Author: Peter Barnett Date: Mar 08, 2019
Timely updating the software installed in the company and installing the required patches is one of the important tasks, the implementation of which allows you to avoid various software malfunctions, as well as to ensure an adequate level of security. How can you centrally and remotely manage software updates and patches in a company? To do this, there are various solutions called patch management tool. If you have ever had to install Windows updates, as in patching servers, you know you have to log into servers and allow updates to install, suppressing reboots along the way. I will focus on windows update in powershell today (Invoke-WUInstall), used to install Windows updates remotely. | Fully functional for 50 endpoints, never expires. More details > |
Remote Server Administration Tools cannot be installed on Windows RT, computers with an Advanced RISC Machine (ARM) architecture, or other system-on-chip devices. Remote Server Administration Tools for Windows 10 runs on both x86- and x64-based editions of the full release of Windows 10, Professional, Enterprise or Education editions.
Since PSWindowsUpdate is not installed on Windows by default, we have to first install the module.
PS C:WINDOWSsystem32> Install-Module PSWindowsUpdate -MaximumVersion 1.5.2.6
If we run Get-Command we can see all of the commands in the PSWindowsUpdate module:
PS C:WINDOWSsystem32> Get-Command -Module PSWindowsUpdate
CommandType Name Version Source
Alias Get-WindowsUpdate 1.5.2.6 pswindowsupdate
Alias Hide-WindowsUpdate 1.5.2.6 pswindowsupdate
Alias Install-WindowsUpdate 1.5.2.6 pswindowsupdate
Alias Uninstall-WindowsUpdate 1.5.2.6 pswindowsupdate
Function Add-WUOfflineSync 1.5.2.6 pswindowsupdate
Function Add-WUServiceManager 1.5.2.6 pswindowsupdate
Function Get-WUHistory 1.5.2.6 pswindowsupdate
Function Get-WUInstall 1.5.2.6 pswindowsupdate
Function Get-WUInstallerStatus 1.5.2.6 pswindowsupdate
Function Get-WUList 1.5.2.6 pswindowsupdate
Function Get-WURebootStatus 1.5.2.6 pswindowsupdate
Function Get-WUServiceManager 1.5.2.6 pswindowsupdate
Function Get-WUUninstall 1.5.2.6 pswindowsupdate
Function Hide-WUUpdate 1.5.2.6 pswindowsupdate
Function Invoke-WUInstall 1.5.2.6 pswindowsupdate
Function Remove-WUOfflineSync 1.5.2.6 pswindowsupdate
Function Remove-WUServiceManager 1.5.2.6 pswindowsupdate
One different aspect of using Invoke-WUInstall is that it does not use traditional remoting methods to perform Windows update in PowerShell. When you look at the source code, it actually creates and immediately runs a scheduled task on the remote machine under the SYSTEM account.
Write-Verbose 'Create schedule service object'
$Scheduler = New-Object -ComObject Schedule.Service
$Task = $Scheduler.NewTask(0)
$RegistrationInfo = $Task.RegistrationInfo
$RegistrationInfo.Description = $TaskName
$RegistrationInfo.Author = $User.Name
$Settings = $Task.Settings
$Settings.Enabled = $True
$Settings.StartWhenAvailable = $True
$Settings.Hidden = $False
$Action = $Task.Actions.Create(0)
$Action.Path = 'powershell'
$Action.Arguments = '-Command $Script'
$Task.Principal.RunLevel = 1
typical use of Invoke-WUInstall would be:
Invoke-WUInstall -ComputerName Test-1 -Script {ipmo PSWindowsUpdate; Get-WUInstall -AcceptAll | Out-File C:PSWindowsUpdate.log }-Confirm:$false –Verbose
In this command we see Get-WUInstall
, which is the command PSWindowsUpdate uses to install updates, usually from your Windows Server Update Services (WSUS) server. Get-WUInstall
simply uses a COM object for Windows updates to perform the tasks needed. Notice also the use of the -AcceptAll
parameter, which means it will automatically accept any updates to install.
One nice feature of Invoke-WUInstall is that it actually installs the PSWindowsUpdate module on the remote machine (if it isn't there already). This is great when you are using the module on a new machine, or when you decide to use it for the first time.
As you can see, the scheduled task is going to run ipmo PSWindowsUpdate; Get-WUInstall -AcceptAll -AutoReboot | Out-File C:PSWindowsUpdate.log.
Using Out-File will ensure the logs of downloading and installing updates are visible so we can check against them later..
The true power of Invoke-WUInstall is when you have to install updates on many machines at once. This is very easy to do, all you need is to add machines to the ‑ComputerName
parameter, which then processes them in a loop (not in parallel unfortunately).
One great reason to output to a log on the remote machine is to confirm that no errors installing updates on these remote machines occurred. With some simple PowerShell, we can query these log files and search for failures.
Here is what a typical log looks like after using Get-WUInstall -AcceptAll | Out-File C: PSWindowsUpdate.log
:
It includes the status of the update, its KB number, size, and title—all great information to have handy when installing updates.
Using Invoke-Command, Get-Item, and Select-String, we can use a quick technique to easily work through any computers used with Invoke-WUInstall and check for updates that failed to install:
Action1 is a cloud-based platform for patch management, software deployment, remote desktop, software/hardware inventory, endpoint management and endpoint configuration reporting.
Start your free trial or use free forever to manage up to 50 endpoints. More details >