Windows Update using Powershell Remotely

Welcome Forums General PowerShell Q&A Windows Update using Powershell Remotely

This topic contains 12 replies, has 3 voices, and was last updated by

 
Participant
3 months ago.

  • Author
    Posts
  • #161087

    Participant
    Topics: 16
    Replies: 61
    Points: 274
    Rank: Contributor

    I have

    Windows 7 Windows 8.1 Windows 10

    Windows 2012 R2 Windows 2016 and Windows 2019

    All running Power Shell version 5 or above.

    I ran this on all the computers

    Install-module pswindowsupdate -force

    From My Computer Windows 10 I try various way to run install-windowsupdate command with no luck

    If I run the install-windowsupdate command locally it runs

    Here is what I tried.

     

    This is a Windows 10 Computer

    PS C:\util> install-windowsupdate -computername TGKW004
    install-windowsupdate : TGKW004: Connection failure, check firewall on destination machine.
    At line:1 char:1
    + install-windowsupdate -computername TGKW004
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (:) [Get-WindowsUpdate], Exception
    + FullyQualifiedErrorId : 800706BA,PSWindowsUpdate.GetWindowsUpdate

    This is a windows 2012 R2 Server

    PS C:\util> install-windowsupdate -computername TGCS011
    install-windowsupdate : TGCS011: Unknown failure.
    At line:1 char:1
    + install-windowsupdate -computername TGCS011
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (:) [Get-WindowsUpdate], Exception
    + FullyQualifiedErrorId : Unknown,PSWindowsUpdate.GetWindowsUpdate

     

     

    Then I tried enter-possession

     

    PS C:\util> Enter-PSSession  -ComputerName tgcs004
    [tgcs004]: PS C:\Users\Thomas R Grassi Jr\Documents> install-windowsupdate -ACCEPTALL -autoreboot -verbose
    WARNING: Support local instance only, Continue...
    VERBOSE: Connecting to Windows Server Update Service server. Please wait...
    VERBOSE: Found [4] Updates in pre search criteria
    VERBOSE: Found [4] Updates in post search criteria

    X Status     KB          Size Title
    – ——     —          —- —–
    2 Accepted   KB890830    4 MB Windows Malicious Software Removal Tool x64 – June 2019 (KB890830)
    2 Accepted   KB4503290  57 MB 2019-06 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems ...
    2 Accepted   KB4503259  55 MB 2019-06 Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2...
    2 Accepted   KB4503276 456 MB 2019-06 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Syste...
    VERBOSE: Accept [4] Updates to Download
    Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
    At C:\windows\system32\windowspowershell\v1.0\Modules\PSWindowsUpdate\1.5.2.2\Get-WUInstall.ps1:807 char:5
    +                 $Downloader = $objSession.CreateUpdateDownloader()
    +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (:) [], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException

    The property 'Updates' cannot be found on this object. Verify that the property exists and can be set.
    At C:\windows\system32\windowspowershell\v1.0\Modules\PSWindowsUpdate\1.5.2.2\Get-WUInstall.ps1:808 char:5
    +                 $Downloader.Updates = $objCollectionTmp
    +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : PropertyNotFound

     

    Any ideas?

     

    Thank you,

     

    Tom

     

     

  • #161109

    Senior Moderator
    Topics: 8
    Replies: 1041
    Points: 3,440
    Helping Hand
    Rank: Community Hero

    Try following some replies in below thread, seems similar.

    PS Remoting for windows update module

  • #161163

    Participant
    Topics: 16
    Replies: 61
    Points: 274
    Rank: Contributor

    Thanks but his problem is different.

     

    I had the same error as he had and I ran this

    Set-Item WSMan:localhost\client\trustedhosts -value *

    Also I have tried usoclient and that does nothing.  no output updates never install do not know the purpose of that program very useless.

     

    So we are now back to my problem why does it think I have a firewall issue?

     

    I can run invoke-command to any computer/server on my network.

    I can enter-possession to any computer/server

    So WINRM is working every where.

    I even tried this

    Enable-psremoting

    What else can it be?

     

  • #161208

    Participant
    Topics: 2
    Replies: 54
    Points: 278
    Helping Hand
    Rank: Contributor

    The output you included in your first post says:

    WARNING: Support local instance only, Continue...

    It looks like you should be using Invoke-WUInstall (from the PSWindowsUpdate module) to get the results you want. Install-WindowsUpdate appears to be an alias included with that module, but I'm not sure what function it is specifically aliased to, so you should try Invoke-WUInstall directly as explained in that blog.

