Windows Update using Powershell Remotely

Welcome Forums General PowerShell Q&A Windows Update using Powershell Remotely

Viewing 11 reply threads
  • Author
    Posts
    • #161087
      Participant
      Topics: 34
      Replies: 110
      Points: 565
      Rank: Major Contributor

      I have

      Windows 7 Windows 8.1 Windows 10

      Windows 2012 R2 Windows 2016 and Windows 2019

      All running Power Shell version 5 or above.

      I ran this on all the computers

      Install-module pswindowsupdate -force

      From My Computer Windows 10 I try various way to run install-windowsupdate command with no luck

      If I run the install-windowsupdate command locally it runs

      Here is what I tried.

       

      This is a Windows 10 Computer

      PS C:\util> install-windowsupdate -computername TGKW004
      install-windowsupdate : TGKW004: Connection failure, check firewall on destination machine.
      At line:1 char:1
      + install-windowsupdate -computername TGKW004
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : ResourceUnavailable: (:) [Get-WindowsUpdate], Exception
      + FullyQualifiedErrorId : 800706BA,PSWindowsUpdate.GetWindowsUpdate

      This is a windows 2012 R2 Server

      PS C:\util> install-windowsupdate -computername TGCS011
      install-windowsupdate : TGCS011: Unknown failure.
      At line:1 char:1
      + install-windowsupdate -computername TGCS011
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : PermissionDenied: (:) [Get-WindowsUpdate], Exception
      + FullyQualifiedErrorId : Unknown,PSWindowsUpdate.GetWindowsUpdate

       

       

      Then I tried enter-possession

       

      PS C:\util> Enter-PSSession  -ComputerName tgcs004
      [tgcs004]: PS C:\Users\Thomas R Grassi Jr\Documents> install-windowsupdate -ACCEPTALL -autoreboot -verbose
      WARNING: Support local instance only, Continue…
      VERBOSE: Connecting to Windows Server Update Service server. Please wait…
      VERBOSE: Found [4] Updates in pre search criteria
      VERBOSE: Found [4] Updates in post search criteria

      X Status     KB          Size Title
      – ——     —          —- —–
      2 Accepted   KB890830    4 MB Windows Malicious Software Removal Tool x64 – June 2019 (KB890830)
      2 Accepted   KB4503290  57 MB 2019-06 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems …
      2 Accepted   KB4503259  55 MB 2019-06 Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2…
      2 Accepted   KB4503276 456 MB 2019-06 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Syste…
      VERBOSE: Accept [4] Updates to Download
      Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
      At C:\windows\system32\windowspowershell\v1.0\Modules\PSWindowsUpdate\1.5.2.2\Get-WUInstall.ps1:807 char:5
      +                 $Downloader = $objSession.CreateUpdateDownloader()
      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : OperationStopped: (:) [], UnauthorizedAccessException
      + FullyQualifiedErrorId : System.UnauthorizedAccessException

      The property ‘Updates’ cannot be found on this object. Verify that the property exists and can be set.
      At C:\windows\system32\windowspowershell\v1.0\Modules\PSWindowsUpdate\1.5.2.2\Get-WUInstall.ps1:808 char:5
      +                 $Downloader.Updates = $objCollectionTmp
      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
      + FullyQualifiedErrorId : PropertyNotFound

       

      Any ideas?

       

      Thank you,

       

      Tom

       

       

    • #161109
      Senior Moderator
      Topics: 9
      Replies: 1236
      Points: 4,443
      Helping Hand
      Rank: Community Hero

      Try following some replies in below thread, seems similar.

      PS Remoting for windows update module

    • #161163
      Participant
      Topics: 34
      Replies: 110
      Points: 565
      Rank: Major Contributor

      Thanks but his problem is different.

       

      I had the same error as he had and I ran this

      Set-Item WSMan:localhost\client\trustedhosts -value *

      Also I have tried usoclient and that does nothing.  no output updates never install do not know the purpose of that program very useless.

       

      So we are now back to my problem why does it think I have a firewall issue?

       

      I can run invoke-command to any computer/server on my network.

      I can enter-possession to any computer/server

      So WINRM is working every where.

      I even tried this

      Enable-psremoting

      What else can it be?

       

    • #161208
      Senior Moderator
      Topics: 3
      Replies: 123
      Points: 653
      Helping Hand
      Rank: Major Contributor

      The output you included in your first post says:

      WARNING: Support local instance only, Continue…

      It looks like you should be using Invoke-WUInstall (from the PSWindowsUpdate module) to get the results you want. Install-WindowsUpdate appears to be an alias included with that module, but I’m not sure what function it is specifically aliased to, so you should try Invoke-WUInstall directly as explained in that blog.

