Windows 10 check for updates powershell - Доктор Windows - ваш надежный помощник

Since Windows 10 1709 and Server 2019, Microsoft has been shipping the Windows Update Provider PowerShell module with the OS. Its functions master the basic tasks of patch management. Admins can also use them to remotely initiate the download and installation of updates.

Contents

Availability as an advantage
More control over updates
Overview of the range of functions
Checking for updates
Downloading and installing updates
Querying pending reboot
Conclusion

Author
Recent Posts

Wolfgang Sommergut has over 20 years of experience in IT journalism. He has also worked as a system administrator and as a tech consultant. Today he runs the German publication WindowsPro.de.

While most Windows features have long supported detailed automation via PowerShell, this option was missing for the update client; it is now available to a limited extent. Compared to the popular PSWindowsUpdate by Michal Gajda, Microsoft’s own module is less powerful.

Availability as an advantage

The main advantages of Windows Update Provider are its official support by Microsoft and that all newer versions of the operating system already have it on board. Therefore, when using it for remote management, you can assume that the required functions are already available on the target computer. In contrast, third-party modules must first be installed on every managed PC.

However, it is not possible to copy Microsoft’s Windows Update Provider to older versions of Windows, such as Server 2012 R2 or 2016, because the CIM class required by the functions does not exist on those versions.

More control over updates

Command line tools such as usoclient.exe, wuinstall, or PowerShell cmdlets give admins more control over the update process because they can explicitly request the scan, download, install, or restart. This is useful, for example, if you want to secure a freshly installed computer by installing the latest patches. In addition, PowerShell is useful on Server Core because there is no GUI for managing updates.

Overview of the range of functions

If you search for Windows Update modules using

Get-Module -Name *Update*

then the command returns two results. While one of them is WindowsUpdate, the module only contains a function called Get-WindowsUpdateLog.

The commands intended for the management of the update client can be found in WindowsUpdateProvider. They can be listed with:

Get-Command -Module WindowsUpdateProvider

As you can see, these are not cmdlets but only functions.

Functions of the WindowsUpdateProvider module

For example, if you want to display the contents of Start-WUScan with

Get-Content Function:Start-WUScan

then you can see that this function operates on the basis of the CIM class MSFT_WUOperations. The same applies to Install-WUUpdates.

The functions of the WindowsUpdateProvider module use the methods of the CIM class MSFT WUOperations

While Get-WULastInstallationDate and Get-WULastScanSuccessDate are used to examine previous updates, and Get-WUAVersion outputs the version of the client, the three remaining functions provide the actual update management.

Checking for updates

As the name suggests, Start-WUScan looks for available updates. You cannot specify a source for updates; rather, the function queries the update server configured on the computer. This is a WSUS server in most cases.

If you don’t specify any parameter, all updates that apply to the system will appear in the results. The only way to restrict the list is with SearchCriteria, which you have to pass a search expression:

Start-WUScan -SearchCriteria "Type='Software' AND IsInstalled=0"

The permitted search criteria follow the syntax described in the API documentation, but Microsoft does not offer any specific information on WindowsUpdateProvider as a whole.

As an alternative to the settings app, you can use Start WUScan to check for new updates

For example, it is practical to query remote computers to find out whether a specific update is installed there. Since the ComputerName parameter is not supported, you have to use the Invoke-Command:

$u = Invoke-Command -ComputerName MyPC -ScriptBlock {Start-WUScan -SearchCriteria "UpdateId='<GUID-of-Update>' AND IsInstalled=1"} -Credential admincontoso

After executing the command, the variable $u will contain all updates which match the search criteria.

Downloading and installing updates

If you want to install pending updates, you have to save the result of Start-WUScan in a variable, as in the example above. You then pass this on to Install-WUUpdates. But first you establish a CIM session on the remote computer:

$cs = New-CimSession -ComputerName MyPC -Credential Credential admincontoso
Install-WUUpdates -Updates $u -DownloadOnly -CimSession $cs

This example command only downloads the updates.

Find, download, and install updates on a remote PC with the WindowsUpdateProvider functions

You then initiate the actual installation by executing Install-WUUpdate once more without the DownloadOnly switch:

Install-WUUpdates -Updates $u -CimSession $cs

Querying pending reboot

If the computer must be restarted after installing updates, you cannot initiate it via Install-WUUpdates. However, it is possible to query whether a reboot is pending with another function of this module:

Get-WUIsPendingReboot

If the command yields the value $true, then you can reboot the PC at the desired time using the Cmdlet Restart-Computer.

After installing the updates, you can query a pending reboot with Get WUIsPendingReboot

Get-WUIsPendingReboot can also be used to query a pending reboot of a remote computer.

Check remotely whether a restart is required

The function simplifies this task considerably compared to the method that looks for it in the registry.

Subscribe to 4sysops newsletter!

Conclusion

With the WindowsUpdateProvider module, Microsoft has provided the basic functions for managing updates via PowerShell, beginning with Windows 10 1709 and Server 2019. They are particularly suitable for updating computers remotely. However, the integrated module does not come close to the capabilities of PSWindowsUpdate.

Источник

Вы можете использовать PowerShell модуль PSWindowsUpdate для управления обновлениями Windows из командной строки. Модуль PSWindowsUpdate не встроен в Windows и доступен для установки из репозитория PowerShell Gallery. PSWindowsUpdate позволяет администраторам удаленно проверять, устанавливать, удалять и скрывать обновления на рабочих станциях и серверах Windows. Модуль PSWindowsUpdate особо ценен при использовании для управления обновлениями в Core редакциях Windows Server (в которых отсутствуют графический интерфейс), а также при настройке образа Windows в режиме аудита.

Содержание:

Установка модуля управления обновлениями PSWindowsUpdate
Обзор команд модуля PSWindowsUpdate
Управление обновлениями Windows на удаленных компьютерах через PowerShell
Получить список доступных обновлений Windows из PowerShell
Установка обновлений Windows с помощью Install-WindowsUpdate
Просмотр истории установленных обновлений Windows (Get-WUHistory)
Удаление обновлений в Windows с помощью Remove-WindowsUpdate
Как скрыть ненужные обновления Windows с помощью PowerShell (Hide-WindowsUpdate)?

Установка модуля управления обновлениями PSWindowsUpdate

Если вы используете Windows 10/11 или Windows Server 2022/2019/2016, вы можете установить (обновить) модуль PSWindowsUpdate из онлайн репозитория через менеджер пакетов PackageManagement всего одной командой:

Install-Module -Name PSWindowsUpdate

После окончания установки нужно проверить наличие пакета:

Get-Package -Name PSWindowsUpdate

В старых версиях Windows 2012R2/Windows 8.1 и ниже при установке PowerShell модуля может появится ошибка:

Install-Module: Unable to download from URI.Unable to download the list of available providers. Check your internet connection.

Для установки модуля нужно использовать для подключения протокол TLS 1.2. Включите его:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Если у вас установлена более старая версия Windows (Windows 7/8.1/ Windows Server 2008 R2/ 2012 R2) или отсутствует прямой доступ в Интернет, вы можете установить модуль PSWindowsUpdate вручную (см. полную инструкцию по офлайн установке модулей PowerShell).

Скачайте модуль PSWindowsUpdate на любой онлайн компьютер:
Save-Module –Name PSWindowsUpdate –Path C:ps
;
Скопируйте модуль на целевой компьютер, и поместите его в каталог
%WINDIR%System32WindowsPowerShellv1.0Modules
(при постоянном использовании модуля это лучший вариант);
Разрешите выполнение PowerShell скриптов:
Set-ExecutionPolicy –ExecutionPolicy RemoteSigned -force
Теперь вы можете импортировать модуль в свою сессию PowerShell:
Import-Module PSWindowsUpdate

Примечание. В Windows 7 / Server 2008 R2 при импорте модуля PSWindowsUpdate вы можете столкнутся с ошибкой вида:
Имя "Unblock-File" не распознано как имя командлета
. Дело в том, что в модуле используются некоторые функции, которые появились только в PowerShell 3.0. Для использования этих функций вам придется обновить PowerShell, либо вручную удалить строку | Unblock-File из файла PSWindowsUpdate.psm1.