  • #161315

    Participant
    Topics: 16
    Replies: 61
    Points: 274
    Rank: Contributor

    PS C:\util> Invoke-WUInstall -ComputerName TGCS005-N1 -Script {ipmo PSWindowsUpdate; Get-WUInstall -AcceptAll | Out-File
    C:\PSWindowsUpdate.log } -Confirm:$false –Verbose
    Invoke-WUInstall : The term 'Invoke-WUInstall' is not recognized as the name of a cmdlet, function, script file, or
    operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
    again.
    At line:1 char:1
    + Invoke-WUInstall -ComputerName TGCS005-N1 -Script {ipmo PSWindowsUpda ...
    + ~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Invoke-WUInstall:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

     

    That did not work either

    • #161532

      Participant
      Topics: 2
      Replies: 54
      Points: 278
      Helping Hand
      Rank: Contributor

      It's odd that you couldn't find Invoke-WUInstall. What do you get from

      Get-Command -Module PSWindowsUpdate

      ?

  • #161418

    Participant
    Topics: 16
    Replies: 61
    Points: 274
    Rank: Contributor

    I created a script on the remote computer

    clear-host
    install-windowsupdate -acceptall -autoreboot -verbose | out-file c:\util\logs\currentupdates.log

    Then did

    Enter-possession -computername TGCS002-2016

    VERBOSE: TGCS002-2016 (6/15/2019 8:08:00 PM): Connecting to Windows Server Update Service
    (http://wsus.our.network.tgcsnet.com:8530) server. Please wait...
    VERBOSE: Found [3] Updates in pre search criteria
    VERBOSE: Found [3] Updates in post search criteria
    VERBOSE: Accepted [3] Updates ready to Download
    install-windowsupdate : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
    At C:\util\wu.ps1:2 char:1
    + install-windowsupdate -acceptall -autoreboot -verbose | out-file c:\u ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-WindowsUpdate], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,PSWindowsUpdate.GetWindowsUpdate

     

    I even tried this

    invoke-command -ComputerName tgcs002-2016 -ScriptBlock {c:\util\wu.ps1}

     

    VERBOSE: TGCS002-2016 (6/15/2019 8:20:43 PM): Connecting to Windows Server Update Service
    (http://wsus.our.network.tgcsnet.com:8530) server. Please wait...
    VERBOSE: Found [3] Updates in pre search criteria
    VERBOSE: Found [3] Updates in post search criteria
    VERBOSE: Accepted [3] Updates ready to Download
    Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
    + CategoryInfo          : NotSpecified: (:) [Get-WindowsUpdate], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,PSWindowsUpdate.GetWindowsUpdate
    + PSComputerName        : tgcs002-2016.home.tgcsnet.com

     

     

    Why am I getting access denied.

  • #161538

    Senior Moderator
    Topics: 8
    Replies: 1041
    Points: 3,440
    Helping Hand
    Rank: Community Hero

    You can use Set-PSWUSettings to use a credential and use the output with Install-WindowsUpdate -PSWUSettings. Otherwise it could be related to double hoping issue. Better if you can read the enable credential delegation. You can refer below documentation.

    Enable PowerShell "Second-Hop" Functionality with CredSSP

  • #161552

    Participant
    Topics: 16
    Replies: 61
    Points: 274
    Rank: Contributor

    Please provide code example.

    PS C:\util> Get-Command -Module PSWindowsUpdate

    CommandType     Name                                               Version    Source
    ———–     —-                                               ——-    ——
    Alias           Clear-WUJob                                        2.1.1.2    PSWindowsUpdate
    Alias           Download-WindowsUpdate                             2.1.1.2    PSWindowsUpdate
    Alias           Get-WUInstall                                      2.1.1.2    PSWindowsUpdate
    Alias           Get-WUList                                         2.1.1.2    PSWindowsUpdate
    Alias           Hide-WindowsUpdate                                 2.1.1.2    PSWindowsUpdate
    Alias           Install-WindowsUpdate                              2.1.1.2    PSWindowsUpdate
    Alias           Show-WindowsUpdate                                 2.1.1.2    PSWindowsUpdate
    Alias           UnHide-WindowsUpdate                               2.1.1.2    PSWindowsUpdate
    Alias           Uninstall-WindowsUpdate                            2.1.1.2    PSWindowsUpdate
    Cmdlet          Add-WUServiceManager                               2.1.1.2    PSWindowsUpdate
    Cmdlet          Enable-WURemoting                                  2.1.1.2    PSWindowsUpdate
    Cmdlet          Get-WindowsUpdate                                  2.1.1.2    PSWindowsUpdate
    Cmdlet          Get-WUApiVersion                                   2.1.1.2    PSWindowsUpdate
    Cmdlet          Get-WUHistory                                      2.1.1.2    PSWindowsUpdate
    Cmdlet          Get-WUInstallerStatus                              2.1.1.2    PSWindowsUpdate
    Cmdlet          Get-WUJob                                          2.1.1.2    PSWindowsUpdate
    Cmdlet          Get-WULastResults                                  2.1.1.2    PSWindowsUpdate
    Cmdlet          Get-WURebootStatus                                 2.1.1.2    PSWindowsUpdate
    Cmdlet          Get-WUServiceManager                               2.1.1.2    PSWindowsUpdate
    Cmdlet          Get-WUSettings                                     2.1.1.2    PSWindowsUpdate
    Cmdlet          Invoke-WUJob                                       2.1.1.2    PSWindowsUpdate
    Cmdlet          Remove-WindowsUpdate                               2.1.1.2    PSWindowsUpdate
    Cmdlet          Remove-WUServiceManager                            2.1.1.2    PSWindowsUpdate
    Cmdlet          Set-PSWUSettings                                   2.1.1.2    PSWindowsUpdate
    Cmdlet          Set-WUSettings                                     2.1.1.2    PSWindowsUpdate
    Cmdlet          Update-WUModule                                    2.1.1.2    PSWindowsUpdate

