Raymii.org
Quis custodiet ipsos custodes?Home | About | All pages | Cluster Status | RSS Feed
Windows 10 updates with PowerShell
Published: 06-01-2020 | Author: Remy van Elst | Text only version of this article
❗ This post is over four years old. It may no longer be up to date. Opinions may have changed.
Table of Contents
Recently I had issues updating one of my machines that runs Windows 10. Turns out
the network firewall was to restrictive. However, the information provided by the
update dialog was just, "Oh, updating failed, maybe try again". Nothing useful,
so I tried to figure out if it's possible to use Powershell for updating. Since
Windows 10 build 1709 Microsoft provides a built in module, but that is not that
user friendly. In this article I'll talk about using PSWindowsUpdate and the
built in Microsoft WindowsUpdateProvider to update a Windows 10 machine via
the command line.
Recently I removed all Google Ads from this site due to their invasive tracking, as well as Google Analytics. Please, if you found this content useful, consider a small donation using any of the options below:
I'm developing an open source monitoring app called Leaf Node Monitoring, for windows, linux & android. Go check it out!
Consider sponsoring me on Github. It means the world to me if you show your appreciation and you'll help pay the server costs.
You can also sponsor me by getting a Digital Ocean VPS. With this referral link you'll get $200 credit for 60 days. Spend $25 after your credit expires and I'll get $25!
These steps were tested on a Windows 10 machine running build 1703 and one running 1903.
The module is not open source and the source is also not available since version
2 of the module. It is a compiled .dll file.
PSWindowsUpdate vs WindowsUpdateProvider (Install-WUUpdates)
I choose to use this module instead of the Install-WUUpdates / Start-WUScan
powershell module provided by Microsoft because the machine I was using did not
run build 1709 or later. These microsoft modules are not available on Windows
10 1703, which the machine ran. Also, the powershell module is way more user
friendly.
Later I updated the machine to build 1909, after which the modules are available:
Get-Command -Module WindowsUpdateProvider
Output:
CommandType Name Version Source
----------- ---- ------- ------
[...]
Function Install-WUUpdates 1.0.0.2 WindowsUpdateProvider
Function Start-WUScan 1.0.0.2 WindowsUpdateProvider
Updating with WindowsUpdateProvider
Once you're on a new enough build you can use the following commands to install updates. Not as verbose and easy to use, but it does not require an external module installation.
Scan for updates and install them, including other microsoft products:
$Updates = Start-WUScan -SearchCriteria "IsInstalled=0 AND IsHidden=0 AND IsAssigned=1"
Write-Host "Updates found: " $Updates.Count
Install-WUUpdates -Updates $Updates
If you want a bit of a progress report or information, you need to write up a
loop yourself. Now back to the PSWindowsUpdate module, which features more
information, filtering and more user friendly features.
PSWindowsUpdate Installation
Fire up Powershell as an Administrator and install the module with this command:
Install-Module -Name PSWindowsUpdate -Force
In my case I was asked to update the NUGet modules before the installation started. I also had to confirm installation from an untrusted source. Once the module is installed you can check the version:
Get-Package -Name PSWindowsUpdate
Output:
Name Version Source ProviderName
---- ------- ------ ------------
PSWindowsUpdate 2.1.1.2 https://www.powershellgallery... PowerShellGet
Set the execution policy to unrestricted, for the current process only:
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
Try not to just set the entire execution policy to unrestricted. That feels the same as just disabling SELinux.
When you are going to install updates in the future, remember to change the the execution policy with this command.
PSWindowsUpdate Usage
Since the graphical dialog window didn't show my any information on errors or
what went wrong, I was happy to find this module having a -Verbose flag. With
that flag I found out the network firewall was blocking specific requests.
After fixing that, Windows was able to find updates again.
Get a list of available updates:
Get-WindowsUpdate -MicrosoftUpdate -Verbose
Output:
VERBOSE: GATEWAY (5-1-2020 13:15:47): Connecting to Microsoft Update server. Please wait...
VERBOSE: Found [3] Updates in pre search criteria
VERBOSE: Found [3] Updates in post search criteria
ComputerName Status KB Size Title
------------ ------ -- ---- -----
GATEWAY ------- KB4533002 63MB 2019-12 Cumulatieve update voor .NET Framework 3.5 en 4.8 voor Windows 10 V...
GATEWAY ------- KB2267602 720MB Beveiligingsinformatie-update voor Windows Defender Antivirus - KB2267602 (...
GATEWAY ------- 3MB Intel - net - 8/26/2019 12:00:00 AM - 20.70.12.5
Install everything without prompting:
Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot
Output:
X ComputerName Result KB Size Title
- ------------ ------ -- ---- -----
1 GATEWAY Accepted KB4533002 63MB 2019-12 Cumulatieve update voor .NET Framework 3.5 en 4.8 voor Windows 10...
2 GATEWAY Downloaded KB4533002 63MB 2019-12 Cumulatieve update voor .NET Framework 3.5 en 4.8 voor Windows 10...
3 GATEWAY Installed KB4533002 63MB 2019-12 Cumulatieve update voor .NET Framework 3.5 en 4.8 voor Windows 10...
Everything includes updates for office and other microsoft products. Accept all and autoreboot are self-explanatory I think.
If you omit the flags and just use Install-WindowsUpdate, it will ask you to
accept each update and confirm the reboot.
Extended usage
The module seems to be quite comprehensive, including support for remote computers, WSUS servers, uninstalling updates, search filtering and a few more bits and pieces I have no use for at the moment. This website describes the usage in more details.
For me, just having the commandline to list and install updates was good enough.
Tags: blog , microsoft , powershell , server , updates , windows