После установки модуля PSWindowsUpdate на своем компьютере вы можете удаленно установить его на другие компьютеры или сервера с помощью командлета Update-WUModule. Например, чтобы скопировать PSWindowsUpdate модуль с вашего компьютера на два удаленных сервера, выполните команды (нужен доступ к удаленным серверам по протоколу WinRM):

$Targets = "Server1", "Server2" Update-WUModule -ComputerName $Targets -local

Чтобы сохранить модуль в сетевой каталог для дальнейшего импорта модуля на других компьютерах, выполните:

Save-Module -Name PSWindowsUpdate –Path \fs01ps

Обзор команд модуля PSWindowsUpdate

Список доступных командлетов модуля можно вывести так:

get-command -module PSWindowsUpdate

Вкратце опишем назначение команд модуля:

Clear-WUJob – использовать Get-WUJob для вызова задания WUJob в планировщике;
Download-WindowsUpdate (алиас для Get-WindowsUpdate –Download) — получить список обновлений и скачать их;
Get-WUInstall, Install-WindowsUpdate (алиас для Get-WindowsUpdate –Install) – установить обвновления;
Hide-WindowsUpdate (алиас для Get-WindowsUpdate -Hide:$false) – скрыть обновление;
Uninstall-WindowsUpdate -удалить обновление с помощью Remove-WindowsUpdate;
Add-WUServiceManager – регистрация сервера обновления (Windows Update Service Manager) на компьютере;
Enable-WURemoting — включить правила Windows Defender файервола, разрешающие удаленное использование командлета PSWindowsUpdate;
Get-WindowsUpdate (Get-WUList) — выводит список обновлений, соответствующим указанным критериям, позволяет найти и установить нужное обновление. Это основной командлет модуля PSWindowsUpdate. Позволяет скачать и установить обновления с сервера WSUS или Microsoft Update. Позволяет выбрать категории обновлений, конкретные обновления и указать правила перезагрузки компьютера при установке обновлений;
Get-WUApiVersion – получить версию агента Windows Update Agent на компьютере;
Get-WUHistory – вывести список установленных обновлений (история обновлений);
Get-WUInstallerStatus — проверка состояния службы Windows Installer;
Get-WUJob – запуска заданий обновления WUJob в Task Scheduler;
Get-WULastResults — даты последнего поиска и установки обновлений (LastSearchSuccessDate и LastInstallationSuccessDate);
Get-WURebootStatus — позволяет проверить, нужна ли перезагрузка для применения конкретного обновления;
Get-WUServiceManager – вывод источников обновлений;
Get-WUSettings – получить настройки клиента Windows Update;
Invoke-WUJob – удаленное вызов заданий WUJobs в Task Schduler для немедленного выполнения заданий PSWindowsUpdate.
Remove-WindowsUpdate – удалить обновление;
Remove-WUServiceManager – отключить Windows Update Service Manager;
Set-PSWUSettings – сохранить настройки модуля PSWindowsUpdate в XML файл;
Set-WUSettings – настройка параметров клиента Windows Update;
Update-WUModule – обновить модуль PSWindowsUpdate (можно обновить модуль на удаленном компьютере, скопировав его с текущего, или обновить из PSGallery);
Reset-WUComponents – позволяет сбросить настройка агента Windows Update на компьютере к настройкам по-умолчанию.

Чтобы проверить текущие настройки клиента Windows Update, выполните команду:

Get-WUSettings

ComputerName                                 : WKS22122
WUServer                                     : http://MS-WSUS:8530
WUStatusServer                               : http://MS-WSUS:8530
AcceptTrustedPublisherCerts                  : 1
ElevateNonAdmins                             : 1
DoNotConnectToWindowsUpdateInternetLocations : 1
TargetGroupEnabled                           : 1
TargetGroup                                  : WorkstationsProd
NoAutoUpdate                                 : 0
AUOptions                                    : 3 - Notify before installation
ScheduledInstallDay                          : 0 - Every Day
ScheduledInstallTime                         : 3
UseWUServer                                  : 1
AutoInstallMinorUpdates                      : 0
AlwaysAutoRebootAtScheduledTime              : 0
DetectionFrequencyEnabled                    : 1
DetectionFrequency                           : 4

В данном примере клиент Windows Update на компьютере настроен с помощью GPO на получение обновлений с локального сервера WSUS.

Команда
Reset-WUComponents –Verbose
позволяет сбросить все настройки агента Windows Update, перерегистрировать библиотеки и восстановить исходное состояние службы wususerv.

Управление обновлениями Windows на удаленных компьютерах через PowerShell

Практически все командлеты модуля PSWindowsUpdate позволяют управлять установкой обновлений на удаленных компьютерах. Для этого используется атрибут
-Computername Host1, Host2, Host3
. На удаленных компьютерах должен быть включен и настроен WinRM (вручную или через GPO).

Установите модуль PSWindowsUpdate на удаленных компьютерах и разрешите в файерволе доступ по динамическим RPC портам к процессу dllhost.exe. Можно использовать Invoke-Command для настройки модуля PSWindowsUpdate на удаленных компьютерах:

Invoke-Command -ComputerName $computer -ScriptBlock {Set-ExecutionPolicy RemoteSigned -force } Invoke-Command -ComputerName $computer -ScriptBlock {Import-Module PSWindowsUpdate; Enable-WURemoting}

Модуль PSWindowsUpdate можно использовать для удаленного управлений обновлениями Windows как на компьютерах в домене AD, так и в рабочей группе (потребует определенной настройки PowerShell Remoting)

Для удаленного управления обновлениями компьютерах, нужно добавить имена компьютеров доверенных хостов winrm, или настроить удаленное управление PSRemoting через WinRM HTTPS:

winrm set winrm/config/client ‘@{TrustedHosts="HOST1,HOST2,…"}’

Или с помощью PowerShell:
Set-Item wsman:localhostclientTrustedHosts -Value wsk-w10BO1 -Force

Получить список доступных обновлений Windows из PowerShell

Вывести список обновлений, доступных для данного компьютера на сервере обновлений можно с помощью команд Get-WindowsUpdate или Get-WUList.

Чтобы проверить список доступных обновлений на удаленном компьютере, выполните:

Get-WUList –ComputerName server2

Вы можете проверить, откуда должна получать обновления ваша ОС Windows. Выполните команду:

Get-WUServiceManager

ServiceID IsManaged IsDefault Name
--------- --------- --------- ----
8b24b027-1dee-babb-9a95-3517dfb9c552 False False DCat Flighting Prod
855e8a7c-ecb4-4ca3-b045-1dfa50104289 False False Windows Store (DCat Prod)
3da21691-e39d-4da6-8a4b-b43877bcb1b7 True True Windows Server Update Service
9482f4b4-e343-43b6-b170-9a65bc822c77 False False Windows Update

Как вы видите, компьютер настроен на получение обновлений с локального сервера WSUS (Windows Server Update Service = True). В этом случае вы должны увидеть список обновлений, одобренных для вашего компьютера на WSUS.

Если вы хотите просканировать ваш компьютер на серверах Microsoft Update (кроме обновлений Windows на этих серверах содержатся обновления Office и других продуктов) в Интернете, выполните команду:

Get-WUlist -MicrosoftUpdate

Вы получаете предупреждение:

Get-WUlist : Service Windows Update was not found on computer

Чтобы разрешить сканирование на Microsoft Update, выполните команду:

Add-WUServiceManager -ServiceID "7971f918-a847-4430-9279-4a52d1efe18d" -AddServiceFlag 7

Теперь можете выполнить сканирование на Microsoft Update. Как вы видите, в данном случае были найдены дополнительные обновления для Microsoft Visual C++ 2008 и Microsoft Silverlight.

Чтобы проверить версию агента Windows Update на компьютере, выполните команду:

Get-WUApiVersion

ComputerName PSWindowsUpdate PSWUModuleDll ApiVersion WuapiDllVersion
------------ --------------- ------------- ---------- ---------------
FS01 2.2.0.2 2.2.0.2 8.0 10.0.19041.1320

Чтобы убрать определенные продукты или конкретные KB из списка обновлений, которые получает ваш компьютер, вы их можете исключить по:

Категории (-NotCategory);
Названию (-NotTitle);
Номеру обновления (-NotKBArticleID).

Например, исключим из списка обновления драйверов, OneDrive и одну конкретную KB:

Get-WUlist -NotCategory "Drivers" -NotTitle OneDrive -NotKBArticleID KB4533002

Установка обновлений Windows с помощью Install-WindowsUpdate

Чтобы автоматически загрузить и установить все доступные обновления для вашей версии Windows с серверов Windows Update (вместо локального WSUS), выполните:

Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot

Ключ AcceptAll включает одобрение установки для всех пакетов, а AutoReboot разрешает автоматическую перезагрузку Windows после установки обновлений.

Также можно использовать следующе параметры:

IgnoreReboot – запретить автоматическую перезагрузку;
ScheduleReboot – задать точное время перезагрузки компьютера.

Можете сохранить историю установки обновлений в лог файл (можно использовать вместо WindowsUpdate.log).

