Managing software patches is as crucial as maintaining Windows Workstation backups. These updates, often seen as interim solutions for issues between comprehensive software releases, can significantly enhance your system’s performance. With PowerShell, a cross-platform automation tool, you can streamline your patch management process and promptly mitigate potential system vulnerabilities.With PowerShell, a cross-platform automation tool, you can streamline your patch management process and promptly mitigate potential system vulnerabilities.

This article explores how to leverage PowerShell for efficient Windows updates, offering a comprehensive guide to useful PowerShell commands for automated patch management.

PowerShell: An Overview

Before diving into the specifics of automated Windows updates, let’s establish a foundation. PowerShell is a robust automation tool and configuration framework optimized for structured data, REST APIs, and object models. It features a command-line shell and an object-oriented scripting language, paired with a suite of tools for executing scripts/cmdlets and managing modules.

PowerShell’s prowess lies in its ability to automate tasks that could otherwise consume significant time and effort. One such task is the installation of Windows updates, a vital but often tedious process.

PSWindowsUpdate: The Game-changer

Addressing the complexity of patch management, Michal Gajda developed the PSWindowsUpdate module. This free-to-use tool, available in the PowerShell Gallery, facilitates smooth and efficient Windows patch management. It allows you to identify available updates for your system and manage these updates across various Windows servers and workstations.

The PSWindowsUpdate module requires Windows OS versions from Vista or Windows Server 2008 onwards, and PowerShell 2.0 or later.

Installing PSWindowsUpdate

To automate Windows patch management effectively using PowerShell, you first need to install the PSWindowsUpdate module on your computer. Launch an elevated PowerShell prompt and enter the following command:

Install-Module -Name PSWindowsUpdate

After executing this command, you’ll be asked to confirm the installation. Select Yes to proceed and accept all changes.

Once installed, you need to ensure remote access to other computers. This capability allows you to install Windows updates on remote computers, significantly reducing your time and effort. To facilitate PSWindowsUpdate’s interaction with remote machines, you need to save the module to your computer and share it over a network.

To store the PSWindowsUpdate module at a specified location, run the following cmdlet:

Save-Module -Name PSWindowsUpdate -Path

Using PSWindowsUpdate

Once you’ve installed and saved the module, the next step is understanding how to use it to automate Windows updates. This automation is a boon for IT administrators, particularly when performing patch management processes on Server Core machines lacking a GUI.

To generate a list of available Windows updates, use this PowerShell command:

Get-WindowsUpdate

This output will reveal which software or application requires updating. Following that, you can install all updates using the command below:

Get-WUInstall -AcceptAll –AutoReboot

To prevent a reboot from interrupting your workflow, you can use the following cmdlet:

Get-WUInstall -AcceptAll –IgnoreReboot

You’ll see the patch management process’s progress on your screen, along with a comprehensive list of updates and their current status.

Once the installation concludes, a message will appear in the PowerShell console, indicating that a manual restart is required. This approach allows you to schedule the reboot at a time that aligns with your convenience.

Command Overview for PSWindowsUpdate

The PSWindowsUpdate module works with several cmdlets. To view a full list of these commands, type the following and press Enter:

Get-Command –module PSWindowsUpdate

Some of these commands include:

1. Get-WUHistory: Displays the history of the latest updates.
2. Get-WUInstallerStatus: Checks the status of the Windows Installer service.
3. Get-WURebootStatus: Verifies whether a reboot is necessary for a specific update to be fully applied.
4. Get-WUServiceManager: Checks the source of Windows updates.
5. Hide-WindowsUpdate: Hides certain updates from the list to prevent their installation.
6. Remove-WindowsUpdate: Uninstalls updates installed on the machine.
7. Get-WUList: Scans for available Windows updates on a remote machine.

The Final Word

The PSWindowsUpdate module simplifies and enhances the patch management process. By automating update installations, you can ensure regular system updates, minimizing the risk of system failures and security breaches.

However, regular patch management alone cannot guarantee full-scale protection of your entire production environment. For comprehensive data protection, consider solutions like NAKIVO Backup & Replication, which offers backup and site recovery for physical, virtual, and cloud environments, ensuring recovery under any circumstances and reducing data protection costs.

To Sum It Up

Automating Windows updates with the PowerShell script is an efficient way to manage software patches, mitigate system vulnerabilities and enhance your IT infrastructure. With the PSWindowsUpdate module, you can streamline the patch management process, save time, and reduce the management overhead experienced during system patching. Harness the power of PowerShell to ensure your system is regularly updated and secure.

Feel like you need some help? We are here for you!

At DataPerk, we offer fully managed IT options so you can spend less time on your tech and more time on your business! Reach out to see how we can help you!