Windows Updates/Patches
Inhaltsverzeichnis
[Verbergen]Search, Download & Install Windows Updates
Because of the Windows Update dilemma with different Windows versions, I wrote the following script that should works on Windows Server 2016, 2019, 2022 and maybe higher.
$MSUpdateSearcher = New-Object -ComObject Microsoft.Update.Searcher $Updates = $MSUpdateSearcher.Search("IsInstalled=0 AND IsHidden=0").Updates $MSUpdateCollection = New-Object -ComObject Microsoft.Update.UpdateColl foreach($Update in $Updates) { $MSUpdateCollection.Add($Update) | Out-Null } if($MSUpdateCollection.Count -gt 0) { Write-Host "Accept EULA, if is necessary." foreach($Update in $MSUpdateCollection) { if($Update.EulaAccepted -eq 0) {$Update.AcceptEula()} } Write-Host "Download the selected updates." $MSUpdateSession = New-Object -ComObject Microsoft.Update.Session $MSUpdateDownloader = $MSUpdateSession.CreateUpdateDownloader() $MSUpdateDownloader.Updates = $MSUpdateCollection $MSUpdateDownloader.Download() Write-Host "Install the downloaded updates." $MSUpdateInstaller = New-Object -ComObject Microsoft.Update.Installer $MSUpdateInstaller.Updates = $MSUpdateCollection $InstallResult = $MSUpdateInstaller.Install() if ($InstallResult.RebootRequired) { Restart-Computer -Force } }
Windows Update Dilemma
Windows Server 2022
With Windows Server 2022 there are no CIM-Classes MSFT_WUOperations or MSFT_WUOperationsSession and the PowerShell-Module "WindowsUpdateProvider" will also no longer ships built-in.
That's why I prefer the solution above for all Windows Server 2016 and higher.
Windows Server 2019
With Windows Server 2019 the CIM-Class was renamed to MSFT_WUOperations and works not similar to Windows Server 2016.
Microsoft ships with Windows Server 2019 the PowerShell-Module "WindowsUpdateProvider" that is handy and this works like following:
Import-Module WindowsUpdateProvider $availableUpdates = Start-WUScan if ($availableUpdates.Count -gt 0) { Write-Host "[$(Get-Date -Format HH:mm:ss)] Following $($availableUpdates.Count) Updates are about to be installed:" $availableUpdates | Format-Table Title, MsrcSeverity $null = Install-WUUpdates -Updates $availableUpdates Write-Host "[$(Get-Date -Format HH:mm:ss)] $($availableUpdates.Count) Updates has been succesfully installed" }
Windows Server 2016
Microsoft said on Windows Server 2016 you should use the CIM-Class MSFT_WUOperationsSession like following:
$cimInstance = New-CimInstance -Namespace root/Microsoft/Windows/WindowsUpdate -ClassName MSFT_WUOperationsSession $updateScanResult = Invoke-CimMethod -InputObject $cimInstance -MethodName ScanForUpdates -Arguments @{SearchCriteria = "IsInstalled=0"; OnlineScan = $true } $availableUpdates = $updateScanResult.Updates Invoke-CimMethod -InputObject $cimInstance -MethodName ApplyApplicableUpdates
Remove Windows Update
wusa /uninstall /kb:<KB-Number>