Install-WindowsUpdate -AcceptAll -Install -AutoReboot | Out-File "c:$(get-date -f yyyy-MM-dd)-WindowsUpdate.log" -force

Можно установить только конкретные обновления по номерам KB:

Get-WindowsUpdate -KBArticleID KB2267602, KB4533002 -Install

В данном случае нужно подтверждать установку каждого обновления вручную.
Если вы хотите исключить некоторые обновления из списка на установку, выполните:

Install-WindowsUpdate -NotCategory "Drivers" -NotTitle OneDrive -NotKBArticleID KB4011670 -AcceptAll -IgnoreReboot

Модуль позволяет удаленно запустить установку обновлений сразу на нескольких компьютерах или серверах (на компьютерах должен присутствовать модуль PSWindowsUpdate). Это особенно удобно, так как позволяет администратору не заходить вручную на все сервера во время плановой установки обновлений. Следующая команда установит все доступные обновление на трех удаленных серверах:

ServerNames = “server1, server2, server3” Invoke-WUJob -ComputerName $ServerNames -Script {ipmo PSWindowsUpdate; Install-WindowsUpdate -AcceptAll | Out-File C:WindowsPSWindowsUpdate.log } -RunNow -Confirm:$false -Verbose -ErrorAction Ignore

Командлет Invoke-WUJob (ранее командлет назывался Invoke-WUInstall) создаст на удаленном компьютере задание планировщика, запускаемое от SYSTEM. Можно указать точное время для установки обновлений Windows:

Invoke-WUJob -ComputerName $ServerNames -Script {ipmo PSWindowsUpdate; Install-WindowsUpdate –AcceptAll -AutoReboot | Out-File C:WindowsPSWindowsUpdate.log } -Confirm:$false -TriggerDate (Get-Date -Hour 20 -Minute 0 -Second 0)

Можно установить обновления на удаленном компьютере и отправить email отчет администратору:

Install-WindowsUpdate -ComputerName server1 -MicrosoftUpdate -AcceptAll - IgnoreReboot -SendReport –PSWUSettings @{SmtpServer="smtp.winitpro.ru";From="[email protected]";To="[email protected]";Port=25} -Verbose

Проверить статус задания установки обновления можно с помощью Get-WUJob:

Get-WUJob -ComputerName $ServerNames

Если команда вернет пустой список, значит задача установки на всех компьютерах выполнена.

Просмотр истории установленных обновлений Windows (Get-WUHistory)

С помощью команды Get-WUHistory вы можете получить список обновлений, установленных на компьютере ранее автоматически или вручную.

Можно получить информацию о дате установки конкретного обновления:

Get-WUHistory| Where-Object {$_.Title -match "KB4517389"} | Select-Object *|ft

Чтобы получить информацию об наличии установленного обновления на нескольких удаленных компьютерах, можно воспользоваться таким кодом:

"server1","server2" | Get-WUHistory| Where-Object {$_.Title -match "KB4011634"} | Select-Object *|ft

Проверить, нужна ли перезагрузка компьютеру после установки обновления:

Get-WURebootStatus –ComputerName WKS80JT

Проверьте значение атрибутов
RebootRequired
и
RebootScheduled
.

Получить дату последней установки обновлений на всех компьютерах в домене можно с помощью командлета Get-ADComputer из модуля AD PowerShell:

$Computers=Get-ADComputer -Filter {enabled -eq "true" -and OperatingSystem -Like '*Windows*' } Foreach ($Computer in $Computers) { Get-WULastResults -ComputerName $Computer.Name|select ComputerName, LastSearchSuccessDate, LastInstallationSuccessDate }

По аналогии можно найти компьютеры, которые не устаналивали обновления более 40 дней и вывести результат в графическую таблицу Out-GridView:

[email protected]() Foreach ($Computer in $Computers) { $result+= Get-WULastResults -ComputerName $Computer.Name } $result| Where-Object { $_.LastInstallationSuccessDate -lt ((Get-Date).AddDays(-30)) }| Out-GridView

Удаление обновлений в Windows с помощью Remove-WindowsUpdate

Для корректного удаления обновлений используется командлет Remove-WindowsUpdate. Вам достаточно указать номер KB в качестве аргумента параметра KBArticleID. Чтобы отложить автоматическую перезагрузку компьютера можно добавить ключ
–NoRestart
:

Remove-WindowsUpdate -KBArticleID KB4011634 -NoRestart

Как скрыть ненужные обновления Windows с помощью PowerShell (Hide-WindowsUpdate)?

Вы можете скрыть определенные обновления, чтобы они никогда не устанавливались службой обновлений Windows Update на вашем компьютер (чаще всего скрывают обновления драйверов). Например, чтобы скрыть обновления KB2538243 и KB4524570, выполните такие команды:

$HideList = "KB2538243", "KB4524570" Get-WindowsUpdate -KBArticleID $HideList -Hide

или используйте alias:

Hide-WindowsUpdate -KBArticleID $HideList -Verbose

Теперь при следующем сканировании обновлений с помощью команды
Get-WUlist
скрытые обновления не будут отображаться в списке доступных для установки патчей.

Вывести список обновлений, которые скрыты на данном компьютере можно так:

Get-WindowsUpdate –IsHidden

Обратите внимание, что в колонке Status у скрытых обновлений появился атрибут H (Hidden).

Отменить скрытие некоторых обновлений можно так:

Get-WindowsUpdate -KBArticleID $HideList -WithHidden -Hide:$false

или так:

Show-WindowsUpdate -KBArticleID $HideList

Для тех, кто себя некомфортно чувствует в консоли PowerShell, для управления обновлениями Windows 10 могу порекомендовать графическую утилиту Windows Update MiniTool.

Источник

Windows 10 updates happen automatically or manually through the Windows Update settings. However, if you try to patch a new installation or create a custom script to automate the process, you can use commands to download and install missing patches with “PSWindowsUpdate” on PowerShell.

PSWindowsUpdate is a community module by Michal Gajda, available through the PowerShell Gallery. It includes the components to make it easy to check, download, and install quality updates on Windows 10.

In this guide, you’ll learn the steps to check and install updates for Windows 10 using PowerShell.

Update Windows 10 from PowerShell
Manage updates with PowerShell

To check and install updates with PowerShell, use these steps:

Open Start on Windows 10.
Search for PowerShell, right-click the top result, and select the Run as administrator option.
Type the following command to install the module to run Windows Update and press Enter:
```
Install-Module PSWindowsUpdate
```
Quick note: After installing the module, you no longer need to repeat step No. 3 to use the module and manage updates.
Type A and press Enter to confirm.
Type the following command to check for updates with PowerShell and press Enter:
```
Get-WindowsUpdate
```
Type the following command to install the available Windows 10 updates and press Enter:
```
Install-WindowsUpdate
```
Type A and press Enter to confirm.

Once you complete the steps, the latest cumulative updates will download and install on your computer.

Manage updates with PowerShell

The PSWindowsUpdate module includes many options that you can use to manage updates. You can always use the Get-Command –Module PSWindowsUpdate command to query a list of the available commands.

For example, the following steps will download, install, and then reboot the computer to complete the update process:

Open Start.
Search for PowerShell, right-click the top result, and select the Run as administrator option.
Type the following command to download and install all the available updates and reboot the system, and press Enter:
```
Get-WindowsUpdate -AcceptAll -Install -AutoReboot
```

After completing the steps, Windows 10 will download and install all the available updates, rebooting the computer to apply the changes automatically.

Install specific update command

To download and install a specific update on Windows 10 from PowerShell, use these steps:

Open Start.
Search for PowerShell, right-click the top result, and select the Run as administrator option.
Type the following command to list the available updates along with their KB numbers with PowerShell and press Enter:
```
Get-WindowsUpdate
```
Type the following command to download, install a specific update, reboot the system, and press Enter:
```
Get-WindowsUpdate -Install -KBArticleID 'KB5021233'
```
In the command, replace “KB5021233” with the KB name of the update you want to install.

Once you complete the steps, in this case, Windows 10 will download and install update KB5021233 on your device.

Windows 10 comes with the Windows Update Provider, but it has limited options compared to the PSWindowsUpdate module, and it’s more complicated to use.

We may earn commission for purchases using our links to help keep offering the free content. Privacy policy info.

All content on this site is provided with no warranties, express or implied. Use any information at your own risk. Always backup of your device and files before making any changes. Privacy policy info.

Источник

Installing Windows Updates manually can be a drag. Why not automate the entire process with PowerShell? Get started controlling Windows updates with the PSWindowsUpdate module in PowerShell!

In this tutorial, you will learn how to download and install updates on your Windows machine through PowerShell.

Prerequisites

This tutorial uses Windows 10 Build 19042 for demonstrations throughout this tutorial, but older ones, such as Windows 7 and 8.1, will work.

Installing the PSWindowsUpdate Module

The PSWindowsUpdate module is a third-party module available in PowerShell Gallery that lets you manage Windows updates from the PowerShell console. The PowerShell Gallery is the central repository where you can find and share PowerShell modules.

With the PSWindowsUpdate module, you can remotely check, install, update and remove updates on Windows servers and workstations. But first, you need to install the PSWindowsUpdate module on your machine.

1. Open PowerShell as administrator.

2. Run the Install-Module command to download and install the PSWindowUpdate module from the PowerShell gallery repository. The -Force parameter tells the command to ignore prompt messages and continue installing the module.

Install-Module -Name PSWindowsUpdate -Force

If you’re on an older version of Windows, you can download the PSWindowsUpdate module manually.

3. Next, run the Import-Module command below to import the PSWindowsUpdate module to PowerShell’s current session. Once imported, you can then use the module to manage Windows updates on your machine.

