Windows Updates With Powershell
At a previous company, we had to maintain windows updates without WSUS. This caused some unique complexities. Back then, all machines in question were Microsoft Surface Tablets. This means that driver updates were important. Thus, I created a one-liner to update windows. In today’s post, we will go over Windows Updates with PowerShell. Using PowerShell allows you to use tools like backstage or scripts to install updates on remote machines quickly. The first part of this post will be how to do it manually and then the final part is oneliners. PSWindowsupdate is the module we will be using.
Warnings
Today’s code has the ability to install all windows updates. This includes updates blocked by different software. Thus, reviewing the updates and being confident in what you are updating are essential to success.
The Manual Breakdown
Once you are connected to a machine that you want to do windows updates with PowerShell, start a PowerShell session. Each step from here own will help make a clear and clean method.
Execution Policy
Set-ExecutionPolicy - ExecutionPolicy Bypass
This command allows you to install modules and any other items in PowerShell. The PSWindowsUpdate will require the execution policy to be at least set to bypass. You can learn more about execution policies here. Note, you must be running PowerShell in an evaluated prompt for this code to work.
Nuget
Install-PackageProvider Nuget -Force
After setting the execution policy, we might need to update the package provider. Making a single-line script becomes a challenge because of this. With this knowledge, we want to force an installation of the newest package provider.
Install PSWindowsUpdate
Install-Module pswindowsupdate -force -confirm:$false
The next piece is to install the pswindowsupdate module. This module is the module that does our heavy lifting. Here is where we will need to use the force and confirm flags.
Import PSWindowsUpdate
Import-Module PSWindowsUpdate
Now we have the module. It is time to import the module. Importing a module does not need additional input.
Getting the Windows Update
Get-WindowsUpdate -MicrosoftUpdate
It’s time to get the updates.Here is where we grab the KB information. This is where Windows Updates with Powershell Happens. This is where you can find updates to research. It’s important to know what you are updating.
Installing a KB
Get-WindowsUpdate -Install -KBArticleID "ID Number" -AcceptAll -IgnoreReboot
This command will install the KB that you wish without asking any questions. You will see a fancy update process bar during this time.
One-Liner Commands to Install Windows Updates With PowerShell
The following are single-line commands. These commands will install all the updates according to their purpose. The following commands have the ability to break your system. One example of this is the BitLocker update that bricked machines recently. The following command will install all the KB updates.
KB Only
Set-ExecutionPolicy -ExecutionPolicy bypass; Install-PackageProvider Nuget -Force; Install-Module pswindowsupdate -force -confirm:$false; Import-Module pswindowsupdate; $Updates = Get-windowsupdate -MicrosoftUpdate; $Updates = $Updates | where-object {$_.KB -ne ""}; Get-WindowsUpdate -Install -KBArticleID $Updates.KB -IgnoreReboot -AcceptAll
All Updates
This command will install all updates on the machine. This includes the KB Microsoft and vendor updates. Please be aware of any dangerous updates that are in the wild. The following command will install those as well.
Set-ExecutionPolicy -ExecutionPolicy bypass; Install-PackageProvider Nuget -Force; Install-Module pswindowsupdate -force -confirm:$false; Import-Module pswindowsupdate; Get-windowsupdate -AcceptAll -MicrosoftUpdate -Install -IgnoreReboot
Troubleshooting
Here is a list of common problems that I have come across with this code:
- Set-ExecutionPolicy an error when the policy is set to unrestricted.
- Set-ExecutionPolicy can request additional prompting
- PSWindowsUpdate module can be blocked.
Conclusion
Firstly, always do your research. Once you know what you are working with, pull the trigger. Let the script run and enjoy your tea.
Seriously though, always research. Always, research. In case you break something, look at this blog post to help fix some things.
Additional Resources: