Microsoft Windows provides its own patch management solution referred to as Windows Update. Having a proper grip on these updates is paramount for your production workflow as they often start automatically during business hours resulting in downtime. With PowerShell cmdlets, you can automate Windows updates, saving you effort and time. With the right patch management solution, you can enhance your system by testing or installing the latest software updates and patches. Patches are temporary fixes for existing issues between full-scale software releases. If patch management is effectively performed, you can promptly address vulnerabilities in your system and mitigate any potential threats. In this article, you will learn how to automate Windows Update with PowerShell and Task Scheduler
Kindly refer to these related guides: How to update PowerShellGet and Package Management, and how to install and update PowerShell version 7 on Windows and Linux, Important Areas to Master on WSUS, Configuring WSUS Email Notification to Work With Office365, Configuring WSUS Email Notification to Work With Office365 – IIS SMTP Relay Server and how to configure SSL between WSUS servers (Upstream and Downstream Servers).
Automate Windows Update with PowerShell
In order to orchestrate Windows Update with PowerShell, the module “PSWindowsUpdate” needs to be installed. This module contains cmdlets to manage the Windows Update Client (servers). This module is vital because it helps automate the deployment of Windows Update using the
- “Invoke-WUInstall” command to install Windows Updates remotely on computers or with the following below that can be configured via task scheduler to automate updates on individual computers.
- “Install-WindowsUpdate” for installing updates from Microsoft Update Center or with the – “Get-WindowsUpdate” to update Windows from WSUS.
More on PSWindowsUpdate
To make the Windows patch management process smooth and easy as discussed above, you can use the PSWindowsUpdate module. This module is publicly available and can be downloaded for free from the PowerShell Gallery. The main requirement is that a computer needs to run Windows OS versions starting from Vista or Windows Server 2008. Also, you need to have PowerShell 2.0 or later.
With PSWindowsUpdate, you can identify if any Windows updates are available for your computer. Moreover, this module allows you to centrally manage Windows updates across various Windows servers and workstations. This way, you can remotely control which updates are installed, removed, or hidden.
Note: This module is not installed by default on Windows Servers and when installed it contains a set of functions to check, download and install updates from PowerShell. First, download the PSWindowsUpdateModule:
Next, install the PSWindowsUpdateModule. To have the module installed in PowerShell 5 and above, use the cmdlets below. You may be interested in this guide as well.
Install-Module PSWindowsUpdate
Note: To automate this installation in an unattended (silent) mode, use the command by adding the “-Force” flag as shown below
Install-Module PSWindowsUpdate -Force
To list all the modules installed, use the command below
Get-Command –module PSWindowsUpdate
Next, run the command below. If the updates are not already downloaded, the command will contact the WSUS and pull the updates, have the updates installed and restart the server.
Here is the meaning of the command.Get-WUInstall, Install-WindowsUpdate (alias for Get-WindowsUpdate –Install) – install updates
Install Microsoft Updates
For Updates directly from the Microsoft update center, use the command below. The command below might not work correctly, because of this, the “install-WindowsUpdate” is my desired choice.
Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot
For Updates directly from the Microsoft update center, use this command below as this is proven to work!
Get-WUInstall –MicrosoftUpdate –AcceptAll –AutoReboot
To have this run at a specific period of time, create a PowerShell script and create a scheduled task to automate Windows Update with the code below.
Install-Module PSWindowsUpdate -Force #installs everything (newest version) along with required modules. Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot #Will ensure that updates are downloaded, installed completely and then restarted.
The AcceptAll key accepts the installation of all update packages, and AutoReboot allows Windows to automatically restart after the updates are installed.
WSUS Updates (Windows Server Update Services)
For WSUS updates, the following commands work correctly.
Get-WindowsUpdate -install -AcceptAll -AutoReboot
Next steps! Have your script automated. Create a scheduled task, see the following link below for more details. For Task Scheduled task error and success code, see the following link.
I hope you found this blog post helpful. Now, you have learned how to automate Windows Update with PowerShell and Task Scheduler. If you have any questions, please let me know in the comment session.
