Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
What to Upload to SlideShare
Loading in …3
×
1 of 20

HOWTO: Install All Windows Updates in Powershell Remotely

0

Share

Download to read offline

Timely updating the software installed in the company and installing the required patches is one of the important tasks, the implementation of which allows you to avoid various software malfunctions, as well as to ensure an adequate level of security. How can you centrally and remotely manage software updates and patches in a company? To do this, there are various solutions called patch management tool. If you have ever had to install Windows updates, as in patching servers, you know you have to log into servers and allow updates to install, suppressing reboots along the way. I will focus on windows update in powershell today (Invoke-WUInstall), used to install Windows updates remotely.

More Related Content

You Might Also Like

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

HOWTO: Install All Windows Updates in Powershell Remotely

  1. 1. HOWTO: Install All Windows Updates in Powershell Remotely © Action1 Corporation. All rights reserved.
  2. 2. Timely updating the software installed in the company and installing the required patches is one of the important tasks, the implementation of which allows you to avoid various software malfunctions, as well as to ensure an adequate level of security. How can you centrally and remotely manage software updates and patches in a company? To do this, there are various solutions called patch management tool. If you have ever had to install Windows updates, as in patching servers, you know you have to log into servers and allow updates to install, suppressing reboots along the way. I will focus on windows update in powershell today (Invoke- WUInstall), used to install Windows updates remotely. action1.com
  3. 3. 1. Installing PSWindowsUpdate PowerShell Module Since PSWindowsUpdate is not installed on Windows by default, we have to first install the module.PS C:WINDOWSsystem32> Install- Module PSWindowsUpdate -MaximumVersion 1.5.2.6 If we run Get-Command we can see all of the commands in the PSWindowsUpdate module: PS C:WINDOWSsystem32> Get-Command -Module PSWindowsUpdate CommandType Name Version Source action1.com Manually:
  4. 4. 1. Installing PSWindowsUpdate PowerShell Module ----------- ---- ------- ------ Alias Get-WindowsUpdate 1.5.2.6 pswindowsupdate Alias Hide-WindowsUpdate 1.5.2.6 pswindowsupdate Alias Install-WindowsUpdate 1.5.2.6 pswindowsupdate Alias Uninstall-WindowsUpdate 1.5.2.6 pswindowsupdate Function Add-WUOfflineSync 1.5.2.6 pswindowsupdate Function Add-WUServiceManager 1.5.2.6 pswindowsupdate Function Get-WUHistory 1.5.2.6 pswindowsupdate Function Get-WUInstall 1.5.2.6 pswindowsupdate action1.com Manually:
  5. 5. 1. Installing PSWindowsUpdate PowerShell Module Function Get-WUInstallerStatus 1.5.2.6 pswindowsupdate Function Get-WUList 1.5.2.6 pswindowsupdate Function Get-WURebootStatus 1.5.2.6 pswindowsupdate Function Get-WUServiceManager 1.5.2.6 pswindowsupdate Function Get-WUUninstall 1.5.2.6 pswindowsupdate Function Hide-WUUpdate 1.5.2.6 pswindowsupdate Function Invoke-WUInstall 1.5.2.6 pswindowsupdate Function Remove-WUOfflineSync 1.5.2.6 pswindowsupdate Function Remove-WUServiceManager 1.5.2.6 pswindowsupdate action1.com Manually:
  6. 6. action1.com Manually:
  7. 7. 2. How Invoke-WUInstall Works One different aspect of using Invoke-WUInstall is that it does not use traditional remoting methods to perform Windows update in PowerShell. When you look at the source code, it actually creates and immediately runs a scheduled task on the remote machine under the SYSTEM account.Write-Verbose "Create schedule service object" $Scheduler = New-Object -ComObject Schedule.Service $Task = $Scheduler.NewTask(0) $RegistrationInfo = $Task.RegistrationInfo action1.com Manually:
  8. 8. 2. How Invoke-WUInstall Works $RegistrationInfo.Description = $TaskName $RegistrationInfo.Author = $User.Name $Settings = $Task.Settings $Settings.Enabled = $True $Settings.StartWhenAvailable = $True $Settings.Hidden = $False $Action = $Task.Actions.Create(0) $Action.Path = "powershell" $Action.Arguments = "-Command $Script" $Task.Principal.RunLevel = 1 action1.com Manually:
