Windows Update - Execute Windows Update via PowerShell Install-Module (PS 5.0+ version)
Log In or Register to download the BES file, and more.

1 Votes

Versioning - This is the latest version.

1Windows Update - Download modules and trigger run via PowerShell6/13/2018 2:46:37 PM
2Windows Update - Download modules and run via PowerShell6/13/2018 3:00:00 PM
3Windows Update - Execute Windows Update via modules and PowerShell6/13/2018 3:09:41 PM
4Windows Update - Execute Windows Update via PowerShell Install-Module (PS 5.0+ version)6/18/2018 11:20:04 AM
5Windows Update - Execute Windows Update via PowerShell Install-Module (PS 5.0+ version)6/18/2018 12:07:16 PM
6Windows Update - Execute Windows Update via PowerShell Install-Module (PS 5.0+ version)4/11/2019 12:43:27 PM

Description

This installs the latest Windows updates.

Last tested on Windows 10 v1803 with PowerShell 5.1.  This version requires PS 5.0+ due to module usage.

  1. Checks for existing scripting policy LGPO registry item (cannot override GPO)
  2. If exists, back up and disable existing policy
  3. Install prerequisite: NuGet 2.8.5.201+
  4. Install Windows Update PowerShell Module v2.0.0.4 (tested, feel free to drop that requirement)
  5. Run Windows Update via newly added module
  6. Action 6 is a separate action to uninstall Windows Update PowerShell Module "PSWindowsUpdate" if you would like to scrub the environment.

It will not ask questions, and not provide options - it will simply install everything it is able to install in one round.

This version will NOT install Windows Feature Updates, such as Windows 10 version 1803 to version 1809.

By running this task you accept the Microsoft TechNet terms of use.

Module Credit Michal Gajda, source: https://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc/


Property Details

ID26617
StatusProduction - Fully Tested and Ready for Production
TitleWindows Update - Execute Windows Update via PowerShell Install-Module (PS 5.0+ version)
SourceInternal
Source Release Date6/13/2018 12:00:00 AM
KeywordsWindows Update Powershell Module MichalGajda
Is TaskTrue
Added by on 4/11/2019 12:43:27 PM
Last Modified by on 4/16/2019 7:13:02 AM
Counters 4651 Views / 42 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 11 fixlets and 5 analyses   * Results in a true/false
Show indented relevance
exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1" whose (value "Install" of it as integer = 1) of registry
Used in 260 fixlets and 2 analyses   * Results in a true/false
Show indented relevance
x64 of operating system
isWindows (Relevance 1172)
Used in 1142 fixlets and 537 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 3 fixlets   * Results in a true/false
Show indented relevance
exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3" whose (value "Install" of it as integer = 1) of registry
Used in 3 fixlets   * Results in a true/false
Show indented relevance
exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine" whose (value "PowerShellVersion" of it as string as version >= "5.0") of registry

Actions

Action 1 (default)

Action Link Click here  to install Windows + Microsoft Updates without rebooting or notifying the user.
Script Type BigFix Action Script
// Set Powershell
parameter "PowerShellexe"="{value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of x64 registry}"
// Disable script protection
if {exist (value "EnableScripts" of it = "0") of keys "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /t REG_DWORD /d 00000001 /f
endif

// Disable execution policy in scope of current user (system)
waithidden "{parameter "PowerShellexe"}" -Command "Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -Force"

// Install PowerShell Modules from PSGallery
waithidden "{parameter "PowerShellexe"}" -Command "Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force"
waithidden "{parameter "PowerShellexe"}" -Command "Install-Module -Name PSWindowsUpdate -RequiredVersion 2.0.0.4 -Force"
waithidden "{parameter "PowerShellexe"}" -Command "Import-Module -Name PSWindowsUpdate -Force"

// Check for and install Windows Updates
waithidden "{parameter "PowerShellexe"}" -Command "Get-WindowsUpdate -Install -MicrosoftUpdate -AcceptAll -IgnoreReboot -Confirm:$false"

// Restrict execution policy
waithidden "{parameter "PowerShellexe"}" -Command "Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Restricted -Force"

// Re-enable script protection
if {exist (value "EnableScriptsbackup" of it = "1") of keys "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /t REG_DWORD /d 00000000 /f
endif
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 2

Action Link Click here  to install Windows + Microsoft Updates and automatically reboot without asking to reboot.
Script Type BigFix Action Script
// Set Powershell
parameter "PowerShellexe"="{value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of x64 registry}"
// Disable script protection
if {exist (value "EnableScripts" of it = "0") of keys "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /t REG_DWORD /d 00000001 /f
endif

// Disable execution policy in scope of current user (system)
waithidden "{parameter "PowerShellexe"}" -Command "Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -Force"

// Install PowerShell Modules from PSGallery
waithidden "{parameter "PowerShellexe"}" -Command "Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force"
waithidden "{parameter "PowerShellexe"}" -Command "Install-Module -Name PSWindowsUpdate -RequiredVersion 2.0.0.4 -Force"
waithidden "{parameter "PowerShellexe"}" -Command "Import-Module -Name PSWindowsUpdate -Force"

// Check for and install Windows Updates
waithidden "{parameter "PowerShellexe"}" -Command "Get-WindowsUpdate -Install -MicrosoftUpdate -AcceptAll -AutoReboot -Confirm:$false"

// Restrict execution policy
waithidden "{parameter "PowerShellexe"}" -Command "Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Restricted -Force"

// Re-enable script protection
if {exist (value "EnableScriptsbackup" of it = "1") of keys "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /t REG_DWORD /d 00000000 /f
endif
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 3

