Windows Update - Execute Windows Update via PowerShell Install-Module (PS 5.0+ version) - superseded
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is an older version.

1Windows Update - Download modules and trigger run via PowerShell6/13/2018 2:46:37 PM
2Windows Update - Download modules and run via PowerShell6/13/2018 3:00:00 PM
3Windows Update - Execute Windows Update via modules and PowerShell6/13/2018 3:09:41 PM
4Windows Update - Execute Windows Update via PowerShell Install-Module (PS 5.0+ version)6/18/2018 11:20:04 AM
5Windows Update - Execute Windows Update via PowerShell Install-Module (PS 5.0+ version)6/18/2018 12:07:16 PM
6Windows Update - Execute Windows Update via PowerShell Install-Module (PS 5.0+ version)4/11/2019 12:43:27 PM

Description

This install the latest Windows updates.

Tested on Windows 10 v1709 with Powershell 5.1.  This version requires PS 5.0+ due to module usage.

  1. Checks for existing scripting policy LGPO registry item (cannot override GPO)
  2. If exists, back up and disable existing policy
  3. Install prerequisite: NuGet 2.8.5.201+
  4. Install Windows Update PowerShell Module v2.0.0.4 (tested, feel free to drop that requirement)
  5. Run Windows Update via newly added module
  6. (Optionally) Uninstall Windows Update PowerShell Module

It will not ask questions, and not provide options - it will simply install everything it is able to install in one round.

This version will NOT install Windows Feature Updates, such as Windows 10 updating version 1709 to version 1803.

By running this task you accept the Microsoft TechNet terms of use.

Module Credit Michal Gajda, source: https://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc/


Property Details

ID25527
StatusBeta - Preliminary testing ready for more
TitleWindows Update - Execute Windows Update via PowerShell Install-Module (PS 5.0+ version)
SourceInternal
Source Release Date6/13/2018 12:00:00 AM
KeywordsWindows Update Powershell Module MichalGajda
Is TaskTrue
Added by on 6/18/2018 11:20:04 AM
Last Modified by on 6/18/2018 11:24:20 AM
Counters 3112 Views / 1 Download
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 11 fixlets and 5 analyses   * Results in a true/false
Show indented relevance
exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1" whose (value "Install" of it as integer = 1) of registry
Used in 380 fixlets and 2 analyses   * Results in a true/false
Show indented relevance
x64 of operating system
isWindows (Relevance 1172)
Used in 1152 fixlets and 538 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 3 fixlets   * Results in a true/false
Show indented relevance
exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3" whose (value "Install" of it as integer = 1) of registry
Used in 3 fixlets   * Results in a true/false
Show indented relevance
exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine" whose (value "PowerShellVersion" of it as string as version >= "5.0") of registry

Actions

Action 1 (default)

Action Link Click here  to install Windows + Microsoft Updates without rebooting or notifying the user.
Script Type BigFix Action Script
// Set Powershell
parameter "PowerShellexe"="{value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of x64 registry}"
// Disable script protection
if {exist (value "EnableScripts" of it = "0") of key "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /t REG_DWORD /d 00000001 /f
endif

// Disable execution policy in scope of current user (system)
waithidden "{parameter "PowerShellexe"}" Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -Force

// Install PowerShell Modules from PSGallery
waithidden "{parameter "PowerShellexe"}" "Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force"
waithidden "{parameter "PowerShellexe"}" "Install-Module -Name PSWindowsUpdate -RequiredVersion 2.0.0.4 -Force"
waithidden "{parameter "PowerShellexe"}" "Import-Module -Name PSWindowsUpdate -Force"

// Check for and install Windows Updates
waithidden "{parameter "PowerShellexe"}" -ExecutionPolicy Bypass -Command "Get-WindowsUpdate -Install -MicrosoftUpdate -AcceptAll -IgnoreReboot -Confirm:$false"

// Restrict execution policy
waithidden "{parameter "PowerShellexe"}" Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Restricted -Force

// Re-enable script protection
if {exist (value "EnableScriptsbackup" of it = "1") of key "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /t REG_DWORD /d 00000000 /f
endif
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 2

Action Link Click here  to install Windows + Microsoft Updates and automatically reboot without asking to reboot.
Script Type BigFix Action Script
// Set Powershell
parameter "PowerShellexe"="{value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of x64 registry}"
// Disable script protection
if {exist (value "EnableScripts" of it = "0") of key "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /t REG_DWORD /d 00000001 /f
endif

// Disable execution policy in scope of current user (system)
waithidden "{parameter "PowerShellexe"}" Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -Force