  9. 9. 2. How Invoke-WUInstall Works typical use of Invoke-WUInstall would be: Invoke-WUInstall -ComputerName Test-1 -Script {ipmo PSWindowsUpdate; Get-WUInstall -AcceptAll | Out-File C:PSWindowsUpdate.log } -Confirm:$false –Verbose In this command we see Get-WUInstall, which is the command PSWindowsUpdate uses to install updates, usually from your Windows Server Update Services (WSUS) server. Get-WUInstall simply uses a COM object for Windows updates to perform the tasks needed. Notice also the use of the -AcceptAll parameter, which means it will automatically accept any updates to install. action1.com Manually:
  10. 10. 2. How Invoke-WUInstall Works One nice feature of Invoke-WUInstall is that it actually installs the PSWindowsUpdate module on the remote machine (if it isn't there already). This is great when you are using the module on a new machine, or when you decide to use it for the first time. C: > $cim = New-CimSession -ComputerName Test-1 C: > $cim Id : 2 Name : CimSession2 InstanceId : afa8c63d-fb1f-46f9-8082-c66238750a92 ComputerName : Test-1 Protocol : WSMAN action1.com Manually:
  11. 11. 2. How Invoke-WUInstall Works C:ScriptsPowerShell> (Get-ScheduledTask -TaskPath "" - CimSession $cim -TaskName PSWindowsUpdate).actions Id : Arguments : -Command ipmo PSWindowsUpdate; Get-WUInstall - AcceptAll -AutoReboot | Out-File C:PSWindowsUpdate.log Execute : powershell WorkingDirectory : PSComputerName : Test-1 action1.com Manually:
  12. 12. 2. How Invoke-WUInstall Works As you can see, the scheduled task is going to run ipmo PSWindowsUpdate; Get-WUInstall -AcceptAll -AutoReboot | Out- File C:PSWindowsUpdate.log. Using Out-File will ensure the logs of downloading and installing updates are visible so we can check against them later. action1.com Manually:
  13. 13. action1.com Manually:
  14. 14. 3. Install Updates on Multiple Machines The true power of Invoke-WUInstall is when you have to install updates on many machines at once. This is very easy to do, all you need is to add machines to the -ComputerName parameter, which then processes them in a loop (not in parallel unfortunately). action1.com Manually:
  15. 15. 3. Install Updates on Multiple Machines C: > Invoke-WUInstall -ComputerName Test-1,Test-2,Test-3,Test-4 -Script {ipmo PSWindowsUpdate; Get-WUInstall -AcceptAll | Out-File C: PSWindowsUpdate.log } -Confirm:$false -Verbose VERBOSE: Populating RepositorySourceLocation property for module PSWindowsUpdate. VERBOSE: Loading module from path 'C:Program FilesWindowsPowerShellModulesPSWindowsUpdate1.5.2.6PSWindows Update.psm1'. VERBOSE: Create schedule service object VERBOSE: Performing the operation "Invoke WUInstall" on target "Test-1". action1.com Manually:
  16. 16. 4. Windows Update in Powershell: Finding Errors One great reason to output to a log on the remote machine is to confirm that no errors installing updates on these remote machines occurred. With some simple PowerShell, we can query these log files and search for failures.Here is what a typical log looks like after using Get-WUInstall -AcceptAll | Out-File C: PSWindowsUpdate.log: It includes the status of the update, its KB number, size, and title— all great information to have handy when installing updates. action1.com Manually:
  17. 17. 4. Windows Update in Powershell: Finding Errors Using Invoke-Command, Get-Item, and Select-String, we can use a quick technique to easily work through any computers used with Invoke-WUInstall and check for updates that failed to install: C:> Invoke-Command -ComputerName Test-1,Test-2,Test-3 -ScriptBlock { >> Get-Item C:PSWindowsUpdate.log | Select-String -Pattern "failed" - SimpleMatch | >> Select-Object -Property line } | Select-Object -Property Line,PSComputerName Line PSComputerName 4 Failed KB4103712 30 MB 2018-05 Security Only Quality Update for Windo... Test-1 action1.com Manually:
  18. 18. Other Relevant HOWTOs: action1.com How to Uninstall Software Remotely Using Command Line Tool Free Tool: Install Patch Remotely Free Tool: Run Scheduled Task Remotely Free Tool: Set Share Permissions Free Tool: Web Browsers
  19. 19. Sign Up for Action1 • Instant sign-up • No phone calls to activate • Quick configuration Go to action1.com/free
  20. 20. Free Help • Call 1-346-444-8530 • action1.com/contact_us.html • Free technical support action1.com

Editor's Notes

  • Introducing Action One. Cloud-based endpoint security management.
  • To get started, just go to Action One dot com slash free, enter your email, confirm it and you are in. Basic configuration takes only a few minutes.
  • Feel free to call us or contact via Action One dot com. We can you help you to get started at absolutely no cost to you.
  • ×