Forum Discussion
Run Windows Updates with Powershell Remotely
Hi, I'm kind of new to Powershell, and trying to automate some stuff. I found one nice Powershell module named PSWindowsUpdate to manage Windows Updates. I need to create some automated updating fo...
- Thanks for the tip.
I would like to avoid WSUS, as it also has some challenges, and at the same time I would learn more on Powershell.
Meanwhile I was already able to use a command to update remotely, now I need to deal with errors and logging, which is not so good at the moment.
Set-Item WSMan:\localhost\Client\TrustedHosts –Value * -Force
$Script = {Get-WindowsUpdate -KBArticleID KB4535680 -AcceptAll -Install -Verbose | Out-File C:\Temp\PSWindowsUpdate.log}
Invoke-WUjob -ComputerName <computername> -Script $Script -Confirm:$false -RunNow
Install-WindowsUpdate has a parameter Computername, so you could use it like that :
Install-WindowsUpdate -KBArticleID <kbID> -AcceptAll -Install -ComputerName server.domain.name
Install-WindowsUpdate -KBArticleID <kbID> -AcceptAll -Install -ComputerName server.domain.name
Thanks for the reply. Apparently that's not possible due to some limitation described in some forums:
"When you are in a remote PowerShell session your logon session on this remote computer is flagged as a "network" logon (Logon Type: 3). For some obscure (security? sell SCCM?) reason, part of the Windows Update Agent COM APIs are restricted to only be usable by locally logged on Administrators.
https://docs.microsoft.com/en-us/windows/win32/wua_sdk/using-wua-from-a-remote-computer"
So each time I run that command, always got this error:
"Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
+ CategoryInfo : NotSpecified: (:) [Get-WindowsUpdate], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,PSWindowsUpdate.GetWindowsUpdate"
That's the reason why I need some alternative.
"When you are in a remote PowerShell session your logon session on this remote computer is flagged as a "network" logon (Logon Type: 3). For some obscure (security? sell SCCM?) reason, part of the Windows Update Agent COM APIs are restricted to only be usable by locally logged on Administrators.
https://docs.microsoft.com/en-us/windows/win32/wua_sdk/using-wua-from-a-remote-computer"
So each time I run that command, always got this error:
"Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
+ CategoryInfo : NotSpecified: (:) [Get-WindowsUpdate], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,PSWindowsUpdate.GetWindowsUpdate"
That's the reason why I need some alternative.
- Hi dmarquesgn
I think the best approach in here is using WSUS in your Company.
So no need for PowerShell to do that.- Thanks for the tip.
I would like to avoid WSUS, as it also has some challenges, and at the same time I would learn more on Powershell.
Meanwhile I was already able to use a command to update remotely, now I need to deal with errors and logging, which is not so good at the moment.
Set-Item WSMan:\localhost\Client\TrustedHosts –Value * -Force
$Script = {Get-WindowsUpdate -KBArticleID KB4535680 -AcceptAll -Install -Verbose | Out-File C:\Temp\PSWindowsUpdate.log}
Invoke-WUjob -ComputerName <computername> -Script $Script -Confirm:$false -RunNowgreat topic, would you mind sharing the code you got so far and some details of how it works?
cheers.
