Windows Updates via Powershell

By sduncan 0 Comment

Windows Updates via Powershell

BlueTeam

PS C:\share> $RemoteServer = “wtf005.wtf.local”
PS C:\share> Get-WindowsUpdate -verbose -computer $RemoteServer -AcceptAll -Install
VERBOSE: wtf005.wtf.local (7/14/2022 3:26:58 PM): Connecting to Microsoft Update server. Please wait…
VERBOSE: Found [19] Updates in pre search criteria
VERBOSE: Found [19] Updates in post search criteria

X ComputerName Result KB Size Title

  • ———— —— — —- —–
    1 wtf005.wt… Accepted KB4484104 287KB Update for Microsoft Office 2016 (KB4484104) 32-Bit Edition
    1 wtf005.wt… Accepted KB5002208 129MB Security Update for Microsoft Excel 2016 (KB5002208) 32-Bit Edition
    1 wtf005.wt… Accepted KB5002192 1MB Update for Microsoft Office 2016 (KB5002192) 32-Bit Edition
    1 wtf005.wt… Accepted KB5002226 3MB Update for Microsoft Office 2016 (KB5002226) 32-Bit Edition
    1 wtf005.wt… Accepted KB5002112 1MB Security Update for Microsoft Office 2016 (KB5002112) 32-Bit Edition
    1 wtf005.wt… Accepted KB890830 39MB Windows Malicious Software Removal Tool x64 – v5.103 (KB890830)
    1 wtf005.wt… Accepted 22KB Acer Incorporated – Display – Acer LCD Monitor V223W
    1 wtf005.wt… Accepted 58KB INTEL – System – 10/3/2016 12:00:00 AM – 10.1.1.38
    1 wtf005.wt… Accepted 58KB INTEL – System – 10/3/2016 12:00:00 AM – 10.1.1.38
    1 wtf005.wt… Accepted 59KB Intel – Other hardware – Intel(R) 200 Series Chipset Family LPC Controlle…
    1 wtf005.wt… Accepted 10MB HP Inc. – Printer – HP Printer (BIDI)
    1 wtf005.wt… Accepted 23KB INTEL – System – 7/18/1968 12:00:00 AM – 10.1.14.7
    1 wtf005.wt… Accepted 25KB INTEL – System – 7/18/1968 12:00:00 AM – 10.1.11.4
    1 wtf005.wt… Accepted 8MB Hewlett-Packard – USB – 4/8/2019 12:00:00 AM – 1.0.0.237
    1 wtf005.wt… Accepted 8MB Hewlett-Packard – USB – 4/8/2019 12:00:00 AM – 1.0.0.237
    1 wtf005.wt… Accepted 2MB Intel – SoftwareComponent – 2130.1.15.0
    1 wtf005.wt… Accepted 369MB Intel Corporation – Display – 30.0.100.9805
    1 wtf005.wt… Accepted KB4023057 3MB 2022-04 Update for Windows 10 Version 21H2 for x64-based Systems (KB4023057)
    1 wtf005.wt… Accepted KB5014699 104GB 2022-06 Cumulative Update for Windows 10 Version 21H2 for x64-based Syste…
    VERBOSE: Accepted [19] Updates ready to Download
    VERBOSE: Invoke-WUJob: PSWindowsUpdate wtf005.wtf.local (Now):
    VERBOSE: powershell.exe -Command “Get-WindowsUpdate -AcceptAll -Criteria \”(UpdateID =
    ’08f46368-f8bd-4293-aa67-6b1e89c86f48′ and RevisionNumber = 201) or (UpdateID = ‘e9145472-eaf2-43dd-98c4-727c386d354c’
    and RevisionNumber = 201) or (UpdateID = ‘5f4faec2-97ad-453a-a5a8-4dbc4cd16eca’ and RevisionNumber = 200) or (UpdateID
    = ‘7da04759-a9db-4b5e-b271-b62f50b98d75’ and RevisionNumber = 200) or (UpdateID =
    ‘2b08f389-09d3-407e-8571-7065f3aeed4b’ and RevisionNumber = 201) or (UpdateID = ‘675d532b-cdd5-4f87-a918-72af430c86a9’
    and RevisionNumber = 200) or (UpdateID = ‘ba902f35-ebe5-4fff-b53d-f45e480726d6’ and RevisionNumber = 2) or (UpdateID =
    ‘a99df3cf-6589-43c1-b435-71a8b7b086c8’ and RevisionNumber = 2) or (UpdateID = ‘b8859379-58f5-4bf0-bb56-47283aa80d55’
    and RevisionNumber = 3) or (UpdateID = ‘9b7fd4ce-aa58-4a53-9f69-c2cae6dc95e6’ and RevisionNumber = 2) or (UpdateID =
    ‘3f6ba9a7-b031-4990-808f-69a9e1ef6a91’ and RevisionNumber = 2) or (UpdateID = ‘557c4d28-8e6f-477c-9a3e-7c0def8db8d8’
    and RevisionNumber = 1) or (UpdateID = ‘eb068434-050c-4911-b105-0ac97e65f848’ and RevisionNumber = 1) or (UpdateID =
    ’45c8e9e6-cea0-4a02-8959-9ea5fef85a22′ and RevisionNumber = 1) or (UpdateID = ‘4efe8a54-e7cd-4146-a2ff-86f34d9ca5ac’
    and RevisionNumber = 1) or (UpdateID = ‘97709334-8385-4355-b564-d58f211e48bb’ and RevisionNumber = 1) or (UpdateID =
    ‘b01eaa60-b75b-47e4-9d29-4ba6aa98ce91’ and RevisionNumber = 1) or (UpdateID = ‘a329b681-ce8c-431d-99f7-052e2901adcb’
    and RevisionNumber = 1) or (UpdateID = ‘8285c438-e1f7-454e-8d22-36fbe2630db0’ and RevisionNumber = 1)\” -Install
    -IgnoreReboot -Verbose *>&1 | Out-File $Env:TEMP\PSWindowsUpdate.log”