     

  • #161555

    Senior Moderator
    Topics: 8
    Replies: 1041
    Points: 3,440
    Helping Hand
    Rank: Community Hero

    Don't have a system to test and never used this module. The suggestions are based on the documentation. I coulf suggest below code (not tested)

    $PSWUSettings = Set-PSWUSettings -Credential (Get-Credential) #user with admin access in $server
    Install-WindowsUpdate -ComputerName $Server -PSWUSettings $PSWUSettings -ACCEPTALL -autoreboot -verbose
    
  • #161564

    Participant
    Topics: 2
    Replies: 54
    Points: 278
    Helping Hand
    Rank: Contributor

    Oh, right, he's referring to an older version of PSWindowsUpdate in that blog post (specifically 1.5.2.6). You could try installing the older version of the module to get the Invoke-WUInstall command if you want. But, upon further reading it seems that command is actually a bit of a kludge, so at-your-own-risk.

    There are a lot of barriers in place to prevent you from forcing a Windows update remotely, placed there by Microsoft. Theoretically this is for "security reasons", but that seems a bit hypocritical when M$ has demonstrated the ability to force install updates and reboot user machines without the user's permission. It's possible to do what you want, but you shouldn't expect it to be straightforward, because M$ has specifically taken steps to prevent it. Sysadmins used to rely on wuacult, but M$ has removed that functionality.

    I would still recommend USOClient, specifically using ScanInstallWait and then RestartDevice. I can confirm that it works on Windows 10 up to r1803.

    kvprasoon is probably correct that the 'Permission Denied' error is due to the double-hop problem. Solving this problem for your network may allow you to use Install-WindowsUpdate remotely as you originally wanted to, but I don't recommend CredSSP because of security concerns. It can be done securely with Kerberos, but you should read that blog thoroughly and understand exactly how that method would apply to your network. With so many different versions of Windows running, if you do it wrong you'll expose your system to security problems.

  • #161567

    Participant
    Topics: 16
    Replies: 61
    Points: 274
    Rank: Contributor

    PS C:\util> $Server = "TGCS002-2016.home.tgcsnet.com"
    PS C:\util> $PSWUSettings = Set-PSWUSettings -Credential (Get-Credential)

    cmdlet Get-Credential at command pipeline position 1
    Supply values for the following parameters:
    Credential
    PS C:\util> Install-WindowsUpdate -ComputerName $Server -PSWUSettings $PSWUSettings -ACCEPTALL -autoreboot -verbose
    Get-WindowsUpdate : Cannot convert " to the type 'System.Collections.Hashtable' required by parameter 'PSWUSettings'.
    Specified method is not supported.
    At line:1 char:59
    + ... ndowsUpdate -ComputerName $Server -PSWUSettings $PSWUSettings -ACCEPT ...
    +                                                     ~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-WindowsUpdate], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgument,PSWindowsUpdate.GetWindowsUpdate

    PS C:\util>

  • #161850

    Participant
    Topics: 16
    Replies: 61
    Points: 274
    Rank: Contributor

    Hello Everyone

    I figured out a method.

    First I created a small script and copied to each computer.

    Then created a scheduled task

    The script

    clear-host
    write-host "Starting Patches Service"
    # service places host in maint mode on Nagios
    start-service patches
    $Server = hostname 
    get-windowsupdate -computername $Server -acceptall -autoreboot -install -verbose | out-file c:\util\logs\currentupdates.log
    
    $bigbody += Get-Content -Path "C:\util\Logs\currentupdates.log" | out-string 
    
    $Params = @{
       Subject = "$Server Monthly Update Report"
       Body = " $bigbody"
       From = "no-reply@tgcsnet.com"
       To = "systems-alert@home.com"
       smtpserver = "InternalRelay.HOME.COM"
    }
    
    
    Send-MailMessage @Params
    

    Then from my desktop I run this command

    Invoke-Command -ComputerName test01 -ScriptBlock {Start-scheduledtask -taskname "Install-Updates"}

    This works great

The topic ‘Windows Update using Powershell Remotely’ is closed to new replies.