Manage Windows Update with PowerShell

< All Topics

Refer to the tutorial below on how to manage Windows Update with PowerShell to ensure that all Windows Servers are installed with latest updates

Windows Update with PowerShell – PSWindowsUpdate

Install PSWindowsUpdate Module on all Windows Servers to manage the Windows Update Client

Download and install PSWindowsUpdate on Windows Machines with PowerShell 5.1

Install-Module -Name PSWindowsUpdate

Copy the PSWindowsUpdate Module manually to PowerShell Module on Windows Machines with PowerShell 4.0

$PSv4_Path = "C:\Windows\System32\WindowsPowerShell\v1.0\Modules"
New-Item -ItemType Directory -Path $PSv4_Path -Name "PSWindowsUpdate"

$PSWU = "C:\Program Files\WindowsPowerShell\Modules\PSWindowsUpdate\2.1.1.2\"
Copy-Item $PSWU -Recurse -Destination "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSWindowsUpdate\"

Import PSWindowsUpdate Module

#Import PSWindowsUpdate Module 
Import-Module PSWindowsUpdate 

Available Commands

Get-Command -Module PSWindowsUpdate

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Alias           Clear-WUJob                                        2.1.1.2    PSWindowsUpdate
Alias           Download-WindowsUpdate                             2.1.1.2    PSWindowsUpdate
Alias           Get-WUInstall                                      2.1.1.2    PSWindowsUpdate
Alias           Get-WUList                                         2.1.1.2    PSWindowsUpdate
Alias           Hide-WindowsUpdate                                 2.1.1.2    PSWindowsUpdate
Alias           Install-WindowsUpdate                              2.1.1.2    PSWindowsUpdate
Alias           Show-WindowsUpdate                                 2.1.1.2    PSWindowsUpdate
Alias           UnHide-WindowsUpdate                               2.1.1.2    PSWindowsUpdate
Alias           Uninstall-WindowsUpdate                            2.1.1.2    PSWindowsUpdate
Cmdlet          Add-WUServiceManager                               2.1.1.2    PSWindowsUpdate
Cmdlet          Enable-WURemoting                                  2.1.1.2    PSWindowsUpdate
Cmdlet          Get-WindowsUpdate                                  2.1.1.2    PSWindowsUpdate
Cmdlet          Get-WUApiVersion                                   2.1.1.2    PSWindowsUpdate
Cmdlet          Get-WUHistory                                      2.1.1.2    PSWindowsUpdate
Cmdlet          Get-WUInstallerStatus                              2.1.1.2    PSWindowsUpdate
Cmdlet          Get-WUJob                                          2.1.1.2    PSWindowsUpdate
Cmdlet          Get-WULastResults                                  2.1.1.2    PSWindowsUpdate
Cmdlet          Get-WURebootStatus                                 2.1.1.2    PSWindowsUpdate
Cmdlet          Get-WUServiceManager                               2.1.1.2    PSWindowsUpdate
Cmdlet          Get-WUSettings                                     2.1.1.2    PSWindowsUpdate
Cmdlet          Invoke-WUJob                                       2.1.1.2    PSWindowsUpdate
Cmdlet          Remove-WindowsUpdate                               2.1.1.2    PSWindowsUpdate
Cmdlet          Remove-WUServiceManager                            2.1.1.2    PSWindowsUpdate
Cmdlet          Set-PSWUSettings                                   2.1.1.2    PSWindowsUpdate
Cmdlet          Set-WUSettings                                     2.1.1.2    PSWindowsUpdate
Cmdlet          Update-WUModule                                    2.1.1.2    PSWindowsUpdate

Version of Windows Update Client

Check the version of Windows Update Client installed

Get-WUApiVersion

ComputerName PSWindowsUpdate PSWUModuleDll   ApiVersion WuapiDllVersion
------------ --------------- -------------   ---------- ---------------
YONG-WIN10   2.1.1.2         2.0.6995.28496  8.0        10.0.18362.387

Settings of Windows Update Client

Verify the Windows Update Client is configured to point to WSUS Server

PS C:\windows\system32\drivers\etc> Get-WUSettings

ComputerName                                 : IB-WSUS
WUServer                                     : http://IB-WSUS:8530
WUStatusServer                               : http://IB-WSUS:8530
AcceptTrustedPublisherCerts                  : 1
ElevateNonAdmins                             : 1
DoNotConnectToWindowsUpdateInternetLocations : 1
TargetGroupEnabled                           : 1
TargetGroup                                  : Servers
NoAutoUpdate                                 : 0
AUOptions                                    : 3 - Notify before installation
ScheduledInstallDay                          : 0 - Every Day
ScheduledInstallTime                         : 3
UseWUServer                                  : 1
AutoInstallMinorUpdates                      : 0
AlwaysAutoRebootAtScheduledTime              : 0
DetectionFrequencyEnabled                    : 1
DetectionFrequency                           : 22

Check Available Updates

Check available updates from WSUS Server

Get-WindowsUpdate

ComputerName Status     KB          Size Title                                                                                                                                                 
------------ ------     --          ---- -----                                                                                                                                                 
GRP-DC02     -------    KB4550970   32MB 2020-04 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4550970)

Install Updates

Install all available Windows Updates

Install-WindowsUpdate -AcceptAll

Check Update History

List the latest 5 updates installed

Get-WUHistory -Last 5 | Select Date,Title, Result

Date                  Title                                                                                          Result
----                  -----                                                                                          ------
17/4/2020 1:43:19 AM  Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.313.1687.0) Succeeded
15/4/2020 8:36:07 PM  2020-04 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4549951)        Succeeded
15/4/2020 10:45:09 AM Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.313.1554.0) Succeeded
15/4/2020 2:17:38 AM  Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.313.1528.0) Succeeded
14/4/2020 12:57:13 PM Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.313.1478.0) Succeeded

Status of Windows Update of Remote Computers

Generate a Report contains the most recently 5 updates installed on remote computers

$Computers = @('IB-CAS01','IB-CAS02','IB-MBX01','IB-MBX02','IB-MBXRP')

foreach ($Computer in $Computers) { 
    Get-WUHistory -ComputerName $Computer -Last 5 | Select Date, ComputerName, Result, Title | Export-Csv C:\Temp\April2020-ExchangeServers.csv -NoTypeInformation -Append } 

Others

Check the last result

Get-WULastResults

ComputerName LastSearchSuccessDate LastInstallationSuccessDate
------------ --------------------- ---------------------------
YONG-WIN10   16/4/2020 5:52:09 PM  15/4/2020 12:36:07 PM

Check whether reboot is required

 Get-WURebootStatus

ComputerName RebootRequired RebootScheduled
------------ -------------- ---------------
YONG-WIN10            False
Previous Install SqlServer Module without Internet Access
Table of Contents