You may run into an error importing the module for the first time saying “The specified module ‘PSWindowsUpdate’ was not loaded”. In that case, you must allow executing scripts on your machine.

Run the command Set-ExecutionPolicy -ExecutionPolicy RemoteSigned to enable execute remote scripts on your computer. Now try importing the PSWindowsUpdate module again.

Import-Module PSWindowsUpdate

4. Finally, run the command below to see all commands (Get-Command) available for the PSWindowsUpdate module. Some of these commands are what you will use to manage Windows updates on your machine. Get-Command -Module PSWindowsUpdate

Get-Command -Module PSWindowsUpdate

Checking for Available Windows Updates

With the PSWindowsUpdate module installed, you can now run a command to list the updates available for your computer before installing them. Checking the list of updates is a good practice to avoid installing an update you don’t need.

Run the Get-WindowsUpdate command to list all the Windows updates

Below, you can see the list of available Windows updates along with their Knowledge-Base (KB) numbers. Take note of any KB number of a Windows update that you may want to prevent installing later, perhaps one that you deem not important.

Listing Available Windows Updates

Perhaps you also want to check where Windows gets an update from to see if the source is trustworthy. If so, the Get-WUServiceManager command will do the trick.

Run the Get-WUServiceManager to show the list of available update services.

There’s no official documentation about the update the sources, but each is defined below:

Microsoft Update – the standard update source
DCat Flighting Prod – an alternative MS supdate ource for specific flighted update items (from previews, etc)
Windows Store (DCat Prod) – normally just Windows Store, but has Dcat Prod when for insider preview PC
Windows Update – an older update source for Windows Vista and older Windows OS.

Showing where Windows Gets Updates

Excluding Windows Updates from Installing

Now you’ve seen the Windows updates available, perhaps you prefer not to install some of them on your computer. In that case, you can choose not to install them by hiding them.

Run the Hide-WindowsUpdate command below to hide a Windows update tagged with the specified KB number (-KBArticleID KB4052623). You can specify the KB number you took note of in the “Checking for Available Windows Updates” section instead.

PowerShell will ask for your confirmation before executing the command. Confirm the command with the “A” key, then press Enter.

	Hide-WindowsUpdate -KBArticleID KB4052623

Hiding an Update Based on the Update’s KB Number

If you change your mind and want to install the update in the future, you can show the update similar to how you hid the update. To show the update, run the Show-WindowsUpdate command along with the update’s KB number, like this: Show-WindowsUpdate -KBArticleID KB4052623

Installing Windows Updates

Now that you can discover and exclude some updates from installing, let’s now check out how to install them.

But before installing updates, checking if updates require a system reboot is a good practice. Why? Knowing whether the Windows updates require a reboot beforehand tells you to save all your work and complete other ongoing installations before diving to the Windows update.

Now run the Get-WURebootStatus command to determine if any of the Windows updates require a reboot. The command returns either True or False value to indicate the reboot status

Below, you can see the command returned a False value, which indicates a reboot is not required. So go nuts and install the updates you deem are necessary.

Checking if Reboot is Required After Installing Windows Updates

Downloading and Installing All Available Updates

If you’re not picky when it comes to updates, running the Install-WindowsUpdate command on its own lets you install all available Windows updates. But perhaps, you want to install the updates without having to accept prompts. If so, you need to add the -AcceptAll parameter as shown below.

Run the Install-WindowsUpdate command below to install all available Windows updates. The -AcceptAll parameter tells the command to suppress prompts and continue installing all updates.

If you prefer to reboot your computer once the installation is completed automatically, add the -AutoReboot parameter.

Install-WindowsUpdate -AcceptAll -AutoReboot

Installing All Windows Updates

If you prefer to install selected updates only, add the -KBArticleID parameter in the Install-WindowsUpdate command, followed by the update’s KB number, like this: Install-WindowsUpdate -KBArticleID KB2267602

Checking Windows Update History

Now you have installed windows updates on your computer, but perhaps something has gone wrong during the installation. If so, you can check your update history using the Get-WUHistory command. The Get-WUHistory prints out all the installed updates to the console with their installation result.

Run the Get-WUHistory command below to check Windows update history.

Below, you can see that most of the updates have the Succeeded result status, while some have InProgress status.

Viewing Windows Update History

Uninstalling Windows Updates

There are times when you install an update you don’t deem important at the moment, or there are updates you suspect of causing an issue on your system. In those times, you can properly uninstall the updates with the Remove-WindowsUpdate command.

Run the Remove-WindowsUpdate command below to uninstall a Windows update tagged with a specific KB number (-KBArticleID KB2267602).

PowerShell will require confirmation before executing the command. Press the “A” key and hit enter to confirm the command.

Remove-WindowsUpdate -KBArticleID KB2267602

Uninstalling Windows Updates

Conclusion

Throughout this tutorial, you’ve learned about the PSWindowsUpdate Module. You’ve also gone through selectively installing and uninstalling Windows updates.

You’ve learned that you have full control over the Windows updates with PowerShell. Now, would you prefer installing updates in PowerShell over a GUI method? Perhaps learn more about building a Windows update report?

Источник

September 2, 2020
Last updated on May 6, 2022

As is well known, keeping systems updated is essential to protecting enterprises from malicious attacks and security breaches that may compromise confidential information or even cause sensitive data losses.

Installing Windows update patches has always been a tedious, complex, and long process. Although Microsoft eases these procedures through tools such as Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM), administrators still require command-line tools to automate the installation of the update in certain scenarios. The PowerShell Windows Update module, or PSWindowsUpdate, is one such tool.

How to install PSWindowsUpdate

PSWindowsUpdate is a third-party module that is not integrated into Windows by default. It can be downloaded from the PowerShell gallery, the most used repository for sharing PowerShell code. This module includes different cmdlets to manage the deployment of Windows updates from the command line.

Download the latest PSWindowsUpdate version from the PowerShell gallery.
**Previous versions of the module are also available in the Microsoft Technet Gallery, but Microsoft has retired this repository and now remains in read-only mode.

Create a new folder named “PSWindowsUpdate” in %WINDIR%System32WindowsPowerShellv1.0Modules and extract the content of the nupkg file.
**A NuGet package is a ZIP archive with some extra files. Some browsers, like Internet Explorer, automatically replace the .nupkg file extension with .zip

Open an elevated PowerShell prompt and run Set-ExecutionPolicy RemoteSigned to allow the execution of scripts signed by a trusted publisher.

Install Import-Module -Name PSWindowsUpdate.

If the PowerShell setup is already configured to allow online downloads, the PSWindowsUpdate module can also be installed directly from the online repository (PSGallery) running Install-Module -Name PSWindowsUpdate.

Commands in PSWindowsUpdate

Installed aliases and cmdlets can be displayed by typing Get-Command–module PSWindowsUpdate.

A brief description of principal commands is described below:

Get-WindowsUpdate: This is the main cmdlet of the module. It lists, downloads, installs, or hides a list of updates meeting predefined requisites and sets the rules of the restarts when installing the updates.

Remove-WindowsUpdate: Uninstalls an update.

Add-WUServiceManage: Registers a new Windows Update API Service Manager.

Get-WUHistory: Shows a list of installed updates.

Get-WUSettings: Gets Windows Update client settings.

Get-WUInstallerStatus: Gets Windows Update Installer Status, whether it is busy or not.

Enable-WURemoting: Enables firewall rules for PSWindowsUpdate remoting.

Invoke-WUJob: Invokes PSWindowsUpdate actions remotely.

Clear-WUJob: Clears the WUJob in Task Scheduler.

Get-WUInstall, Install-WindowsUpdate (alias for Get-WindowsUpdate –Install): Installs Windows updates.

Uninstall-WindowsUpdate: Removes updates using the Remove-WindowsUpdate command.

Get-WULastResults: Gets the dates for the last search and installation of updates.

Get-WURebootStatus: Checks if a reboot is needed to apply an update.

Remove-WUServiceManager: Disables the Windows Update Service Manager.

Set-PSWUSettings: Saves settings of the PSWindowsUpdate module to an XML file.

Set-WUSettings: Configures the Windows Update client’s settings.

Reset-WUComponents: Resets the Windows Update agent to its default state.

Like for all PowerShell cmdlets, different usage examples can be shown for each command by typing Get-Help “command” -examples.

PSWindowsUpdate Main Parameters

The previous section shows that the PSWindowsUpdate module includes different predefined aliases to ease patching processes. However, the main parameters for the Get-WindowsUpdate cmdlet will be listed and explained below:

Filtering Updates:

AcceptAll: Downloads or installs all available updates.
KBArticleID: Finds updates that contain a KBArticleID (or sets of KBArticleIDs).
UpdateID: Specifies updates with a specific UUID (or sets of UUIDs).
Category: Specifies updates that contain a specified category name, such as ‘Updates,’ ‘Security Updates’ or ‘Critical Updates’.
Title: Finds updates that match part of title.
Severity: Finds updates that match part of severity, such as ‘Important,’ ‘Critical’ or ‘Moderate’.
UpdateType: Finds updates with a specific type, such as ‘Driver’ and ‘Software.’ Default value contains all updates.

Actions and Targets:

Download: downloads approved updates but does not install them.
Install: installs approved updates.
Hide: hides specified updates to prevent them to being installed.
ScheduleJob: specifies date when job will start.
SendReport: sends a report from the installation process.
ComputerName: specifies target server or computer.

Client Restart Behavior:

AutoReboot: automatically reboots system if required.
IgnoreReboot: suppresses automatic restarts.
ScheduleReboot: specifies the date when the system will be rebooted.

How to Avoid Accidental Installs

Windows updates and patches improve the features and stability of the system. However, some updates can mess up your system and cause instability, especially automatic updates for legacy software such as graphic card drivers. To avoid automatic updates and accidental installs for such applications, you can pause Windows updates.

Alternatively, you can hide the specific updates for those features you don’t want to get updated. When you hide the updates, Windows can no longer download and install such updates. Before you can hide the update, you need to find out its details, including its knowledge base (KB) number and title. Type the cmdlet below to list all the available updates on your system:

Get-WUList

To hide a specific update using the KB number, use your mouse to copy that KB number. Next, type the command below:

Hide-WUUpdate -KBArticleID KB_Number

Highlight the “KB_Number” and click paste to replace that part with the actual KB number.

When prompted to confirm the action, type A, and hit the Enter key. If the command succeeds, the “Get-WUList” lists all the available updates, with hidden updates appearing with the symbol “H” under their status.

The KB number for the update may not be available for some updates. In this case, you can use the title to hide the update. To do this, list all the available updates via the cmdlet below:

Get-WUList

Next, use your mouse to copy the update title. Ensure it is distinct from other update titles. Now, type below command below to hide the update:

Hide-WUUpdate -Title “Update_Title”

Don’t forget to paste the actual update title in the “Update Title” section.

When prompted to confirm the action, type A, and hit the Enter key. If the command succeeds, the “Get-WUList” lists all the available updates. However, the status of hidden updates appears with the symbol “H” underneath them.

How to Determine Errors

It is of crucial importance to have as much information as possible about Windows Updates installation processes in order to be able to fix erroneous deployments. The Get-WindowsUpdate cmdlet and the rest of the cmdlets available in the module provide a very detailed log level when managing updates, including status, KB ID, Size, or Title.

Centralizing all of the computer logs and analyzing them to search for errors, administrators will always be able to know the patch level of their Windows computers and servers.

Check and Download Windows Updates with PowerShell

You can use PowerShell to check and download Windows updates from a server set up with Windows Server Update Services (WSUS).

To check where a computer gets its updates from, run the Get-WUServiceManager command. If you see a Windows Server Update Service = True in the results, that means that it is set to receive updates from your WSUS server.

To get a list of updates for a remote server or computer, run Get-WUList –Computername computername. For example, Get-WUList –ComputerName server1.

If you need updates for Microsoft Office and other Microsoft products, you can also scan for updates from Microsoft Update servers by running Get-WUList –MicrosoftUpdate. If you get a warning, run Add-WUServiceManager -ServiceID “7971f918-a847-4430-9279-4a52d1efe18d” -AddServiceFlag 7, then run the command again.

To install all updates without getting approval prompts for each package, run Install-WindowsUpdate –AcceptAll. To ignore reboots at the end without a prompt, add an –IgnoreReboot switch at the end, e.g., Install-WindowsUpdate –AcceptAll –IgnoreReboot.

Install Windows Updates on Remote Computers with PowerShell

You can use PowerShell to install updates to multiple remote servers simultaneously, so long as PSWindowsUpdate is also installed on the servers. To install Windows Updates on two remote servers, for example, you need to run:

Invoke-WUInstall -ComputerName server1, server2-Script {ipmo PSWindowsUpdate; Get-WUInstall -AcceptAll -AutoReboot | Out-File C:WindowsPSWindowsUpdate.log } -Confirm:$false -Verbose -SkipModuleTest –RunNow

Flexible PowerShell management with Parallels RAS

Parallels® Remote Application Server (RAS) is a remote work solution that provides 24/7 virtual access to applications and desktops from any device.

Many administrators decide to build their Parallels RAS farms based on templates to optimize the new machine’s deployment time and management efforts. When working with templates and cloning techniques, patching procedures are only done once in the master image. Deploying new machines based on the updated template will upgrade the environment within minutes.

Parallels RAS PowerShell SDK (Software Development Kit) includes a complete set of tools to manage and configure RAS farms, including specific cmdlets to create templates from existing virtual machines or deploy new machines based on those templates. By combining these commands with the PSWindowsUpdate PowerShell module, administrators will be able to automate the complete patching process of their infrastructure servers and their template-based machines.

Different RAS cmdlets can be used to automate the updates installation processes, as seen in this example: Parallels RAS PowerShell – VDI Example.

The complete set of RAS commands is available here: Parallels RAS PowerShell Reference.

See how Parallels RAS can simplify the Windows Updates management process!

Download the Trial

Источник

You can use the PSWindowsUpdate PowerShell module to manage Windows updates from the command line. The PSWindowsUpdate module is not built into Windows and is available for installation from the PowerShell Gallery repository. PSWindowsUpdate allows administrators to remotely check, install, remove, and hide updates on Windows servers and workstations. The PSWindowsUpdate module is especially valuable to manage updates on Windows Server Core or Hyper-V Server (which don’t have a GUI), and when configuring a Windows image in the audit mode.

Contents:

Installing the PSWindowsUpdate Module
PSWindowsUpdate Cmdlets List
Scan and Download Windows Updates with PowerShell
Installing Windows Updates with PowerShell (Install-WindowsUpdate)
Install Windows Update on Remote Computers with PowerShell
Check Windows Update History with PowerShell (Get-WUHistory)
Uninstalling Windows Updates with PowerShell (Remove-WindowsUpdate)
How to Hide Windows Updates with PowerShell?

Installing the PSWindowsUpdate Module

You can install the PSWindowsUpdate module on Windows 10/11 and Windows Server 2022/2019/2016 from the online repository (PSGallery) using the PackageManagement with a single command:

Install-Module -Name PSWindowsUpdate -Force

After the installation is complete, you need to check the package:

Get-Package -Name PSWindowsUpdate

When installing the PowerShell module on earlier versions of Windows 2012R2/Windows 8.1 and below, you may receive an error:

Install-Module: Unable to download from URI.Unable to download the list of available providers. Check your internet connection.

To install the module, you need to use the TLS 1.2 protocol for connection. Enable it for the current PowerShell session with the command:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

PowerShell Install-Module Error: Unable to Download from URI

If you have an older Windows version (Windows 7/8.1/Windows Server 2008 R2/2012 R2) or you don’t have direct Internet access, you can install PSWindowsUpdate manually (check the guide “How to install PowerShell modules offline?”).

Download the PSWindowsUpdate module to any online computer: Save-Module –Name PSWindowsUpdate –Path C:ps;
Copy the module to the following folder on the target computer %WINDIR%System32WindowsPowerShellv1.0Modules;
Configure the PowerShell script execution policy: Set-ExecutionPolicy –ExecutionPolicy RemoteSigned -force
You can now import the module into your PowerShell session: Import-Module PSWindowsUpdate

Note. In Windows 7/Windows Server 2008 R2, when importing the PSWindowsUpdate module, the following error may appear: The term “Unblock-File” is not recognized as the name of a cmdlet. The cause is that the module uses some functions that appeared only in PowerShell 3.0. To use these functions, you will have either to update the PowerShell version or delete the | Unblock-File line from the PSWindowsUpdate.psm1 file manually.

