Timely updating the software installed in the company and installing the required patches is one of the important tasks, the implementation of which allows you to avoid various software malfunctions, as well as to ensure an adequate level of security. How can you centrally and remotely manage software updates and patches in a company? To do this, there are various solutions called patch management tool. If you have ever had to install Windows updates, as in patching servers, you know you have to log into servers and allow updates to install, suppressing reboots along the way. I will focus on windows update in powershell today (Invoke-WUInstall), used to install Windows updates remotely.

1. HOWTO: Install All Windows Updates in
Powershell Remotely
© Action1 Corporation. All rights reserved.

2. Timely updating the software installed in the company and installing the
required patches is one of the important tasks, the implementation of
which allows you to avoid various software malfunctions, as well as to
ensure an adequate level of security. How can you centrally and remotely
manage software updates and patches in a company? To do this, there
are various solutions called patch management tool. If you have ever had
to install Windows updates, as in patching servers, you know you have to
log into servers and allow updates to install, suppressing reboots along
the way. I will focus on windows update in powershell today (Invoke-
WUInstall), used to install Windows updates remotely.
action1.com

3. 1. Installing PSWindowsUpdate PowerShell Module
Since PSWindowsUpdate is not installed on Windows by default, we
have to first install the module.PS C:WINDOWSsystem32> Install-
Module PSWindowsUpdate -MaximumVersion 1.5.2.6
If we run Get-Command we can see all of the commands in the
PSWindowsUpdate module:
PS C:WINDOWSsystem32> Get-Command -Module
PSWindowsUpdate
CommandType Name Version Source action1.com
Manually:

4. 1. Installing PSWindowsUpdate PowerShell Module
----------- ---- ------- ------
Alias Get-WindowsUpdate 1.5.2.6 pswindowsupdate
Alias Hide-WindowsUpdate 1.5.2.6 pswindowsupdate
Alias Install-WindowsUpdate 1.5.2.6 pswindowsupdate
Alias Uninstall-WindowsUpdate 1.5.2.6 pswindowsupdate
Function Add-WUOfflineSync 1.5.2.6 pswindowsupdate
Function Add-WUServiceManager 1.5.2.6 pswindowsupdate
Function Get-WUHistory 1.5.2.6 pswindowsupdate
Function Get-WUInstall 1.5.2.6 pswindowsupdate action1.com
Manually:

5. 1. Installing PSWindowsUpdate PowerShell Module
Function Get-WUInstallerStatus 1.5.2.6 pswindowsupdate
Function Get-WUList 1.5.2.6 pswindowsupdate
Function Get-WURebootStatus 1.5.2.6 pswindowsupdate
Function Get-WUServiceManager 1.5.2.6 pswindowsupdate
Function Get-WUUninstall 1.5.2.6 pswindowsupdate
Function Hide-WUUpdate 1.5.2.6 pswindowsupdate
Function Invoke-WUInstall 1.5.2.6 pswindowsupdate
Function Remove-WUOfflineSync 1.5.2.6 pswindowsupdate
Function Remove-WUServiceManager 1.5.2.6 pswindowsupdate
action1.com
Manually:

6. action1.com
Manually:

7. 2. How Invoke-WUInstall Works
One different aspect of using Invoke-WUInstall is that it does not
use traditional remoting methods to perform Windows update in
PowerShell. When you look at the source code, it actually creates
and immediately runs a scheduled task on the remote machine
under the SYSTEM account.Write-Verbose "Create schedule service
object"
$Scheduler = New-Object -ComObject Schedule.Service
$Task = $Scheduler.NewTask(0)
$RegistrationInfo = $Task.RegistrationInfo action1.com
Manually:

8. 2. How Invoke-WUInstall Works
$RegistrationInfo.Description = $TaskName
$RegistrationInfo.Author = $User.Name
$Settings = $Task.Settings
$Settings.Enabled = $True
$Settings.StartWhenAvailable = $True
$Settings.Hidden = $False
$Action = $Task.Actions.Create(0)
$Action.Path = "powershell"
$Action.Arguments = "-Command $Script"
$Task.Principal.RunLevel = 1
action1.com
Manually:

