Remotely install Windows Updates with PsExec

windows windows-7 windows-update

24,250

Solution 1

In addition to the VBS method by Michael Bailey, I've modified a powershell script I found online (from technet somewhere, but I can't find the exact link offhand):

#Define update criteria.
$Criteria = "IsInstalled=0 and Type='Software'"

#Search for relevant updates.
$Searcher = New-Object -ComObject Microsoft.Update.Searcher
$SearchResult = $Searcher.Search($Criteria).Updates

If($SearchResult.Count -eq 0){
Write-Host "No Updates Available"
Exit
}

Write-Host "Updates Found: $($SearchResult.Count)`r`n"
$SearchResult | ForEach-Object{Write-Host "$($_.Title) `r`n"}

#Download updates.
$Session = New-Object -ComObject Microsoft.Update.Session
$Downloader = $Session.CreateUpdateDownloader()
$Downloader.Updates = $SearchResult
Write-Host "Download Results:"
$Downloader.Download()

#Install updates.
$Installer = New-Object -ComObject Microsoft.Update.Installer
$Installer.Updates = $SearchResult
$Result = $Installer.Install()
Write-Host "Install Result: $($Result.HResult) `r`n"
Write-Host "Reboot Required: $($Result.RebootRequired) `r`n"

#Reboot if required by updates.
#If ($Result.rebootRequired) { shutdown.exe /t 0 /r }

I run it using PDQ, but have used it with PSExec as well. If you want to just list updates per machine as an audit, you can cut out everything after the search section.

I also took a long look at this when I was looking for an answer to our update issues: http://blogs.technet.com/b/heyscriptingguy/archive/2011/08/13/use-powershell-to-audit-and-install-windows-patches.aspx

It looks like a tool that might fit your org well.

Solution 2

For pushing updates with psexec check out this article: http://techthoughts.info/remotely-install-windows-updates/

This probably describes quite exactly how to do what you would like to accomplish - Basically you use the third party command line tool wuinstall via psexec to push updates to remote machines via shell scripts

24,250

dbourcet

Updated on September 18, 2022

Comments

dbourcet almost 2 years
Problem I am working on : I am now in charge of all the Windows machines of a company. All workstations are running Windows 7, I do not have a domain and there is no Windows Server running on the network. To administrate them, I use PsExec to remotely execute commands on each workstations, like this :
```
FOR /F "tokens=*" %%a IN (E:\list-of-workstations.txt) DO CALL :theCommand %%a
PAUSE

:theCommand
FOR /F "tokens=1,2,3,4" %%a IN ("%*") DO (
        psexec \\%%a -s -u %%b -p %%c -c E:\script-to-execute-remotely.bat
)
GOTO:EOF
```
I now want to trigger the Windows updates on each workstations.

Research I have done : Apparently, there is no set command you can send to Windows devices that specifically instructs them to begin installing pending updates.

Many serverfault and blogs topics recommands using third party solutions to install Windows Updates on demand but all these recommanded third party solutions can only be used if you buy them, and I don't want to.

Steps taken so far to solve the problem : So, as far as I am, it seems that I am stuck : without a Windows server, there is no native way to specifically ask workstations to install updates and all the third party solutions I heard of are not free.

Am I right ? Do you know a way to accomplish the problem I am facing ?
- Sawta about 9 years
  
  Sorry that I can't provide a direct answer. I would ask you this though: Is there any particular reason why you can't invest into a third party product or a domain oriented solution like AD other than not wanting to? There may be a solution for the current problem, but experience tells me that similar issues will likely crop up sooner or later. Being able to do things like distribute patches for other products (Adobe, Wireshark, etc.) may become extremely important. Having a good baseline in GPO can also be really important if your company is at all concerned with security.
- dbourcet about 9 years
  
  Thank you for answering. This is my boss who doesn't want to. Maybe I can convince him to pay for an annual licence of softs like WuInstall or BatchPatch, but I surely can't convince to buy a new server, Windows Server licence plus all the CAL, that would be a real budget.
dbourcet about 9 years

Thank you for answering. I will give it a try next week and tell you.
Michael Bailey almost 9 years

I have a virtual machine I can waste, I'll try it here.
Michael Bailey almost 9 years

It gives odd stuff involving input. I'm just trying to subvert the Yes/No entirely. I'd gain value from this as well so I'll play with it.
Michael Bailey almost 9 years

It works okay, I just don't have time to run all the way through it. I made it up until installing. I may just be having issues because I'm not running genuine windows in my VM.
Michael Bailey almost 9 years

I added Genuine Windows and it's kinda weird about when to actually reboot should updates require a reboot. Lemme know if it works in your actual environment.
Katherine Villyard over 8 years

Could you summarize the link, rather than simply linking? We like to have the answer here, in case of link rot.
GeraldDC over 8 years

Sure - just updated