32 \ WindowsPowerShell \ v1.0 \ Modules \ PSWindowsUpdate" -ComputerName $ TargetsInvoke-Command -ComputerName $ Targets -ScriptBlock {Add-Content $ Env: WINDIR \ system32 \ WindowsPowerShell \ v1.0 \ profile.ps1 "` `nImport-Module PSWindowsUpdate"}

2. Overview Module PSWindowsUpdate Commands

The list of available cmdlets for the module can be displayed as:

get-command-module PSWindowsUpdate

Briefly describe the purpose of the module commands:

Get-WindowsUpdate – an alias for Get-WUList.

Hide-WindowsUpdate – alias for Hide-WUUpdate.

Install-WindowsUpdate – alias for Get-WUInstall.

Uninstall-WindowsUpdate – alias for Get-WUUninstall.

Add-WUOfflineSync – the function allows you to install updates from the local cache using the file wsusscan.cab or wsusscn2.cab.

Add-WUServiceManager – register the update server on a computer.

Get-WUHistory – displays a list of installed updates.

Get-WUInstall is the main cmdlet of the PSWindowsUpdate module. Allows you to download and install updates from the server WSUS or Microsoft Update. Allows you to select categories of updates, specific updates and specify the rules for restarting the computer when installing updates.

Get-WUInstallerStatus – check the status of the Windows Installer service.

Get-WURebootStatus – allows you to check whether a reboot is necessary to apply a specific update.

Get-WUList – lists the updates that meet the specified criteria, allows you to find and install the desired update.

Get-WUServiceManager – check for update sources.

Get-WUUninstall – cmdlet allows you to remove a specific update by KB ID.

Hide-WUUpdate – allows you to hide certain updates from the installation.

Invoke-WUInstall – manage remote installation of updates.

Remove-WUOfflineSync – remove offline scan source.

Remove-WUServiceManager – remove update server.

how to install windows updates remotely with powershell

3. Get a List of Available Updates for the Computer

List the available updates for your computer on the update server:

Get-WUInstall -ListOnly

To check the list of available updates on a remote computer, run:

Get-WUList –ComputerName server2

You can check where your Windows should get updates from. Run the command:

Get-WUServiceManager

ServiceID IsManaged IsDefault Name

powershell script to install windows updates remotely

As you can see, the computer is configured to receive updates from the local WSUS and Windows Update service. If you want to scan your computer on Microsoft Update servers (besides Windows updates, these servers contain Office updates and other products) on the Internet, run the following command:

Get-WUinstall -MicrosoftUpdate –ListOnly

You get a warning:

Can’t find registered service Microsoft Update. Use Get-WUServiceManager to get registered service.

To enable scanning on Microsoft Update, run the following command:

Add-WUServiceManager -ServiceID "7971f918-a847-4430-9279-4a52d1efe18d" -AddServiceFlag 7

Now you can perform a scan on Microsoft Update.

To remove certain products or specific packages from the list of updates your computer receives, you can exclude them by:

  • Categories (-NotCategory);
  • Name (-NotTitle);
  • Update number (-NotKBArticleID).

For example, exclude from the list of updates for drivers, OneDrive, and one specific KB:

Get-WUInstall -NotCategory "Drivers" -NotTitle OneDrive -NotKBArticleID KB4011670 -ListOnly

4. Powershell Script to Install Windows Updates Remotely – PsWindowsUpdate

To automatically download and install all available updates for your operating system, run:

Get-WUInstall -AcceptAll –IgnoreReboot

The AcceptAll key includes installation approval for all packages, and IgnoreReboot suppresses automatic restarts of Windows after installing updates.

You can install only specific update packages:

Get-WUInstall -KBArticleID KB4011670,KB4456655 –AcceptAll

If you want to remove some updates from the installation list, run:

Get-WUInstall -NotCategory "Drivers" -NotTitle OneDrive -NotKBArticleID KB4011670 -AcceptAll -IgnoreReboot

To automate the installation of updates with exceptions on multiple computers, you can use the following script:

PowerShell -ExecutionPolicy RemoteSigned -Command Import-Module PSWindowsUpdate; Get-WUInstall -NotCategory "Language packs" -NotTitle OneDrive -NotKBArticleID KB4011670 -AcceptAll –IgnoreReboot

The module allows you to remotely start the installation of updates on several computers at once or on a server (the PSWindowsUpdate module should be present on the computers). This is especially convenient, as it allows the administrator not to go manually to all servers during the scheduled installation of updates. The following command will install all available updates on three remote servers:

Invoke-WUInstall -ComputerName server1, server2, server1-Script {ipmo PSWindowsUpdate; Get-WUInstall -AcceptAll -AutoReboot | Out-File C:\Windows\PSWindowsUpdate.log } -Confirm:$false -Verbose -SkipModuleTest –RunNow

5. View the History of Installed Updates

Using the Get-WUHistory command, you can get a list of updates installed on your computer earlier. You can get information about the date of installation of a specific update:

Get-WUHistory| Where-Object {$_.Title -match "KB4011*"} | Select-Object *|ft

To obtain information about the presence of an installed update on several remote computers, you can use the following code:

"server1","server2" | Get-WUHistory| Where-Object {$_.Title -match "KB4011634"} | Select-Object *|ft

6. The Next Feature Is Uninstalling Updates

To remove updates, use the Remove-WindowsUpdate cmdlet. You only need to specify the KB number as an argument to the KBArticleID parameter. To postpone the automatic restart of the computer, you can add the –NoRestart key:

Remove-WindowsUpdate -KBArticleID KB4011634 -NoRestart

7. How to Hide Unnecessary Updates Using Powershell

You can hide certain updates so that they are never installed by Windows Update on your computer. For example, to hide the KB4011670 and KB4456655 updates, run the following commands:

$HideList = "KB4011670", "KB4456655"

Hide-WindowsUpdate -KBArticleID $HideList –Hide

The next time you scan for updates using the Get-WUInstall –ListOnly command, hidden updates will not be displayed in the list of patches available for installation.