9. 2. How Invoke-WUInstall Works
typical use of Invoke-WUInstall would be:
Invoke-WUInstall -ComputerName Test-1 -Script {ipmo
PSWindowsUpdate; Get-WUInstall -AcceptAll | Out-File
C:PSWindowsUpdate.log } -Confirm:$false –Verbose
In this command we see Get-WUInstall, which is the command
PSWindowsUpdate uses to install updates, usually from your Windows
Server Update Services (WSUS) server. Get-WUInstall simply uses a COM
object for Windows updates to perform the tasks needed. Notice also
the use of the -AcceptAll parameter, which means it will automatically
accept any updates to install. action1.com
Manually:

10. 2. How Invoke-WUInstall Works
One nice feature of Invoke-WUInstall is that it actually installs the
PSWindowsUpdate module on the remote machine (if it isn't there
already). This is great when you are using the module on a new machine,
or when you decide to use it for the first time.
C: > $cim = New-CimSession -ComputerName Test-1
C: > $cim
Id : 2
Name : CimSession2
InstanceId : afa8c63d-fb1f-46f9-8082-c66238750a92
ComputerName : Test-1
Protocol : WSMAN
action1.com
Manually:

11. 2. How Invoke-WUInstall Works
C:ScriptsPowerShell> (Get-ScheduledTask -TaskPath "" -
CimSession $cim -TaskName PSWindowsUpdate).actions
Id :
Arguments : -Command ipmo PSWindowsUpdate; Get-WUInstall -
AcceptAll -AutoReboot | Out-File C:PSWindowsUpdate.log
Execute : powershell
WorkingDirectory :
PSComputerName : Test-1 action1.com
Manually:

12. 2. How Invoke-WUInstall Works
As you can see, the scheduled task is going to run ipmo
PSWindowsUpdate; Get-WUInstall -AcceptAll -AutoReboot | Out-
File C:PSWindowsUpdate.log. Using Out-File will ensure the logs
of downloading and installing updates are visible so we can check
against them later.
action1.com
Manually:

13. action1.com
Manually:

14. 3. Install Updates on Multiple Machines
The true power of Invoke-WUInstall is when you have to install
updates on many machines at once. This is very easy to do, all
you need is to add machines to the -ComputerName parameter,
which then processes them in a loop (not in parallel
unfortunately).
action1.com
Manually:

15. 3. Install Updates on Multiple Machines
C: > Invoke-WUInstall -ComputerName Test-1,Test-2,Test-3,Test-4 -Script
{ipmo PSWindowsUpdate; Get-WUInstall -AcceptAll | Out-File C:
PSWindowsUpdate.log } -Confirm:$false -Verbose
VERBOSE: Populating RepositorySourceLocation property for module
PSWindowsUpdate.
VERBOSE: Loading module from path 'C:Program
FilesWindowsPowerShellModulesPSWindowsUpdate1.5.2.6PSWindows
Update.psm1'.
VERBOSE: Create schedule service object
VERBOSE: Performing the operation "Invoke WUInstall" on target "Test-1".
action1.com
Manually:

16. 4. Windows Update in Powershell: Finding Errors
One great reason to output to a log on the remote machine is to
confirm that no errors installing updates on these remote
machines occurred. With some simple PowerShell, we can query
these log files and search for failures.Here is what a typical log
looks like after using Get-WUInstall -AcceptAll | Out-File C:
PSWindowsUpdate.log:
It includes the status of the update, its KB number, size, and title—
all great information to have handy when installing updates.
action1.com
Manually:

17. 4. Windows Update in Powershell: Finding Errors
Using Invoke-Command, Get-Item, and Select-String, we can use a quick
technique to easily work through any computers used with Invoke-WUInstall
and check for updates that failed to install:
C:> Invoke-Command -ComputerName Test-1,Test-2,Test-3 -ScriptBlock {
>> Get-Item C:PSWindowsUpdate.log | Select-String -Pattern "failed" -
SimpleMatch |
>> Select-Object -Property line } | Select-Object -Property
Line,PSComputerName
Line PSComputerName
4 Failed KB4103712 30 MB 2018-05 Security Only Quality Update for
Windo... Test-1 action1.com
Manually:

18. Other Relevant HOWTOs:
action1.com
How to Uninstall Software Remotely Using Command Line Tool
Free Tool: Install Patch Remotely
Free Tool: Run Scheduled Task Remotely
Free Tool: Set Share Permissions
Free Tool: Web Browsers

19. Sign Up for Action1
• Instant sign-up
• No phone calls to activate
• Quick configuration
Go to action1.com/free

20. Free Help
• Call 1-346-444-8530
• action1.com/contact_us.html
• Free technical support
action1.com