Raymii.orgQuis custodiet ipsos custodes?
Home | About | All pages | Cluster Status | RSS Feed | Gopher
Windows 10 updates with PowerShell
Published: 06-01-2020 | Author: Remy van Elst | Text only version of this article
❗ This post is over two years old. It may no longer be up to date. Opinions may have changed.
Table of Contents
Recently I had issues updating one of my machines that runs Windows 10. Turns out
the network firewall was to restrictive. However, the information provided by the
update dialog was just, "Oh, updating failed, maybe try again". Nothing useful,
so I tried to figure out if it's possible to use Powershell for updating. Since
Windows 10 build 1709 Microsoft provides a built in module, but that is not that
user friendly. In this article I'll talk about using
PSWindowsUpdate and the
built in Microsoft
WindowsUpdateProvider to update a Windows 10 machine via
the command line.
I'm developing an open source monitoring app called Leaf Node Monitoring, for windows, linux & android. Go check it out!
Consider sponsoring me on Github. It means the world to me if you show your appreciation and you'll help pay the server costs.
You can also sponsor me by getting a Digital Ocean VPS. With this referral link you'll get $100 credit for 60 days.
These steps were tested on a Windows 10 machine running build 1703 and one running 1903.
The module is not open source and the source is also not available since version
2 of the module. It is a compiled
PSWindowsUpdate vs WindowsUpdateProvider (Install-WUUpdates)
I choose to use this module instead of the
powershell module provided by Microsoft because the machine I was using did not
run build 1709 or later. These microsoft modules are not available on Windows
10 1703, which the machine ran. Also, the powershell module is way more user
Later I updated the machine to build 1909, after which the modules are available:
Get-Command -Module WindowsUpdateProvider
CommandType Name Version Source ----------- ---- ------- ------ [...] Function Install-WUUpdates 188.8.131.52 WindowsUpdateProvider Function Start-WUScan 184.108.40.206 WindowsUpdateProvider
Updating with WindowsUpdateProvider
Once you're on a new enough build you can use the following commands to install updates. Not as verbose and easy to use, but it does not require an external module installation.
Scan for updates and install them, including other microsoft products:
$Updates = Start-WUScan -SearchCriteria "IsInstalled=0 AND IsHidden=0 AND IsAssigned=1" Write-Host "Updates found: " $Updates.Count Install-WUUpdates -Updates $Updates
If you want a bit of a progress report or information, you need to write up a
loop yourself. Now back to the
PSWindowsUpdate module, which features more
information, filtering and more user friendly features.
Fire up Powershell as an Administrator and install the module with this command:
Install-Module -Name PSWindowsUpdate -Force
In my case I was asked to update the NUGet modules before the installation started. I also had to confirm installation from an untrusted source. Once the module is installed you can check the version:
Get-Package -Name PSWindowsUpdate
Name Version Source ProviderName ---- ------- ------ ------------ PSWindowsUpdate 220.127.116.11 https://www.powershellgallery... PowerShellGet
Set the execution policy to unrestricted, for the current process only:
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
Try not to just set the entire execution policy to unrestricted. That feels the same as just disabling SELinux.
When you are going to install updates in the future, remember to change the the execution policy with this command.
Since the graphical dialog window didn't show my any information on errors or
what went wrong, I was happy to find this module having a
-Verbose flag. With
that flag I found out the network firewall was blocking specific requests.
After fixing that, Windows was able to find updates again.
Get a list of available updates:
Get-WindowsUpdate -MicrosoftUpdate -Verbose
VERBOSE: GATEWAY (5-1-2020 13:15:47): Connecting to Microsoft Update server. Please wait... VERBOSE: Found  Updates in pre search criteria VERBOSE: Found  Updates in post search criteria ComputerName Status KB Size Title ------------ ------ -- ---- ----- GATEWAY ------- KB4533002 63MB 2019-12 Cumulatieve update voor .NET Framework 3.5 en 4.8 voor Windows 10 V... GATEWAY ------- KB2267602 720MB Beveiligingsinformatie-update voor Windows Defender Antivirus - KB2267602 (... GATEWAY ------- 3MB Intel - net - 8/26/2019 12:00:00 AM - 18.104.22.168
Install everything without prompting:
Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot
X ComputerName Result KB Size Title - ------------ ------ -- ---- ----- 1 GATEWAY Accepted KB4533002 63MB 2019-12 Cumulatieve update voor .NET Framework 3.5 en 4.8 voor Windows 10... 2 GATEWAY Downloaded KB4533002 63MB 2019-12 Cumulatieve update voor .NET Framework 3.5 en 4.8 voor Windows 10... 3 GATEWAY Installed KB4533002 63MB 2019-12 Cumulatieve update voor .NET Framework 3.5 en 4.8 voor Windows 10...
Everything includes updates for office and other microsoft products. Accept all and autoreboot are self-explanatory I think.
If you omit the flags and just use
Install-WindowsUpdate, it will ask you to
accept each update and confirm the reboot.
The module seems to be quite comprehensive, including support for remote computers, WSUS servers, uninstalling updates, search filtering and a few more bits and pieces I have no use for at the moment. This website describes the usage in more details.
For me, just having the commandline to list and install updates was good enough.Tags: blog , microsoft , powershell , server , updates , windows