Windows Update Powershell Tricks
Published on December 12, 2022
Collection of useful PowerShell commands and techniques for managing Windows Updates efficiently.
Overview
Managing Windows Updates through PowerShell provides more control and automation capabilities than the standard Windows Update interface. These techniques are especially useful for system administrators and MSPs managing multiple systems.
Essential PowerShell Modules
PSWindowsUpdate Module
Install the PSWindowsUpdate module for comprehensive update management:
# Install module (run as Administrator)
Install-Module PSWindowsUpdate -Force
# Import module
Import-Module PSWindowsUpdate
Windows Update Provider
Alternative approach using built-in Windows Update Provider:
# Check available providers
Get-PackageProvider
# Install Windows Update provider if needed
Install-PackageProvider -Name WindowsUpdate -Force
Basic Update Operations
Check for Available Updates
# Get all available updates
Get-WUList
# Get updates from specific source
Get-WUList -MicrosoftUpdate
# Check for specific update categories
Get-WUList -Category "Security Updates"
Install Updates
# Install all available updates
Install-WindowsUpdate -AcceptAll -AutoReboot
# Install updates without automatic reboot
Install-WindowsUpdate -AcceptAll -IgnoreReboot
# Install only security updates
Get-WUInstall -Category "Security Updates" -AcceptAll
Update History
# View update history
Get-WUHistory
# Get recent update history
Get-WUHistory -Last 10
# Export update history to CSV
Get-WUHistory | Export-Csv -Path "C:\UpdateHistory.csv"
Advanced Techniques
Selective Update Installation
# Exclude specific updates (by KB number)
Install-WindowsUpdate -NotKBArticleID "KB5000001" -AcceptAll
# Install only critical updates
Get-WUInstall -Severity Critical -AcceptAll
# Install updates matching specific criteria
Get-WUList | Where-Object {$_.Title -like "*Security*"} | Install-WindowsUpdate -AcceptAll
Remote Update Management
# Install updates on remote computer
Invoke-WUJob -ComputerName "Server01" -Script {Install-WindowsUpdate -AcceptAll} -RunNow
# Get update status from multiple computers
$computers = @("Server01", "Server02", "Workstation01")
Invoke-Command -ComputerName $computers -ScriptBlock {Get-WUList}
Scheduling Updates
# Schedule update installation
Install-WindowsUpdate -AcceptAll -ScheduleJob -RunNow
# Create custom scheduled task for updates
$action = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "-Command 'Install-WindowsUpdate -AcceptAll -AutoReboot'"
$trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Sunday -At 2am
Register-ScheduledTask -TaskName "WeeklyUpdates" -Action $action -Trigger $trigger
Windows Update Service Management
Service Control
# Check Windows Update service status
Get-Service wuauserv
# Stop Windows Update service
Stop-Service wuauserv -Force
# Start Windows Update service
Start-Service wuauserv
# Restart Windows Update service
Restart-Service wuauserv
Reset Windows Update Components
# Function to reset Windows Update components
function Reset-WindowsUpdate {
Stop-Service wuauserv, cryptSvc, bits, msiserver -Force
Remove-Item "$env:SystemRoot\SoftwareDistribution" -Recurse -Force -ErrorAction SilentlyContinue
Remove-Item "$env:SystemRoot\System32\catroot2" -Recurse -Force -ErrorAction SilentlyContinue
Start-Service wuauserv, cryptSvc, bits, msiserver
Write-Output "Windows Update components reset successfully"
}
# Execute the reset
Reset-WindowsUpdate
Troubleshooting Commands
Update Error Diagnosis
# Check for Windows Update errors in Event Log
Get-WinEvent -FilterHashtable @{LogName='System'; ID=16,17,18,19,20} | Select-Object TimeCreated, Id, LevelDisplayName, Message
# Get Windows Update Agent info
$wuaVersion = (New-Object -ComObject Microsoft.Update.AgentInfo).GetInfo("ProductVersionString")
Write-Output "Windows Update Agent Version: $wuaVersion"
Pending Reboot Check
# Check if reboot is required
Get-WURebootStatus
# Alternative method using registry
function Test-PendingReboot {
$rebootRequired = $false
# Check Windows Update reboot registry
if (Get-ChildItem "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired" -ErrorAction SilentlyContinue) {
$rebootRequired = $true
}
# Check pending file rename operations
if (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" -Name PendingFileRenameOperations -ErrorAction SilentlyContinue) {
$rebootRequired = $true
}
return $rebootRequired
}
Automation Scripts
Complete Update Workflow
# Comprehensive update installation script
function Install-UpdatesWithLogging {
param(
[string]$LogPath = "C:\UpdateLog.txt"
)
Start-Transcript -Path $LogPath -Append
try {
Write-Output "Starting update check at $(Get-Date)"
# Check for available updates
$updates = Get-WUList
Write-Output "Found $($updates.Count) available updates"
if ($updates.Count -gt 0) {
# Install updates
Install-WindowsUpdate -AcceptAll -IgnoreReboot
Write-Output "Updates installed successfully"
# Check if reboot is required
if (Get-WURebootStatus -Silent) {
Write-Output "Reboot required - scheduling restart"
shutdown.exe /r /t 300 /c "System restart required for Windows Updates"
}
} else {
Write-Output "No updates available"
}
}
catch {
Write-Error "Update installation failed: $_"
}
finally {
Stop-Transcript
}
}
Maintenance Mode Script
# Put system in maintenance mode for updates
function Enter-MaintenanceMode {
# Stop non-essential services
$services = @("Spooler", "Themes", "TabletInputService")
foreach ($service in $services) {
Stop-Service $service -ErrorAction SilentlyContinue
}
# Install updates
Install-WindowsUpdate -AcceptAll -AutoReboot
}
Best Practices
- Always test scripts in a development environment first
- Create system backups before major updates
- Schedule updates during maintenance windows
- Monitor update installation logs
- Implement proper error handling
- Use appropriate execution policies
Conclusion
These PowerShell techniques provide powerful tools for managing Windows Updates programmatically. Whether you're managing a single system or an entire infrastructure, these commands can help automate and streamline the update process while maintaining control and visibility.