PS C:\share>

error:

PS C:\share> Enter-PSSession $RemoteServer
[wtf006.wtf.local]: PS C:\Users\team\Documents> Install-Module PSWindowsUpdate
[wtf006.wtf.local]: PS C:\Users\team\Documents> set-executionpolicy remotesigned
[wtf006.wtf.local]: PS C:\Users\team\Documents> Enable-WURemoting
[wtf006.wtf.local]: PS C:\Users\team\Documents> exit
PS C:\share> Get-WindowsUpdate -verbose -computer $RemoteServer -AcceptAll -Install
VERBOSE: wtf006.wtf.local (7/14/2022 10:41:45 PM): Connecting to Microsoft Update server. Please wait…
VERBOSE: Found [13] Updates in pre search criteria
VERBOSE: Found [13] Updates in post search criteria
etc


PSWindowsUpdate Access Denied
byu/WDizzle inPowerShell

Old Info:

Logon to the computer you want to update maybe using
Enter-PSSession Computername

Install-Module PSWindowsUpdate
Get-WindowsUpdate
Install-WindowsUpdate -AcceptAll -AutoReboot

Harder on Windows 8.1/ Server 2012r2:

Install Dot Net newest verstion

Make sure secure Protocols are enabled
[Net.ServicePointManager]::SecurityProtocol
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Install-Module PSWindowsUpdate
=Error!
Install-Module PowershellGet -Force
=Error!

Set-ItemProperty -Path ‘HKLM:\SOFTWARE\Wow6432Node\Microsoft.NetFramework\v4.0.30319’ -Name ‘SchUseStrongCrypto’ -Value ‘1’ -Type DWord

Set-ItemProperty -Path ‘HKLM:\SOFTWARE\Microsoft.NetFramework\v4.0.30319’ -Name ‘SchUseStrongCrypto’ -Value ‘1’ -Type DWord

***may require a reboot after changing registry keys

Import-Module PSWindowsUpdate

if running PowerShell scripts is disabled

set-executionpolicy remotesigned

Show available updates with the following command: Note this will include all driver updates as well

Get-WindowsUpdate

now Install all updates with

Install-WindowsUpdate -AcceptAll -AutoReboot

My objective is to run this on weekends against work PCs, so the AutoReboot won’t impact anyone.

I may have to set the BIOS of each PC to turn on at 6am so the reboots can finish before users arrive at work.

After testing I hope to put this script into RunDeck or use Scheduled Tasks and use RunDeck to update the Scheduled Tasks.

Logging:

Start-Transcript -Path Computer.log
Write-Host “everything will end up in Computer.log”
Stop-Transcript

more info https://adamtheautomator.com/pswindowsupdate/

if you see this error when using task scheduler you need to use an account that has the “logon as a batch job” rights


PS C:\share\SysInternals> ./PsExec \\$RemoteServer cmd.exe
winrm quickconfig

if you get an error regarding an interface set to public:

Get-NetConnectionProfile
Set-NetConnectionProfile -InterfaceIndex 17 -NetworkCategory Private

sduncan