    • #161315
      Participant
      Topics: 34
      Replies: 110
      Points: 565
      Rank: Major Contributor

      PS C:\util> Invoke-WUInstall -ComputerName TGCS005-N1 -Script {ipmo PSWindowsUpdate; Get-WUInstall -AcceptAll | Out-File
      C:\PSWindowsUpdate.log } -Confirm:$false –Verbose
      Invoke-WUInstall : The term ‘Invoke-WUInstall’ is not recognized as the name of a cmdlet, function, script file, or
      operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
      again.
      At line:1 char:1
      + Invoke-WUInstall -ComputerName TGCS005-N1 -Script {ipmo PSWindowsUpda …
      + ~~~~~~~~~~~~~~~~
      + CategoryInfo          : ObjectNotFound: (Invoke-WUInstall:String) [], CommandNotFoundException
      + FullyQualifiedErrorId : CommandNotFoundException

       

      That did not work either

      • #161532
        Senior Moderator
        Topics: 3
        Replies: 123
        Points: 653
        Helping Hand
        Rank: Major Contributor

        It’s odd that you couldn’t find Invoke-WUInstall. What do you get from

        Get-Command -Module PSWindowsUpdate

        ?

    • #161418
      Participant
      Topics: 34
      Replies: 110
      Points: 565
      Rank: Major Contributor

      I created a script on the remote computer

      clear-host
      install-windowsupdate -acceptall -autoreboot -verbose | out-file c:\util\logs\currentupdates.log

      Then did

      Enter-possession -computername TGCS002-2016

      VERBOSE: TGCS002-2016 (6/15/2019 8:08:00 PM): Connecting to Windows Server Update Service
      (http://wsus.our.network.tgcsnet.com:8530) server. Please wait…
      VERBOSE: Found [3] Updates in pre search criteria
      VERBOSE: Found [3] Updates in post search criteria
      VERBOSE: Accepted [3] Updates ready to Download
      install-windowsupdate : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
      At C:\util\wu.ps1:2 char:1
      + install-windowsupdate -acceptall -autoreboot -verbose | out-file c:\u …
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : NotSpecified: (:) [Get-WindowsUpdate], UnauthorizedAccessException
      + FullyQualifiedErrorId : System.UnauthorizedAccessException,PSWindowsUpdate.GetWindowsUpdate

       

      I even tried this

      invoke-command -ComputerName tgcs002-2016 -ScriptBlock {c:\util\wu.ps1}

       

      VERBOSE: TGCS002-2016 (6/15/2019 8:20:43 PM): Connecting to Windows Server Update Service
      (http://wsus.our.network.tgcsnet.com:8530) server. Please wait…
      VERBOSE: Found [3] Updates in pre search criteria
      VERBOSE: Found [3] Updates in post search criteria
      VERBOSE: Accepted [3] Updates ready to Download
      Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
      + CategoryInfo          : NotSpecified: (:) [Get-WindowsUpdate], UnauthorizedAccessException
      + FullyQualifiedErrorId : System.UnauthorizedAccessException,PSWindowsUpdate.GetWindowsUpdate
      + PSComputerName        : tgcs002-2016.home.tgcsnet.com

       

       

      Why am I getting access denied.

    • #161538
      Senior Moderator
      Topics: 9
      Replies: 1236
      Points: 4,443
      Helping Hand
      Rank: Community Hero

      You can use Set-PSWUSettings to use a credential and use the output with Install-WindowsUpdate -PSWUSettings. Otherwise it could be related to double hoping issue. Better if you can read the enable credential delegation. You can refer below documentation.

      Enable PowerShell "Second-Hop" Functionality with CredSSP

    • #161552
      Participant
      Topics: 34
      Replies: 110
      Points: 565
      Rank: Major Contributor

      Please provide code example.

      PS C:\util> Get-Command -Module PSWindowsUpdate

      CommandType     Name                                               Version    Source
      ———–     —-                                               ——-    ——
      Alias           Clear-WUJob                                        2.1.1.2    PSWindowsUpdate
      Alias           Download-WindowsUpdate                             2.1.1.2    PSWindowsUpdate
      Alias           Get-WUInstall                                      2.1.1.2    PSWindowsUpdate
      Alias           Get-WUList                                         2.1.1.2    PSWindowsUpdate
      Alias           Hide-WindowsUpdate                                 2.1.1.2    PSWindowsUpdate
      Alias           Install-WindowsUpdate                              2.1.1.2    PSWindowsUpdate
      Alias           Show-WindowsUpdate                                 2.1.1.2    PSWindowsUpdate
      Alias           UnHide-WindowsUpdate                               2.1.1.2    PSWindowsUpdate
      Alias           Uninstall-WindowsUpdate                            2.1.1.2    PSWindowsUpdate
      Cmdlet          Add-WUServiceManager                               2.1.1.2    PSWindowsUpdate
      Cmdlet          Enable-WURemoting                                  2.1.1.2    PSWindowsUpdate
      Cmdlet          Get-WindowsUpdate                                  2.1.1.2    PSWindowsUpdate
      Cmdlet          Get-WUApiVersion                                   2.1.1.2    PSWindowsUpdate
      Cmdlet          Get-WUHistory                                      2.1.1.2    PSWindowsUpdate
      Cmdlet          Get-WUInstallerStatus                              2.1.1.2    PSWindowsUpdate
      Cmdlet          Get-WUJob                                          2.1.1.2    PSWindowsUpdate
      Cmdlet          Get-WULastResults                                  2.1.1.2    PSWindowsUpdate
      Cmdlet          Get-WURebootStatus                                 2.1.1.2    PSWindowsUpdate
      Cmdlet          Get-WUServiceManager                               2.1.1.2    PSWindowsUpdate
      Cmdlet          Get-WUSettings                                     2.1.1.2    PSWindowsUpdate
      Cmdlet          Invoke-WUJob                                       2.1.1.2    PSWindowsUpdate
      Cmdlet          Remove-WindowsUpdate                               2.1.1.2    PSWindowsUpdate
      Cmdlet          Remove-WUServiceManager                            2.1.1.2    PSWindowsUpdate
      Cmdlet          Set-PSWUSettings                                   2.1.1.2    PSWindowsUpdate
      Cmdlet          Set-WUSettings                                     2.1.1.2    PSWindowsUpdate
      Cmdlet          Update-WUModule                                    2.1.1.2    PSWindowsUpdate

