How to automate Windows Update with PowerShell

Microsoft Windows provides its own patch management solution referred to as Windows Update. Having a proper grip on these updates is paramount for your production workflow as they often start automatically during business hours resulting in downtime. With PowerShell cmdlets, you can automate Windows updates, saving you effort and time. In this article, we shall discuss how to automate Windows Update with PowerShell. Please see Windows 2016 Servers do not show up on the WSUS console, and how to disable automatic Windows updates.

With the right patch management solution, you can enhance your system by testing or installing the latest software updates and patches. Patches are temporary fixes for existing issues between full-scale software releases.

If patch management is effectively performed. You can promptly address vulnerabilities in your system and mitigate any potential threats. In this article, you will learn how to automate Windows Update with PowerShell and Task Scheduler

Kindly refer to these related guides: How to update PowerShellGet and Package Management, how to install and update PowerShell version 7 on Windows and Linux, and Important Areas to Master on WSUS.

Automate Windows Update with PowerShell

In order to orchestrate Windows Update with PowerShell, the module “PSWindowsUpdate” needs to be installed. This module contains cmdlets to manage the Windows Update Client (servers). This module is vital because it helps automate the deployment of Windows Update using the

• “Invoke-WUInstall” command to install Windows Updates remotely on computers or with the following below that can be configured via task scheduler to automate updates on individual computers.
• “Install-WindowsUpdate” for installing updates from the Microsoft Update Center or with the – “Get-WindowsUpdate” to update Windows from WSUS.

Please, see how to Configure WSUS Email Notification to Work With Office365, Configuring WSUS Email Notification to Work With Office365 – IIS SMTP Relay Server and how to configure SSL between WSUS servers (Upstream and Downstream Servers).

More on PSWindowsUpdate

To make the Windows patch management process smooth and easy as discussed above, you can use the PSWindowsUpdate module. This module is publicly available and can be downloaded for free from the PowerShell Gallery. The main requirement is that a computer needs to run Windows OS versions starting from Vista or Windows Server 2008. Also, you need to have PowerShell 2.0 or later.

With PSWindowsUpdate, you can identify if any Windows updates are available for your computer. Moreover, this module allows you to centrally manage Windows updates across various Windows servers and workstations.

This way, you can remotely control which updates are installed, removed, or hidden.

You might be interested in these: WSUS Setup: How to configure Windows server update services, and how to target WSUS clients with the registry keys.

Download the PSWindowsUpdateModule

Note: This module is not installed by default on Windows Servers. When installed it contains a set of functions to check, download and install updates from PowerShell. First, download the PSWindowsUpdateModule:

Copy the following command below

Install the PSWindowsUpdateModule

Next, install the PSWindowsUpdateModule. To have the module installed in PowerShell 5 and above, use the cmdlets below. Take a look at “Handy WSUS Commands: Windows Server Update Services Commands, WAUACLT, PowerShell and USOClient” as well.

Install-Module PSWindowsUpdate

Note: To automate this installation in an unattended (silent) mode, use the command by adding the “-Force” flag as shown below

Install-Module PSWindowsUpdate -Force

To list all the modules installed, use the command below

Get-Command –module PSWindowsUpdate

Next, run the command below. If the updates are not already downloaded. The command will contact the WSUS and pull the updates, have the updates installed and restart the server.

Here is the meaning of the command.

Get-WUInstall, Install-WindowsUpdate (alias for Get-WindowsUpdate –Install) – install updates

Please see Unattended mode: How to install the Microsoft PSWindowsUpdate module silently, and how to fix “The VM appears to be in use: Taking ownership failed“

Install Microsoft Updates

For Updates directly from the Microsoft update centre, use the command below. The command below might not work correctly, because of this, the “install-WindowsUpdate” is my desired choice.

Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot

For Updates directly from the Microsoft update centre. Use this command below as this is proven to work!

Get-WUInstall –MicrosoftUpdate –AcceptAll –AutoReboot

To have this run at a specific period of time, create a PowerShell script and create a scheduled task to automate Windows Update with the code below.

Install-Module PSWindowsUpdate -Force
#installs everything (newest version) along with required modules.
Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot
#Will ensure that updates are downloaded, installed completely and then restarted.

The AcceptAll key accepts the installation of all update packages, and AutoReboot allows Windows to automatically restart after the updates are installed.

WSUS Updates (Windows Server Update Services)

For WSUS updates, the following commands work correctly.

Get-WindowsUpdate -install -AcceptAll -AutoReboot

Next steps! Have your script automated. See the steps to create a scheduled task. Also, see some details on Task Scheduled task error and success code

I hope you found this blog post helpful on How to Automate Windows Update with PowerShell. Now, you have learned how to automate Windows Update with PowerShell and Task Scheduler. If you have any questions, please let me know in the comment session.