After installing the PSWindowsUpdate module on your computer, you can remotely install it on other computers or servers using the Update-WUModule cmdlet. For example, to copy the PSWindowsUpdate module from your computer to two remote hosts, run the commands (you need access to the remote servers via the WinRM protocol):

$Targets = "lon-fs02", "lon-db01" Update-WUModule -ComputerName $Targets –Local

To save (export) the PoSh module to a shared network folder for further importing on other computers, run:

Save-Module -Name PSWindowsUpdate –Path \lon-fs02psmodules

PSWindowsUpdate Cmdlets List

You can display the list of available cmdlets in the PSWindowsUpdate module as follows:

get-command -module PSWindowsUpdate

Let’s describe the usage of the module commands in brief:

Clear-WUJob – use the Get-WUJob to clear the WUJob in Task Scheduler;
Download-WindowsUpdate (alias for Get-WindowsUpdate –Download) — get a list of updates and download them;
Get-WUInstall, Install-WindowsUpdate (alias for Get-WindowsUpdate –Install) – install Windows updates;
Hide-WindowsUpdate (alias for Get-WindowsUpdate -Hide:$false) – hide update;
Uninstall-WindowsUpdate – remove update using the Remove-WindowsUpdate;
Add-WUServiceManager – register the update server (Windows Update Service Manager) on the computer;
Enable-WURemoting — enable Windows Defender firewall rules to allow remote use of the PSWindowsUpdate cmdlets;
Get-WindowsUpdate (Get-WUList) — displays a list of updates that match the specified criteria, allows you to find and install the updates. This is the main cmdlet of the PSWindowsUpdate module. Allows to download and install updates from a WSUS server or Microsoft Update. Allows you to select update categories, specific updates and set the rules of a computer restart when installing the updates;
Get-WUApiVersion – get the Windows Update Agent version on the computer;
Get-WUHistory – display a list of installed updates (update history);
Get-WUInstallerStatus — check the Windows Installer service status;
Get-WUJob – check for WUJob update tasks in the Task Scheduler;
Get-WULastResults — dates of the last search and installation of updates (LastSearchSuccessDate and LastInstallationSuccessDate);
Get-WURebootStatus — allows you to check whether a reboot is needed to apply a specific update;
Get-WUServiceManager – list update sources;
Get-WUSettings – get Windows Update client settings;
Invoke-WUJob – remotely call WUJobs task in the Task Scheduler to immediately execute PSWindowsUpdate commands;
Remove-WindowsUpdate – allows to uninstall an update by KB ID;
Remove-WUServiceManager – disable Windows Update Service Manager;
Set-PSWUSettings – save PSWindowsUpdate module settings to the XML file;
Set-WUSettings – configure Windows Update client settings;
Update-WUModule – update the PSWindowsUpdate module (you can update the module on a remote computer by copying it from the current one, or updating from PSGallery);
Reset-WUComponents – allows you to reset the Windows Update agent on the computer to the default state.

To check the current Windows Update client settings, run the command:

Get-WUSettings

ComputerName                                 : WKS5S2N39S2
WUServer                                     : http://MN-WSUS:8530
WUStatusServer                               : http://MN-WSUS:8530
AcceptTrustedPublisherCerts                  : 1
ElevateNonAdmins                             : 1
DoNotConnectToWindowsUpdateInternetLocations : 1
TargetGroupEnabled                           : 1
TargetGroup                                  : ServersProd
NoAutoUpdate                                 : 0
AUOptions                                    : 3 - Notify before installation
ScheduledInstallDay                          : 0 - Every Day
ScheduledInstallTime                         : 3
UseWUServer                                  : 1
AutoInstallMinorUpdates                      : 0
AlwaysAutoRebootAtScheduledTime              : 0
DetectionFrequencyEnabled                    : 1
DetectionFrequency                         : 4

In this example, the Windows Update agent on the computer is configured with a GPO to receive updates from the local WSUS server.

The Reset-WUComponents -Verbose cmdlet allows you to reset all Windows Update Agent settings, re-register libraries, and restore the wususerv service to its default state.

Scan and Download Windows Updates with PowerShell

You can list the updates available for the current computer on the update server using the Get-WindowsUpdate or Get-WUList commands.

To check the list of available updates on a remote computer, run this command:

Get-WUList –ComputerName server2

You can check where your Windows should receive updates from. Run the following command:

Get-WUServiceManager

ServiceID IsManaged IsDefault Name
--------- --------- --------- ----
8b24b027-1dee-babb-9a95-3517dfb9c552 False False DCat Flighting Prod
855e8a7c-ecb4-4ca3-b045-1dfa50104289 False False Windows Store (DCat Prod)
3da21691-e39d-4da6-8a4b-b43877bcb1b7 True True Windows Server Update Service
9482f4b4-e343-43b6-b170-9a65bc822c77 False False Windows Update

As you can see, the computer is configured to receive updates from the local WSUS server (Windows Server Update Service = True). In this case, you should see a list of updates approved for your computer.

If you want to scan your computer against Microsoft Update servers on the Internet (in addition to Windows updates, these servers contain Office and other Microsoft product updates), run this command:

Get-WUlist -MicrosoftUpdate

You will get this warning:

Get-WUlist : Service Windows Update was not found on computer. Use Get-WUServiceManager to get registered service.

To allow scanning on Microsoft Update, run this command:

Add-WUServiceManager -ServiceID "7971f918-a847-4430-9279-4a52d1efe18d" -AddServiceFlag 7

You can now scan against Microsoft Update. In this case, additional updates were found for Microsoft Visual C ++ 2008 and Microsoft Silverlight.

To check the version of the Windows Update Agent on the computer, run the command:

Get-WUApiVersion

ComputerName PSWindowsUpdate PSWUModuleDll ApiVersion WuapiDllVersion
------------ --------------- ------------- ---------- ---------------
DESKTOP-J... 2.1.1.2 2.2.0.2 8.0 10.0.19041.1320

To remove specific products or KBs from the list of updates received by your computer, you can exclude them by:

Category (-NotCategory);
Title (-NotCategory);
Update number (-NotKBArticleID).

For example, let’s exclude OneDrive, driver updates, and the specific KB from the list:

Get-WUlist -NotCategory "Drivers" -NotTitle "OneDrive" -NotKBArticleID KB4489873

Installing Windows Updates with PowerShell (Install-WindowsUpdate)

To automatically download and install all available updates for your Windows device from Windows Update servers (instead of local WSUS), run the command:

Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot

The AcceptAll parameter accepts the installation of all update packages, and AutoReboot allows Windows to automatically restart after the updates are installed.

You can also use the following options:

IgnoreReboot – disable automatic reboot;
ScheduleReboot – set the exact time to restart the computer.

You can save the update installation history to a log file (you can use it instead of WindowsUpdate.log file).

Install-WindowsUpdate -AcceptAll -Install -AutoReboot | Out-File "c:logs$(get-date -f yyyy-MM-dd)-WindowsUpdate.log" -force

You can install only the specific update packages by KB numbers:

Get-WindowsUpdate -KBArticleID KB2267602, KB4533002 -Install

In this case, you need to confirm the installation of each update manually.

If you want to exclude certain updates from the installation list, run this command:

Install-WindowsUpdate -NotCategory "Drivers" -NotTitle OneDrive -NotKBArticleID KB4011670 -AcceptAll -IgnoreReboot

Install Windows Update on Remote Computers with PowerShell

The PSWindowsUpdate module allows you to install updates remotely on multiple workstations or servers at once (the PSWindowsUpdate must be installed/imported on these computers). This is very convenient because the administrator doesn’t have to manually log on to remote Windows hosts to install updates. WinRM must be enabled and configured on remote computers (manually or via GPO).

Almost all PSWindowsUpdate module cmdlets allow you to manage and install Windows updates on remote computers with the –Computername attribute.

Install the PSWindowsUpdate module on remote computers and allow access via dynamic RPC ports to the dllhost.exe process in the Windows Defender Firewall. You can use the Invoke-Command cmdlet to configure the PSWindowsUpdate module on remote computers:

$Targets = "lon-fs02", "lon-db01" Invoke-Command -ComputerName $Target -ScriptBlock {Set-ExecutionPolicy RemoteSigned -force } Invoke-Command -ComputerName $Target -ScriptBlock {Import-Module PSWindowsUpdate; Enable-WURemoting}

The PSWindowsUpdate module can be used to remotely manage Windows updates both on computers in an AD domain and in a workgroup (requires PowerShell Remoting configuration for workgroup environment).

In order to manage updates on remote computers, you need to add hostnames to your winrm trusted host list or configure PowerShell Remoting (WinRM) via HTTPS:

winrm set winrm/config/client '@{TrustedHosts="server1,server2,…"}'

Or with PowerShell :
Set-Item wsman:localhostclientTrustedHosts -Value server1 -Force

The following command will install all available updates on three remote Windows hosts:

$ServerNames = "server1, server2, server3" Invoke-WUJob -ComputerName $ServerNames -Script {ipmo PSWindowsUpdate; Install-WindowsUpdate -AcceptAll | Out-File C:WindowsPSWindowsUpdate.log } -RunNow -Confirm:$false -Verbose -ErrorAction Ignore

The Invoke-WUJob cmdlet (previously called Invoke-WUInstall) will create a scheduler task on the remote computer that runs under a local SYSTEM account.

You can specify the exact time to install Windows updates:

You can check the status of the update installation task using the Get-WUJob:

Get-WUJob -ComputerName $ServerNames

If the command returns an empty list, then the update installation task on all computers has been completed.

You can install updates on a remote computer and send an email report to the administrator:

Install-WindowsUpdate -ComputerName nysrv1 -MicrosoftUpdate -AcceptAll - IgnoreReboot -SendReport –PSWUSettings @{SmtpServer="smtp.woshub.com";From="update_alert@woshub.com";To="wsus_admin@woshub.com";Port=25} -Verbose

Check Windows Update History with PowerShell (Get-WUHistory)

Using the Get-WUHistory cmdlet, you can get the list of updates installed on a computer earlier automatically or manually.