       

    • #161555
      Senior Moderator
      Topics: 9
      Replies: 1236
      Points: 4,443
      Helping Hand
      Rank: Community Hero

      Don’t have a system to test and never used this module. The suggestions are based on the documentation. I coulf suggest below code (not tested)

      $PSWUSettings = Set-PSWUSettings -Credential (Get-Credential) #user with admin access in $server
      Install-WindowsUpdate -ComputerName $Server -PSWUSettings $PSWUSettings -ACCEPTALL -autoreboot -verbose
      
    • #161564
      Senior Moderator
      Topics: 3
      Replies: 123
      Points: 653
      Helping Hand
      Rank: Major Contributor

      Oh, right, he’s referring to an older version of PSWindowsUpdate in that blog post (specifically 1.5.2.6). You could try installing the older version of the module to get the Invoke-WUInstall command if you want. But, upon further reading it seems that command is actually a bit of a kludge, so at-your-own-risk.

      There are a lot of barriers in place to prevent you from forcing a Windows update remotely, placed there by Microsoft. Theoretically this is for “security reasons”, but that seems a bit hypocritical when M$ has demonstrated the ability to force install updates and reboot user machines without the user’s permission. It’s possible to do what you want, but you shouldn’t expect it to be straightforward, because M$ has specifically taken steps to prevent it. Sysadmins used to rely on wuacult, but M$ has removed that functionality.

      I would still recommend USOClient, specifically using ScanInstallWait and then RestartDevice. I can confirm that it works on Windows 10 up to r1803.

      kvprasoon is probably correct that the ‘Permission Denied’ error is due to the double-hop problem. Solving this problem for your network may allow you to use Install-WindowsUpdate remotely as you originally wanted to, but I don’t recommend CredSSP because of security concerns. It can be done securely with Kerberos, but you should read that blog thoroughly and understand exactly how that method would apply to your network. With so many different versions of Windows running, if you do it wrong you’ll expose your system to security problems.

    • #161567
      Participant
      Topics: 34
      Replies: 110
      Points: 565
      Rank: Major Contributor

      PS C:\util> $Server = “TGCS002-2016.home.tgcsnet.com”
      PS C:\util> $PSWUSettings = Set-PSWUSettings -Credential (Get-Credential)

      cmdlet Get-Credential at command pipeline position 1
      Supply values for the following parameters:
      Credential
      PS C:\util> Install-WindowsUpdate -ComputerName $Server -PSWUSettings $PSWUSettings -ACCEPTALL -autoreboot -verbose
      Get-WindowsUpdate : Cannot convert ” to the type ‘System.Collections.Hashtable’ required by parameter ‘PSWUSettings’.
      Specified method is not supported.
      At line:1 char:59
      + … ndowsUpdate -ComputerName $Server -PSWUSettings $PSWUSettings -ACCEPT …
      +                                                     ~~~~~~~~~~~~~
      + CategoryInfo          : InvalidArgument: (:) [Get-WindowsUpdate], ParameterBindingException
      + FullyQualifiedErrorId : CannotConvertArgument,PSWindowsUpdate.GetWindowsUpdate

      PS C:\util>

    • #161850
      Participant
      Topics: 34
      Replies: 110
      Points: 565
      Rank: Major Contributor

      Hello Everyone

      I figured out a method.

      First I created a small script and copied to each computer.

      Then created a scheduled task

      The script

      clear-host
      write-host "Starting Patches Service"
      # service places host in maint mode on Nagios
      start-service patches
      $Server = hostname 
      get-windowsupdate -computername $Server -acceptall -autoreboot -install -verbose | out-file c:\util\logs\currentupdates.log
      
      $bigbody += Get-Content -Path "C:\util\Logs\currentupdates.log" | out-string 
      
      $Params = @{
         Subject = "$Server Monthly Update Report"
         Body = " $bigbody"
         From = "[email protected]"
         To = "[email protected]"
         smtpserver = "InternalRelay.HOME.COM"
      }
      
      
      Send-MailMessage @Params
      

      Then from my desktop I run this command

      Invoke-Command -ComputerName test01 -ScriptBlock {Start-scheduledtask -taskname “Install-Updates”}

      This works great

Viewing 11 reply threads
  • The topic ‘Windows Update using Powershell Remotely’ is closed to new replies.