Action Link Click here  to install Windows Updates and automatically reboot without asking to reboot.
Script Type BigFix Action Script
// Set Powershell
parameter "PowerShellexe"="{value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of x64 registry}"
// Disable script protection
if {exist (value "EnableScripts" of it = "0") of keys "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /t REG_DWORD /d 00000001 /f
endif

// Disable execution policy in scope of current user (system)
waithidden "{parameter "PowerShellexe"}" -Command "Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -Force"

// Install PowerShell Modules from PSGallery
waithidden "{parameter "PowerShellexe"}" -Command "Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force"
waithidden "{parameter "PowerShellexe"}" -Command "Install-Module -Name PSWindowsUpdate -RequiredVersion 2.0.0.4 -Force"
waithidden "{parameter "PowerShellexe"}" -Command "Import-Module -Name PSWindowsUpdate -Force"

// Check for and install Windows Updates
waithidden "{parameter "PowerShellexe"}" -Command "Get-WindowsUpdate -Install -AcceptAll -AutoReboot -Confirm:$false"

// Restrict execution policy
waithidden "{parameter "PowerShellexe"}" -Command "Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Restricted -Force"

// Re-enable script protection
if {exist (value "EnableScriptsbackup" of it = "1") of keys "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /t REG_DWORD /d 00000000 /f
endif
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 4

Action Link Click here  to install Windows Updates without rebooting or notifying the user.
Script Type BigFix Action Script
// Set Powershell
parameter "PowerShellexe"="{value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of x64 registry}"
// Disable script protection
if {exist (value "EnableScripts" of it = "0") of keys "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /t REG_DWORD /d 00000001 /f
endif

// Disable execution policy in scope of current user (system)
waithidden "{parameter "PowerShellexe"}" -Command "Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -Force"

// Install PowerShell Modules from PSGallery
waithidden "{parameter "PowerShellexe"}" -Command "Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force"
waithidden "{parameter "PowerShellexe"}" -Command "Install-Module -Name PSWindowsUpdate -RequiredVersion 2.0.0.4 -Force"
waithidden "{parameter "PowerShellexe"}" -Command "Import-Module -Name PSWindowsUpdate -Force"

// Check for and install Windows Updates
waithidden "{parameter "PowerShellexe"}" -Command "Get-WindowsUpdate -Install -AcceptAll -IgnoreReboot -Confirm:$false"

// Restrict execution policy
waithidden "{parameter "PowerShellexe"}" -Command "Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Restricted -Force"

// Re-enable script protection
if {exist (value "EnableScriptsbackup" of it = "1") of keys "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /t REG_DWORD /d 00000000 /f
endif
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 5

Action Link Click here to go to the TechNet page on this PowerShell module.
Script Type URL
https://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc/
    

Action 6

Action Link Click here to uninstall the PowerShell module.
Script Type BigFix Action Script
// Set Powershell
parameter "PowerShellexe"="{value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of x64 registry}"
// Disable script protection
if {exist (value "EnableScripts" of it = "0") of keys "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /t REG_DWORD /d 00000001 /f
endif

// Disable execution policy in scope of current user (system)
waithidden "{parameter "PowerShellexe"}" -Command "Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -Force"

// Install PowerShell Modules from PSGallery
waithidden "{parameter "PowerShellexe"}" -Command "Uninstall-Module -Name PSWindowsUpdate -Force"

// Restrict execution policy
waithidden "{parameter "PowerShellexe"}" -Command "Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Restricted -Force"

// Re-enable script protection
if {exist (value "EnableScriptsbackup" of it = "1") of keys "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
wait cmd /c reg delete "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScriptsBackup" /f
wait cmd /c reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /t REG_DWORD /d 00000000 /f
endif
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 7

Action Link Click here to review this task in the bigfix.me Content Database.
Script Type URL
https://bigfix.me/cdb/fixlet/25528
    

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
mbartosh -
These scripts appear to work. exists key "HKLM\Software\Policies\Microsoft\Windows\PowerShell" whose (value "EnableScripts" of it = "0") of native registry exists key "HKLM\Software\Policies\Microsoft\Windows\PowerShell" whose (value "EnableScriptsbackup" of it = "1") of native registry
mbartosh -
I am getting a relevance substitution error from the if statement. In fixlet debugger the relevance returns "Error: Singular expression refers to nonexistent object." if {exist (value "EnableScripts" of it = "0") of keys "HKLM\Software\Policies\Microsoft\Windows\PowerShell" of native registry}
roniley -
Adding additional details for others wanting to test on Win7 PCs. The action was hanging due to it failing to download the files from PSGallery. Even after adding the repository to force download (Install-Module -Name PSWindowsUpdate -Repository PSGallery -Force), I discovered this module will not install automatically on Windows 7 PCs and must be installed manually.
roniley -
Thank you for the update. I have tested on two PCs (Win7 32-bit) and the action hangs on the "Install-Module -Name PSWindowsUpdate -Force". I tried with and without the specified version. I will test on a 64-bit PC to see if I get a better result.
rdshift -
@roniley, I did not. I encourage you to or to reach out to others to test, as I'm not too active here these days.
roniley -
I notice this will only be relevant to 64-bit PCs. Has it been tested on 32-bit? The PowerShell page does not state this as a requirement other than PowerShell 2.0.The action script would need to be changed to native registry for the powershell path.
rdshift -
An older version of this task improperly used the singular "key" instead of "keys" in an exists statement, leading to a failure when executing where the key/value did not exist. Unfortunately, we have had this as a policy for quite some time, so all of our workstations had this value. It has since been corrected and retested.