Install Windows Updates using PowerShell

You can use PowerShell to install Windows Updates automatically, unattended and simple. Neat, right? For this, you don't have to have an enterprise environment with WSUS, or Windows Server, but since this is Sysadmins of the North, I assume you do. In this post I'm show you how to install Windows Updates with PowerShell and the PSWindowsUpdate module.
Published on Wednesday, 15 March 2023

Screenshot by Jan Reilink

You can use PowerShell to install Windows Updates automatically, unattended and simple. Neat, right? For this, you don't have to have an enterprise environment with WSUS, or Windows Server, but since this is Sysadmins of the North, I assume you do. In this post I'm show you how to install Windows Updates with PowerShell and the PSWindowsUpdate module.

Some code might show pseudo-code. Most is copied from my older Dutch post "Installeer Windows updates via PowerShell" on ITFAQ.nl.

To being able to install Windows Updates with PowerShell, you need Powershell installed. Either 5.1 or 7.3, at the time of this writing. If you fulfill this requirement, you can install and use PSWindowsUpdate module. Windows Updates are easily installed from either Windows Update or Windows Server Update Services (WSUS).

WsusPool keeps crashing: stops again and again
Force BITS to download WSUS updates in the foreground in Windows Server

Install PSWindowsUpdate PowerShell module

PSWindowsUpdate is a PowerShell module to install Windows Updates. There are more modules for this purpose, but this is the one I use and am used to. To make this module available, start a PowerShell instance as administrator.

Start PowerShell using Windows Start

Choose "Run as Administrator".

If necessary, you first have to set the execution policy to RemoteSigned: Set-ExecutionPolicy RemoteSigned. After this you can install the module:

  • If required: Install-PackageProvider -Name NuGet -Force (works only with PowerShell 5.1, not 7)

  • Install-Module -Name PSWindowsUpdate -Force

When this command is successfully run (there is no confirmation), you can use Get-Command to list available cmdlets and aliases. Provide Get-Command with the -Module argument and module name:

Get-Command -Module PSWindowsUpdate

PowerSHell Get-Command PSWIndowsUpdate

Get-Command -Module PSWindowsUpdate
CommandType     Name                                               Version    Source
----------- ---- ------- ------
Alias           Clear-WUJob                                        2.2.0.3    PSWindowsUpdate
Alias           Download-WindowsUpdate                             2.2.0.3    PSWindowsUpdate
Alias           Get-WUInstall                                      2.2.0.3    PSWindowsUpdate
Alias           Get-WUList                                         2.2.0.3    PSWindowsUpdate
Alias           Hide-WindowsUpdate                                 2.2.0.3    PSWindowsUpdate
Alias           Install-WindowsUpdate                              2.2.0.3    PSWindowsUpdate
Alias           Show-WindowsUpdate                                 2.2.0.3    PSWindowsUpdate
Alias           UnHide-WindowsUpdate                               2.2.0.3    PSWindowsUpdate
Alias           Uninstall-WindowsUpdate                            2.2.0.3    PSWindowsUpdate
Cmdlet          Add-WUServiceManager                               2.2.0.3    PSWindowsUpdate
Cmdlet          Enable-WURemoting                                  2.2.0.3    PSWindowsUpdate
Cmdlet          Get-WindowsUpdate                                  2.2.0.3    PSWindowsUpdate
Cmdlet          Get-WUApiVersion                                   2.2.0.3    PSWindowsUpdate
Cmdlet          Get-WUHistory                                      2.2.0.3    PSWindowsUpdate
Cmdlet          Get-WUInstallerStatus                              2.2.0.3    PSWindowsUpdate
Cmdlet          Get-WUJob                                          2.2.0.3    PSWindowsUpdate
Cmdlet          Get-WULastResults                                  2.2.0.3    PSWindowsUpdate
Cmdlet          Get-WUOfflineMSU                                   2.2.0.3    PSWindowsUpdate
Cmdlet          Get-WURebootStatus                                 2.2.0.3    PSWindowsUpdate
Cmdlet          Get-WUServiceManager                               2.2.0.3    PSWindowsUpdate
Cmdlet          Get-WUSettings                                     2.2.0.3    PSWindowsUpdate
Cmdlet          Invoke-WUJob                                       2.2.0.3    PSWindowsUpdate
Cmdlet          Remove-WindowsUpdate                               2.2.0.3    PSWindowsUpdate
Cmdlet          Remove-WUServiceManager                            2.2.0.3    PSWindowsUpdate
Cmdlet          Reset-WUComponents                                 2.2.0.3    PSWindowsUpdate
Cmdlet          Set-PSWUSettings                                   2.2.0.3    PSWindowsUpdate
Cmdlet          Set-WUSettings                                     2.2.0.3    PSWindowsUpdate
Cmdlet          Update-WUModule                                    2.2.0.3    PSWindowsUpdate