You can get the information about the installation date of a specific update:

Get-WUHistory| Where-Object {$_.Title -match "KB4517389"} | Select-Object *|ft

To find out if the specific update has been installed on multiple remote computers, you can use this PowerShell code:

"server1","server2" | Get-WUHistory| Where-Object {$_.Title -match "KB4011634"} | Select-Object *|ft

Check if the computer needs to be restarted after installing the update (pending reboot):

Get-WURebootStatus –ComputerName WKS21TJS

Check the value of the RebootRequired and RebootScheduled attributes.

You can generate a report with the dates when updates were last installed on all computers in the domain using the Get-ADComputer cmdlet (from the Active Directory for PowerShell module):

By analogy, you can find computers that have not installed updates for more than 60 days and display the result in the Out-GridView interactive table:

$result=@() Foreach ($Computer in $Computers) { $result+= Get-WULastResults -ComputerName $Computer.Name } $result| Where-Object { $_.LastInstallationSuccessDate -lt ((Get-Date).AddDays(-60)) }| Out-GridView

Uninstalling Windows Updates with PowerShell (Remove-WindowsUpdate)

You can use the Remove-WindowsUpdate cmdlet to correctly uninstall the updates with PowerShell. Just specify the KB number as an argument of the KBArticleID parameter. To delay automatic computer restart, add the –NoRestart option:

Remove-WindowsUpdate -KBArticleID KB4489873 -NoRestart

How to Hide Windows Updates with PowerShell?

You can hide the specific updates so they will be never installed by the Windows Update service on your computer (most often you need to hide the driver updates). For example, to hide the KB4489873 and KB4489243 updates, run these commands:
$HideList = "KB4489873", "KB4489243" Get-WindowsUpdate -KBArticleID $HideList –Hide

Now the next time you scan for updates using the Get-WUlist command, the hidden updates won’t be displayed in the list of updates available for installation.

This is how you can display the list of updates hidden on this computer:

Get-WindowsUpdate –IsHidden

Notice that the H (Hidden) attribute has appeared in the Status column of hidden updates.

To unhide some updates, run this command:

Get-WindowsUpdate -KBArticleID $HideList -WithHidden -Hide:$false

or:

Show-WindowsUpdate -KBArticleID $HideList

For those who feel uncomfortable in the PowerShell console, I would recommend a graphic Windows Update MiniTool to manage updates in Windows 10/11 and Windows Server 2022/2019.

Источник

Начиная с версии Windows 10 1709, PowerShell обзавелся несколькими командлетами позволяющими выполнить установку обновлений.

Содержание

Проверка Наличия Обновлений
Установка Доступных Обновлений
Дополнительные Командлеты
Итог

Проверка Наличия Обновлений

Прежде чем выполнить обновление, нужно убедиться в их наличии. Дальнейшие действия предполагают, что командная оболочка PowerShell была запущена от имени администратора (Win+X, выбрать в открывшемся меню пункт Windows PowerShell (администратор)).

Выполняем проверку наличия новых обновлений.

Start-WUScan

Если выполнение команды завершилось выводом списка обновлений, то значит данные обновления в системе отсутствуют. В противном случае обновлений необходимых для установки нет.

Установка Доступных Обновлений

Установка ранне найденных обновлений выполняется командлетом Install-WUUpdates. Но простой запуск данного командлета ничего не даст. Так же как и подстановка UpdateID в качестве аргумента.

В качестве аргумента командлет Install-WUUpdates ожидает массив объектов типа Microsoft.Management.Infrastructure.CimInstance[], или же любой другой объект который можно привести к данному типу.

Получить подходящий объект можно из вывода командлета Start-WUScan.

$wu = Start-WUScan

Переменная $wu в данном случае будет содержать массив объектов CimInstance. Как раз то, что необходимо командлету Install-WUUpdates.

Install-WUUpdates $wu

Учитывая все вышесказанное составим итоговую команду выполнения установки обновлений.

$wu = Start-WUScan; if ($wu) {$wu; Install-WUUpdates $wu} else {echo "Обновлений пока нет! :)"}

Данная команда запускает процесс получения списка обновлений в переменную $wu, и если список не пуст, то запускается командлет Install-WUUpdates с переданным списком ей списком $wu в качестве аргумента.

Запуск данной команды, при отсутствии доступных обновлений завершится соответствующим сообщением.

Выполнение процедуры по отдельности будет выглядеть следующим образом.

# Выпоолняем получение списка обновлений в переменную $wu
$wu = Start-WUScan

# Выводим содержимое переменной $wu чтобы убедиться в наличии в ней данных (обновлений)
$wu

# Выполняем установку обновлений при условии что переменная $wu не пуста
Install-WUUpdates $wu

Дополнительные Командлеты

Get-WUIsPendingReboot — проверяет, необходимо ли выполнять перезагрузку операционной системы после выполнения процедуры обновления. Возможные варианты вывода True (перезагрузка необходима) или False (перезагружать не нужно).

Get-WULastScanSuccessDate — выводит дату последнего сканирования обновлений выполненного через Центр обновления Windows.

Get-WULastInstallationDate — выводит дату последней установки обновлений выполненных через Центр обновления Windows.

Install-WUUpdates -DownloadOnly … — выполняет загрузку указанного списка обновлений без установки.

Итог

Темы освещенные в данной статье: Как выполнить обновление Windows 10 последних редакций штатными средствами через PowerShell. Как выполнить проверку наличия обновлений Windows 10 в PowerShell. Как выполнить установку обновлений командлетом Install-WUUpdates.

Источник

Windows 10 Powershell is a very powerful command-line tool.

With the latter, you can very easily download and install Windows Update.
This goes even further because you can control Windows Update such as restart expectations to install the updates.

This article gives you most of the Powershell commands and cmdlets to download and install Windows Update updates.

Introduction

There are two solutions for finding and installing PowerShell updates:

WindowsUpdateProvider: This group of cmdlets is included by default in Windows 10 and Windows Server 2018.
PSWindowsUpdate: Additional module which offers additional functionalities such as listing the update history.

This article details these two groups of Powershell commands.

To list and display the latest updates installed, the command to use is:

gwmi win32_quickfixengineering |sort installedon -desc

WindowsUpdateProvider

Here is the list of available commands:

Start-WUScan: Check for available updates.
Install-WUUpdates: Download and install updates.
Get-WUIsPendingReboot: Indicates if an update is waiting to install at the next reboot. It returns true in this case.
Get-WULastInstallationDate: Returns the date of the last installation of an update.
Get-WULastScanSuccessDate: Returns the date of the last successful Windows Update verification.
Get-WUAVersion: Returns the version of the Windows Update client.

Check for updates

The Start-WuScan command is used to check for updates.
If you do not specify any parameters, all updates that apply to the system will appear in the results.

To filter on software updates:

Start-WUScan -SearchCriteria "Type='Software' AND IsInstalled=0"

But it can work on a remote computer.

$u = Invoke-Command -ComputerName MonPC -ScriptBlock {Start-WUScan -SearchCriteria "UpdateId='' AND IsInstalled=1"} -Credential administrateuradmin

$ u then contains the list of available updates.

Install updates

Then we use the Powershell command Install-WUUpdates to install the update.

Then to install the pending updates.

$Updates = Start-WUScan
Write-Host "Updates Found: " $Updates.Count
Install-WUUpdates -Updates $Updates

Finally, the command to update a remote PC:

$cs = New-CimSession -ComputerName MonPc -Credential Credential admin admin
Install-WUUpdates -Updates $u -CimSession $cs

The parameter -DownloadOnly allows you to download the update without installing it.

Windows Update PowerShell Module

Installation

By default PowerShell does not allow you to control Windows Update.

But we can extend these functions by installing the Windows Update PowerShell Module.

Set-ExecutionPolicy -ExecutionPolicy Unrestricted
Import-Module PSWindowsUpdate

Powershell Command-List

Here are the Powershell cmdlets available to control Windows Update:

Download-WindowsUpdate (aka Get-WindowsUpdate -Download) : Download updates
Get-WUList: Get a list of available updates that meet certain criteria.
Get-WUInstall, Install-WindowsUpdate: Download and install updates.
Add-WUOfflineSync: Save the scanner service offline
Get-WUServiceManager: Display the configuration of the Service Manager.
Get-WUHistory: Get a list of previous updates.
Get-WUInstallerStatus: Check the status of the Windows Update installer.
Get-WURebootStatus: Check the restart status of Windows Update and offers to restart the PC.
Get-WUUninstall: Uninstall the update.
Hide-WindowsUpdate (alias Get-WindowsUpdate -Hide: $ false): hide an update.
Remove-WUOfflineSync: Unregister the offline scanner service.

