If you’re confident with code, you may find it easier to install Windows patches with PowerShell than to use Microsoft’s system.
With PowerShell, you can remotely manage updates across multiple devices and decide how the update process works on each, much like the way you can remotely invoke applications to enhance efficiency and control. In addition, you can check, remove and hide updates without having to be physically at your computer.
In this article, we look at how to install Windows patches with PowerShell for free.
PSWindowsUpdate is a community module that’s available via the PowerShell Gallery. In your PowerShell session, run Install-Module PSWindowsUpdate to download and install the latest version. The download should be quick. Once downloaded, the module’s commands should be available to you. Then, when you run Get-Command -Module PSWindowsUpdate, you’ll see that you can do a lot of things besides installing patches.
Before you install patches, you need to know which patches you need across your systems. The PSWindowsUpdate module provides a command called Get-WindowsUpdate that you can use to discover any missing patches. The Get-WindowsUpdate command supports querying the local computer or remote computers.
When you run this command, it returns a list of all of the missing updates on whatever computer you target. See an example of this list below.
Regularly schedule queries to see if there are any missing patches. That way, you’ll make sure that you have all the latest essential security updates.
Once you know what you’re missing, take that information and install the patches. Get-WindowsUpdate provides many different parameters to query and install updates — in fact, it’d be ideal for an interactive menu written in PowerShell that is designed to be easier for noncoders to use. For example, if you want to install the list of patches provided with Get-WUList cmdlet, take the next logical step and install them with the Get-WindowsUpdate cmdlet. [Read related article: Why Speaking In Jargon Doesn’t Make You Look Smarter]
A patch can be in several different states, such as available, downloaded and installed. Some patches need a reboot to complete an install, while others don’t. The Get-WindowsUpdate command gives you the flexibility to pick and choose which updates are installed.
For example, let’s say that you don’t care about anything other than getting the missing updates installed on the computer. In that case, you can tell Get-WindowsUpdate to install all missing patches, accepting every one that it finds and initiating a reboot if necessary.
You could be a little more gentle and only pick specific updates using the KBArticleId parameter. The below command would install only that particular KB, and if the computer needed a reboot, it would let you know rather than automatically rebooting.
You can keep a patch downloaded but not installed. Then, if you carry out planned maintenance on a regular basis, you can install all downloaded updates on the same day.
The PSWindowsUpdate module has many different options and uses — too many to cover in one article. Download it and try it for yourself. Check out the extensive help documentation for each function if you’re unfamiliar with the syntax.
If you have the patience to learn this module, you can build some advanced update management solutions. PowerShell is a great way to perform other tasks more efficiently, too, such as creating a web scraping tool to download competitor prices.
Mark Fairlie contributed to this article.