Searching for available Windows Updates

Now you have PSWindowsUpdate installed and available, you want to search WSUS or Windows Update for available updates, right? Here's how to search for available updates:

Get-WindowsUpdateComputerName Status     KB          Size Title
------------ ------ -- ---- -----
LAPTOPJANR   ------- KB2267602  821MB Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Ve…

Scan for, or detect, new updates with Microsoft.Update.AutoUpdate COM-object in PowerShell:
(new-object -Comobject Microsoft.Update.AutoUpdate).detectnow()

Download and install found updates

After finding updates to install, you need to install them. That's as easy as:

  • Download & Install (choose accept when requested):
Install-WindowsUpdate -KBArticleID KB2267602 -ForceDownload

This accepts, downloads and installs the update. When in doubt, you can always execute the command with -ForceInstall later:

Install-WindowsUpdate -KBArticleID KB2267602 -ForceInstall

You can do a lot more with PSWindowsUpdate module for PowerShell. For example, you can plan and schedule the downloading and installing of updates, which may be perfect in our update routine. Install Windows Updates silently :) See Get-Help Install-WindowsUpdate for more information and examples. If you are in a WSUS environment and want to search WindowsUpdate, use -WindowsUpdate command argument.

Schedule Windows Updates download and installation silently with PowerShell and PSWindowsUpdate

As said, you can use PSWindowsUpdate to schedule the download and installation of Windows Update, to make the process silent. Perfect! :) Schedule updates for automatic installation, here is an example:

Invoke-WUJob -Script {
  Import-Alias PSWindowsUpdate;
  Install-WindowsUpdate -IgnoreUserInput -Verbose -AcceptAll -IgnoreReboot | Out-File ~\log\PSWindowsUpdate-$(Get-Date -format "yyyyMMdd").log
} -Confirm:$false -Verbose -TriggerDate (Get-Date -Day 15 -Hour 12 -Minute 00 -Second 0)

On a local computer, this creates an scheduled task with name "PSWindowsUpdate" to run on day 15, hour 12, minute 00 and second 0. A log is saved in ~\log with name PSWindowsUpdate-$(Get-Date -format "yyyyMMdd").log.

If you want to schedule Windows Updates on remote computers, use the -ComputerName parameter:

Invoke-WUJob -ComputerName SRV01,SRV02,SRV03 -Script {
  Import-Alias PSWindowsUpdate;
  Install-WindowsUpdate -IgnoreUserInput -Verbose -AcceptAll -IgnoreReboot | Out-File ~\log\PSWindowsUpdate-$(Get-Date -format "yyyyMMdd").log
} -Confirm:$false -Verbose -TriggerDate (Get-Date -Day 15 -Hour 12 -Minute 00 -Second 0)

This goes perfectly with Get-ADComputer in your Active Directory Domain.

Check for Pending Reboot after Windows Update with PowerShell (Bonus)

Need to check for a pending reboot after installing Windows Updates? Use the Windows Registry:

if((Get-Item "HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired" -ErrorAction SilentlyContinue).Property) { write-output "reboot pending" }

Instead of using Write-OutPut you can also perform a reboot action here: Restart-Computer -Force.

Two other registry locations you can check exist:

"HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending""HKLM:SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations"

Install SQL Server cumulative updates silently

Conclusion installing Windows Updates using PSWindowsUpdate module in PowerShell

In this post I showed you how you can use PowerShell to install Windows Updates. Quickly and silently. This makes the use of PSWindowsUpdate module perfect for your day to day automation. The module even supports scheduling (on remote computers too!), it has the ability to search WSUS and Windows Update for updates, scheduling and performing the download and installation of updates, and it's still being actively developed.