Check for updates

Here is the Powershell command to list the Windows Update updates awaiting installation:

Get-WUlist

And to list the updates from a remote PC:

Get-WUList -ComputerName NomDeLaMachine

Install updates

Here is the command to install all the updates:

Install-WindowsUpdate -AcceptAll

And to force the restart:

Install-WindowsUpdate -AcceptAll -AutoReboot

But also to install specific updates in PowerShell:

Get-WindowsUpdate -KBArticleID KB2267602, KB4533002 -Install

And finally to exclude updates, here is the PowerShell command:

Install-WindowsUpdate -NotCategory "Drivers" -NotTitle OneDrive -NotKBArticleID KB4011670 -AcceptAll -IgnoreReboot

Install an update on a remote PC

And if you want to install Windows Update updates by PowerShell on remote PCs:

$Serveurs= "serveur1, serveur2, serveur3"
Invoke-WUJob -ComputerName $ServerNames -Script {ipmo PSWindowsUpdate; Install-WindowsUpdate -AcceptAll | Out-File C:WindowsPSWindowsUpdate.log } -RunNow -Confirm:$false

Block and Hide an update

$HideList = "KB4489873", "KB4489243"
Get-WindowsUpdate -KBArticleID $HideList –Hide

Finally to list the hidden updates:

Get-WindowsUpdate –IsHidden

Finally to unlock updates, here are two different Powershell commands:

Get-WindowsUpdate -KBArticleID $HideList -WithHidden -Hide:$false
Show-WindowsUpdate -KBArticleID $HideList

Uninstall an update

To uninstall an update with PowerShell, we use Get-WUUninstall:

Get-WUUninstall -KBArticleID KBXXX

Источник

Ways to Get Windows Update With PowerShell on Windows 10. – PowerShell options have occupied locations on the Win+X menu replacing Command prompt. Microsoft is emphasizing the use of this Command line shell on Windows 10. So let’s learn to use PowerShell to receive the Windows update on Windows 10. See a very interesting guide in this concern How to Create Restore Point on Windows 10 Using PowerShell.

PowerShell, however, was misunderstood to be the replacement for Command Prompt. This is why users did not use PowerShell as much as they use command prompt. There is nothing to be feared of while using the PowerShell. It has a completely different purpose except the inclusion and execution using commands thing in the former.You can update and upgrade your Windows version easily by using the PowerShell.

Launched in 2006, this tool has established itself to be the first choice for network administrators and advanced users altogether. Not just this, it has even extended its functionality by coming with the Linux versions as well. The Powershell, being a framework, targets to achieve configuration management and task automation. It consists of a command shell and a language based on the NET framework.

This article will tell you that how you can get Windows Update With PowerShell. So without wasting more time, let’s get started.

Section 1 – Installation of PowerShell Windows Update Module

Read the steps given below carefully to install this module on your system.

Step 1 – Go to Microsoft TechNet and download the zip file named PSWindowsupdate.zip from there.

Step 2 – Right click on the downloaded file and choose Extract all. This will make a separate folder for its components (file’s).

Step 3 – Select a destination or extract the Zip content (archive) to C: > Windows > System32 > WindowsPowerShell > v1.0 > Modules

Step 4 – After clicking extract, click on Continue on the Destination Folder Access Denied pop up.

Step 5 – Open elevated PowerShell (as an admin) and change the policy from Restricted to RemoteSigned. Just type in the following cmdlet:

Set-ExecutionPolicy RemoteSigned

Enter Y to accept the above-mentioned command. This will allow you to run scripts of PowerShell from any unknown publisher as well.

Step 6 - Import the PSWindowsUpdate module with the following command:

Import-Module PSWindowsUpdate

Step 7 – You can also get a complete list of all cmdlets for PSWindowsUpdate through the following command:

Get-Command-Module PSWindowsUpdate

Section 2 – Add Support for other products (Optional)

Step 1 – Go to the Settings app > update & Security > Windows Update > Advanced Options to change your preferences if you wish to receive updates to other Microsoft products while updating your Windows.

Enable the same facility in PSWindowsUpdate using the following command:

Add-WUServiceManager-ServiceID 7971f918-a847-4430-9279-4a52d1efe18d

Type Y to accept the command and entering it for execution

Section 3 – Check, Install or hide Windows Update with PowerShell anytime

Step 1 – To obtain the list of all the updates, type the following cmdlet:

Get-WUInstall-MicrosoftUpdate-ListOnly

Step 2 – To obtain/ check updates and feature upgrades that are available for Windows, type the following cmdlet.

Get-WUInstall-ListOnly

Step 3 – Simply filter the updates with the full or partial title of an update to hide it from the list.

Step 4 – Now type – Hide-WUUpdate-Title “Microsoft*”-Confirm: $ False

This command will hide all the updates having the work Microsoft in their title.

Step 5 – You can even hide any update using KB ID instead of using the title. Use the following command:

Hide-WUUpdate-KBArticleID “”KB4013867” –Confirm: $False

To unhide the updates or feature upgrades:

KB ID or using filters or titles can also unhide an update in the list. Use the following cmdlet for this:

Hide-WUUpdate-Title “Microsoft*”-HideStatus: $False-Confirm: $False

To install all updates with manually handling rejection and acceptance requests from each, use the following cmdlet:

Get-WUInstall

To add additional Microsoft updates, use:

Get-WUInstall-MicrosoftUpdate

Step 8 – Enter Y to accept and N to reject each update manually.

Step 9 – Without accepting manually, switch to the automatic mode by adding the parameter Autoboot or AutoAccept to the command to restart the system.

Get-WUInstall-MicrosoftUpdate-AcceptAll-AutoReboot

Step 10 – You can hide or unhide feature upgrades like Windows installer builds as we did for the case of updates (to hide them).

Section 4 – Uninstalling an Update or to Check the Update History

Step 1 – Enter the following command to check the update history anytime:

Get-WUHistory

Step 2 – Uninstall the updates using the following cmdlet:

Get-WUUninstall-KBArticleID “KB4013867”-Confirm: $False

Section 5 – To obtain Help (the final section)

PowerShell help is also available but you need to type certain cmdlets for that. For example, to get help about Hide-WUUpdate, type the following cmdlet.

Get-Help Hide-WUUpdate

Accept the command by entering Y in the prompt. Get-Help has to be updated while running it for the first time. It is no major concern as it is only a one-time process and need not be done again and again.

That’s it; this is how you can easily Get Windows Update With PowerShell in Windows 10 anytime. Type and execute the commands carefully as failing to this can easily build-up errors in the smooth functioning of the system.

Источник

Windows Updates can be run from PowerShell and Command Prompt in Windows 11/10. In this article, we will be checking out how to do it. Windows Update is one of the most highlighted features of Windows 10. Because with the release of Windows 10, Windows was offered to the customers as a service rather than a product. Under the scenario of Software as a Service, this led to the Windows Updates on Windows 10 being on by default and without an option for anyone to disable it.

Now, while some criticized this move by Microsoft, ultimately this is a step towards the customer’s greater good. Because Windows Update helps the users stay secured against all kinds of threats and provide them with the latest and the greatest from Microsoft. So, for those who appreciate this service, today we are going to talk about another way to run these updates.

The following methods will be carried out to run Windows Update from Command Line on Windows 11/10-

Using Windows Powershell.
Using Command Prompt.

1] Run Windows Update using Windows Powershell

Running Windows Updates on Windows Powershell will require you to manually Install the Windows Update module, Get Windows Updates downloaded and Install Windows Updates. And for this, open Windows Powershell by searching for Powershell in the Cortana search box and run it with Administrator level privileges.

Install the PSWindowsUpdate Module

Type in,

Install-Module PSWindowsUpdate

to install the Windows Update module for Windows Powershell.

Check for Updates

After that,

Get-WindowsUpdate

to connect to the Windows Update servers and download the updates if found.

Install Updates

Finally, type in,

Install-WindowsUpdate

to install the Windows Updates downloaded on your computer.

Check for Microsoft Updates

Add-WUServiceManager -MicrosoftUpdate

Install specific updates only

Get-WindowsUpdate -KBArticleID "KB1234567" -Install

Hide specific Update

Install-WindowsUpdate -NotKBArticle "KB1234567" -AcceptAll

Skip Updates belonging to specific categories

Install-WindowsUpdate -NotCategory "Drivers","FeaturePacks" -AcceptAll

Related: Command-line switches to deploy Microsoft software Update packages

2] Run Windows Update using Command Prompt

Command Prompt on Windows Operating Systems exists since a very long time whereas Windows Powershell is comparatively new. Hence, it has similar capabilities to run Windows Updates, but the highlighting point here is that you do not need to download any module for Windows Updates.

First, open Command Prompt by searching for cmd in the Cortana search box and run it with Administrator level privileges.

Click on Yes for the UAC Prompt that you get.

Finally, type in the following commands and hit the Enter key in order to perform the respective operations,

Start checking for updates:

UsoClient StartScan

Start downloading Updates:

UsoClient StartDownload

Start installing the downloaded updates:

UsoClient StartInstall

Restart your device after installing the updates:

UsoClient RestartDevice

Check, Download and Install Updates:

UsoClient ScanInstallWait

It is worth noting that, the Command Prompt commands mentioned above are just meant for Windows 11/10 only.

Related read: How to Update Drivers using Command Prompt.

Hope you find this post useful.

Источник