Windows Updates With Powershell

Windows Updates With Powershell

At a previous company, we had to maintain windows updates without WSUS. This caused some unique complexities. Back then, all machines in question were Microsoft Surface Tablets. This means that driver updates were important. Thus, I created a one-liner to update windows. In today’s post, we will go over Windows Updates with PowerShell. Using PowerShell allows you to use tools like backstage or scripts to install updates on remote machines quickly. The first part of this post will be how to do it manually and then the final part is oneliners. PSWindowsupdate is the module we will be using.

Warnings

Today’s code has the ability to install all windows updates. This includes updates blocked by different software. Thus, reviewing the updates and being confident in what you are updating are essential to success.

The Manual Breakdown

Once you are connected to a machine that you want to do windows updates with PowerShell, start a PowerShell session. Each step from here own will help make a clear and clean method.

Execution Policy

Set-ExecutionPolicy - ExecutionPolicy Bypass

This command allows you to install modules and any other items in PowerShell. The PSWindowsUpdate will require the execution policy to be at least set to bypass. You can learn more about execution policies here. Note, you must be running PowerShell in an evaluated prompt for this code to work.

Nuget

Install-PackageProvider Nuget -Force

After setting the execution policy, we might need to update the package provider. Making a single-line script becomes a challenge because of this. With this knowledge, we want to force an installation of the newest package provider.

Install PSWindowsUpdate

Install-Module pswindowsupdate -force -confirm:$false

The next piece is to install the pswindowsupdate module. This module is the module that does our heavy lifting. Here is where we will need to use the force and confirm flags.

Import PSWindowsUpdate

Import-Module PSWindowsUpdate

Now we have the module. It is time to import the module. Importing a module does not need additional input.

Getting the Windows Update

Get-WindowsUpdate -MicrosoftUpdate

It’s time to get the updates.Here is where we grab the KB information. This is where Windows Updates with Powershell Happens. This is where you can find updates to research. It’s important to know what you are updating.

Windows Updates With PowerShell

Installing a KB

Get-WindowsUpdate -Install -KBArticleID "ID Number" -AcceptAll -IgnoreReboot

This command will install the KB that you wish without asking any questions. You will see a fancy update process bar during this time.

Windows Updates With PowerShell

One-Liner Commands to Install Windows Updates With PowerShell

The following are single-line commands. These commands will install all the updates according to their purpose. The following commands have the ability to break your system. One example of this is the BitLocker update that bricked machines recently. The following command will install all the KB updates.

KB Only

Set-ExecutionPolicy -ExecutionPolicy bypass; Install-PackageProvider Nuget -Force; Install-Module pswindowsupdate -force -confirm:$false; Import-Module pswindowsupdate; $Updates = Get-windowsupdate -MicrosoftUpdate; $Updates = $Updates | where-object {$_.KB -ne ""}; Get-WindowsUpdate -Install -KBArticleID $Updates.KB -IgnoreReboot -AcceptAll

All Updates

This command will install all updates on the machine. This includes the KB Microsoft and vendor updates. Please be aware of any dangerous updates that are in the wild. The following command will install those as well.

Set-ExecutionPolicy -ExecutionPolicy bypass; Install-PackageProvider Nuget -Force; Install-Module pswindowsupdate -force -confirm:$false; Import-Module pswindowsupdate; Get-windowsupdate -AcceptAll -MicrosoftUpdate -Install -IgnoreReboot

Troubleshooting

Here is a list of common problems that I have come across with this code:

  • Set-ExecutionPolicy an error when the policy is set to unrestricted.
  • Set-ExecutionPolicy can request additional prompting
  • PSWindowsUpdate module can be blocked.

Conclusion

Firstly, always do your research. Once you know what you are working with, pull the trigger. Let the script run and enjoy your tea.

Seriously though, always research. Always, research. In case you break something, look at this blog post to help fix some things.

Additional Resources: