Microsoft Windows provides its own patch management solution referred to as Windows Update. Having a proper grip of these updates is paramount for your production workflow as they often start automatically during business hours resulting in downtime. With PowerShell cmdlets, you can automate Windows updates, saving you effort and time. With the right patch management solution, you can enhance your system by testing or installing the latest software updates and patches. Patches are temporary fixes for existing issues between full-scale software releases. If patch management is effectively performed, you can promptly address vulnerabilities of your system and mitigate any potential threats. See these guides: How to automate Windows Update with PowerShell and Task Scheduler, and how to install Microsoft PSWindowsUpdate module silently.
How to install PSWindowsUpdate
It is worth noting that PSWindowsUpdate is a third-party module that is not integrated into Windows by default. This module can be downloaded from the PowerShell gallery, the most used repository for sharing PowerShell code.
This module includes different cmdlets to manage the deployment of Windows updates from the command line. Download the PSWindowsUpdate version from the PowerShell Gallery
Next, we will have to install the PSWindowsUpdateModule as shown below. If the PowerShell setup is already configured to allow online downloads, the PSWindowsUpdate module can also be installed directly from the online repository (PSGallery) running the command below.
Install-Module -Name PSWindowsUpdateNote: You may need to open an elevated PowerShell prompt and run Set-ExecutionPolicy RemoteSigned to allow the execution of scripts signed by a trusted publisher. You may also want to do this via Windows Settings. This is because PowerShell is configured to prevent the execution of PowerShell scripts on Windows systems by default.
A NuGet package is a ZIP archive with some extra files. Some browsers, like Internet Explorer, automatically replace the .nupkg file extension with .zip
Commands in PSWindowsUpdate
Installed aliases and cmdlets can be displayed by typing Get-Command–module PSWindowsUpdate.
A brief description of principal commands is described below:
- Get-WindowsUpdate: This is the main cmdlet of the module. It lists, downloads, installs or hides a list of updates meeting predefined requisites and sets the rules of the restarts when installing the updates.
- Remove-WindowsUpdate: Uninstalls an update.
- Add-WUServiceManage: Registers a new Windows Update API Service Manager
- Get-WUHistory: Shows a list of installed updates
- Get-WUSettings: Gets Windows Update client settings
- Get-WUInstallerStatus: Gets Windows Update Installer Status (busy or not)
- Enable-WURemoting: Enables firewall rules for PSWindowsUpdate remoting
- Invoke-WUJob: Invokes PSWindowsUpdate actions remotely
Install Windows Updates
For Updates directly from the Microsoft update center, use the command below.
Get-WUInstall –MicrosoftUpdate –AcceptAll –AutoReboot
Install Updates from WSUS
For WSUS updates, the following commands work correctly.
Get-WindowsUpdate -install -AcceptAll -AutoRebootYou may want to see this guide on how to create a scheduled task. For Task Scheduled task error and success code, see the following link.
I hope you found this blog post helpful. Please let me know in the comment session if you have any questions.