// Install PowerShell Modules from PSGallery
waithidden "{parameter "PowerShellexe"}" "Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force"
waithidden "{parameter "PowerShellexe"}" "Install-Module -Name PSWindowsUpdate -RequiredVersion 2.0.0.4 -Force"
waithidden "{parameter "PowerShellexe"}" "Import-Module -Name PSWindowsUpdate -Force"

// Check for and install Windows Updates
waithidden "{parameter "PowerShellexe"}" -ExecutionPolicy Bypass -Command "Get-WindowsUpdate -Install -MicrosoftUpdate -AcceptAll -AutoReboot -Confirm:$false"

// Restrict execution policy
waithidden "{parameter "PowerShellexe"}" Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Restricted -Force

// Re-enable script protection
if {exist (value "EnableScriptsbackup" of it = "1") of key "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /t REG_DWORD /d 00000000 /f
endif
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 3

Action Link Click here  to install Windows Updates and automatically reboot without asking to reboot.
Script Type BigFix Action Script
// Set Powershell
parameter "PowerShellexe"="{value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of x64 registry}"
// Disable script protection
if {exist (value "EnableScripts" of it = "0") of key "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /t REG_DWORD /d 00000001 /f
endif

// Disable execution policy in scope of current user (system)
waithidden "{parameter "PowerShellexe"}" Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -Force

// Install PowerShell Modules from PSGallery
waithidden "{parameter "PowerShellexe"}" "Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force"
waithidden "{parameter "PowerShellexe"}" "Install-Module -Name PSWindowsUpdate -RequiredVersion 2.0.0.4 -Force"
waithidden "{parameter "PowerShellexe"}" "Import-Module -Name PSWindowsUpdate -Force"

// Check for and install Windows Updates
waithidden "{parameter "PowerShellexe"}" -ExecutionPolicy Bypass -Command "Get-WindowsUpdate -Install -AcceptAll -AutoReboot -Confirm:$false"

// Restrict execution policy
waithidden "{parameter "PowerShellexe"}" Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Restricted -Force

// Re-enable script protection
if {exist (value "EnableScriptsbackup" of it = "1") of key "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /t REG_DWORD /d 00000000 /f
endif
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 4

Action Link Click here  to install Windows Updates without rebooting or notifying the user.
Script Type BigFix Action Script
// Set Powershell
parameter "PowerShellexe"="{value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of x64 registry}"
// Disable script protection
if {exist (value "EnableScripts" of it = "0") of key "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /t REG_DWORD /d 00000001 /f
endif

// Disable execution policy in scope of current user (system)
waithidden "{parameter "PowerShellexe"}" Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -Force

// Install PowerShell Modules from PSGallery
waithidden "{parameter "PowerShellexe"}" "Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force"
waithidden "{parameter "PowerShellexe"}" "Install-Module -Name PSWindowsUpdate -RequiredVersion 2.0.0.4 -Force"
waithidden "{parameter "PowerShellexe"}" "Import-Module -Name PSWindowsUpdate -Force"

// Check for and install Windows Updates
waithidden "{parameter "PowerShellexe"}" -ExecutionPolicy Bypass -Command "Get-WindowsUpdate -Install -AcceptAll -IgnoreReboot -Confirm:$false"

// Restrict execution policy
waithidden "{parameter "PowerShellexe"}" Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Restricted -Force

// Re-enable script protection
if {exist (value "EnableScriptsbackup" of it = "1") of key "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /t REG_DWORD /d 00000000 /f
endif
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 5

Action Link Click here to go to the TechNet page on this PowerShell module.
Script Type URL
https://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc/
    

Action 6

Action Link Click here to uninstall the PowerShell module.
Script Type BigFix Action Script
// Set Powershell
parameter "PowerShellexe"="{value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of x64 registry}"
// Disable script protection
if {exist (value "EnableScripts" of it = "0") of key "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /t REG_DWORD /d 00000001 /f
endif

// Disable execution policy in scope of current user (system)
waithidden "{parameter "PowerShellexe"}" Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -Force

// Install PowerShell Modules from PSGallery
waithidden "{parameter "PowerShellexe"}" -ExecutionPolicy Bypass -Command "Uninstall-Module -Name PSWindowsUpdate -Force"

// Restrict execution policy
waithidden "{parameter "PowerShellexe"}" Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Restricted -Force


// Re-enable script protection
if {exist (value "EnableScriptsbackup" of it = "1") of key "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /t REG_DWORD /d 00000000 /f
endif
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
rdshift -
An older version of this task improperly used the singular "key" instead of "keys" in an exists statement, leading to a failure when executing where the key/value did not exist. Unfortunately, we have had this as a policy for quite some time, so all of our workstations had this value. It has since been corrected and retested.