You can list the updates that are hidden on this computer as follows:

Get-WindowsUpdate -IsHidden

To remove updates from hidden, run:

Hide-WindowsUpdate -KBArticleID $HideList -Hide:$false

8. Additionally: As a Bonus Use Script for Getting a List of All the Missing Windows Updates

Type following code:

Get-MissingUpdates -Computername YOURCOMPUTER

function Get-MissingUpdates {

[CmdletBinding()]

[OutputType([System.Management.Automation.PSCustomObject])]

param (

[Parameter(Mandatory,

ValueFromPipeline,

ValueFromPipelineByPropertyName)]

[string]$ComputerName)

begin {

function Get-32BitProgramFilesPath {

if ((Get-Architecture) -eq 'x64') {

${ env:ProgramFiles(x86) }

} else {

$env:ProgramFiles

}

}

function Get-Architecture {

if ([System.Environment]::Is64BitOperatingSystem) {

'x64'

} else {

'x86'

}

}

$Output = @{ }

}

process {

try {

## Remove any previous reports

Get-ChildItem "$($Env:USERPROFILE)\SecurityScans\*" -Recurse -ea 'SilentlyContinue' | Remove-Item -Force -Recurse

## Run the report to create the output XML

$ExeFilePath = "$(Get-32BitProgramFilesPath)\Microsoft Baseline Security Analyzer 2\mbsacli.exe"

if (!(Test-Path $ExeFilePath)) {

throw "$ExeFilePath not found"

}

& $ExeFilePath /target $ComputerName /wi /nvc /o %C% 2>&1> $null

## Convert the report to XML so I can use it

[xml]$ScanResults = Get-Content "$($Env:USERPROFILE)\SecurityScans\$($Computername.Split('.')[0]).mbsa"

$UpdateSeverityLabels = @{

'0' = 'Other'

'1' = 'Low'

'2' = 'Moderate'

'3' = 'Important'

'4' = 'Critical'

}

$MissingUpdates = $ScanResults.SelectNodes("//Check[@Name='Windows Security Updates']/Detail/UpdateData[@IsInstalled='false']")

foreach ($Update in $MissingUpdates) {

$Ht = @{ }

$Properties = $Update | Get-Member -Type Property

foreach ($Prop in $Properties) {

$Value = ($Update | select -expandproperty $Prop.Name)

if ($Prop.Name -eq 'Severity') {

$Value = $UpdateSeverityLabels[$Value]

}

$Ht[$Prop.Name] = $Value

}

[pscustomobject]$Ht

}

} catch {

Write-Error "Error: $($_.Exception.Message) - Line Number: $($_.InvocationInfo.ScriptLineNumber)"

}

}

}

Using Action1:

Step 1: Sign-up for Free

Step 2: Enter AD Domain in Discovery Settings

how to install windows updates remotely with action1

Step 3: See All Managed Computers

Action1 will automatically find all domain computers and show them in the list of managed endpoints:

how to install os updates remotely with action1

Step 4: Review Available and Missing Updates

Navigate to Patch Management to see the entire list of all patches and updates available for all computers on your entire network. Ti ease your work, Action1 combines all types of updates, including both Window updates and 3rd party updates (such as Google Chrome, Dropbox etc), into one uniform view.

install windows updates remotely action1 rmm

Step 5: Option 1 – Install Missing Updates Immediately or Later

Select one or more computers to update and click Deploy Update in the list of actions. You will then be prompted to deploy immediately or schedule at a later time.

installing windows updates remotely

Step 6: Option 2 – Approve Updates for Deployment

For more streamlined workflow, you can approve updates for deployment at pre-configured maintenance windows, such as over the weekend or during non-business hours, to avoid disrupting your users.

install windows update remotely patch management action1

Consider Using Action1 to Install Windows Updates Remotely if:

  • You need to perform an action on multiple computers simultaneously.
  • You have remote employees with computers not connected to your corporate network.

Action1 is a cloud-based platform for patch management, software deployment, remote desktop, software/hardware inventory, endpoint management and endpoint configuration reporting.

Related Articles

How To Delete User Profiles Remotely with PowerShell

When a user logs onto the computer for the first time (not via the network to access shared folders or printers), Windows creates a user profile. Among its contents are the NTUSER.DAT file (user profile settings), user-specific folders (My Documents, Desktop, etc.),...

About Action1 RMM

Action1 RMM is a cloud-based IT solution for remote monitoring and management, patching, and remote support.

Start your free two-week trial of Action1, or use RMM tools for free forever on 50 endpoints with no functionality limitations!



0 Comments

Submit a Comment

Your email address will not be published.

cloud patch management solutions action1

MSP Solution

Centralize endpoint management and boost efficiency of IT service delivery.

automated server patch management action compliance

Patch Management

Identify and deploy missing OS and third-party software updates.

cloud software deployment tools windows

Software Deployment

Distribute software and updates across managed endpoints.

software distribution tools software inventory action1

IT Asset Inventory

Keep a detailed inventory and manage hardware and software assets.

web client remote desktop

Remote Desktop

Support users via seamless remote desktop connection.

web based rdp client

Unattended Access

Provide administrative support and manage remote devices.

automated patch management action1

Endpoint Management

Run PowerShell, custom scripts, reboot computers and restart services.

API integrations action1

RESTful API

Integrate Action1 RMM to your IT ecosystem.

computer inventory tool for compliance

Reports and Alerts

Conduct endpoint security audits with comprehensive reporting.