PowerShell script to install Microsoft patches
Download and Install Patches with PowerShell – With Reboot
The script installs or uninstalls Microsoft Updates in the last ‘N’ days. PSAppDeploy Toolkit is used to accomplish the task. The script uses whatever update source is made available to the machine to download and install the updates. This can also be deployed using SCCM.
you can easily download the Powershell script from Microsoft Link Below:
https://gallery.technet.microsoft.com/scriptcenter/and-Install-Patches-with-831d7f60
https://gallery.technet.microsoft.com/scriptcenter/Install-Updates-using-740784eb
Step to install patched thorough Microsoft Powershell:
You Need PowerShell version 5 for easier installation.
1. first confirm the version of PowerShell, which you have:
PowerShell: $PSVersionTable.PSVersion
2. if you have version 5 or above, confirm you are running PowerShell as administrator and continue with:
Install–Module PSWindowsUpdate Get–Command –module PSWindowsUpdate
3. Then need to register to use the Microsoft Update Service, not just the default Windows Update Service.
Add–WUServiceManager –ServiceID 7971f918–a847–4430–9279–4a52d1efe18d
4. Then run:
Get–WUInstall –MicrosoftUpdate –AcceptAll –AutoReboot
Below is the script for other versions other them 5 which is above.
# Download and Install Windows Patches with Reboot
# Script version 1.0
# Date : 08/25/2016
$waar = 1 -eq 1
$Session = New-Object -com "Microsoft.Update.Session"
$Search = $Session.CreateUpdateSearcher()
$SearchResults = $Search.Search("IsInstalled=0 and IsHidden=0")
$DownloadCollection = New-Object -com "Microsoft.Update.UpdateColl"
$SearchResults.Updates | ForEach-Object {
if ($_.InstallationBehavior.CanRequestUserInput -ne $waar) {
$DownloadCollection.Add($_) | Out-Null
}
}
if ($($SearchResults.Updates.Count -gt 0)) {
$Downloader = $Session.CreateUpdateDownloader()
$Downloader.Updates = $DownloadCollection
$Downloader.Download()
}
$objServiceManager = New-Object -ComObject "Microsoft.Update.ServiceManager"
$objSession = New-Object -ComObject "Microsoft.Update.Session"
$objSearcher = $objSession.CreateUpdateSearcher()
Foreach ($objService in $objServiceManager.Services){
if($ServiceID){
if($objService.ServiceID -eq $ServiceID){
$objSearcher.ServiceID = $ServiceID
$objSearcher.ServerSelection = 3
$serviceName = $objService.Name
}
}else{
if($objService.IsDefaultAUService -eq $True){
$serviceName = $objService.Name
}
}
}
$objCollection = New-Object -ComObject "Microsoft.Update.UpdateColl"
$objResults = $objSearcher.Search("IsInstalled=0")
$FoundUpdatesToDownload = $objResults.Updates.count
if ($objResults.Updates.count -gt 0){
foreach($Update in $objResults.Updates){
if($Update.EulaAccepted -eq 0 ){
$Update.AcceptEula()
}
if($Update.isdownloaded -eq 0){
$objCollectionTmp = New-Object -ComObject "Microsoft.Update.UpdateColl"
$objCollectionTmp.Add($Update) | out-null
$Downloader = $objSession.CreateUpdateDownloader()
$Downloader.Updates = $objCollectionTmp
}
}
$objCollectionTmp = New-Object -ComObject "Microsoft.Update.UpdateColl"
foreach($Update in $objResults.Updates){
$objCollectionTmp.Add($Update) | out-null
}
$objInstaller = $objSession.CreateUpdateInstaller()
$objInstaller.Updates = $objCollectionTmp
$InstallResult = $objInstaller.Install()
}
shutdown -r -t 30 -c "Restart after windows update"
The below command will SILENTLY install all the updates released (Approved: if using WSUS) in the last 10 days from WSUS (if configured, or uses Microsoft Windows Update site).
.\Deploy-Application.EXE -DeploymentType Install -DeployMode Silent -Updatesince 10
The below command will INTERACTIVELY install all the updates released (Approved: if using WSUS) in the last 10 days from WSUS (if configured, or uses Microsoft Windows Update site).
Windows Shell Script
.\Deploy-Application.EXE -DeploymentType Install -DeployMode Interactive -Updatesince 10
Uninstall MS Updates:
The below command will SILENTLY Uninstall all the updates installed in the last 10 days.
Windows Shell Script
.\Deploy-Application.EXE -DeploymentType UnInstall -DeployMode Silent -Updatesince 10
The below command will INTERACTIVELY Uninstall all the updates installed in the last 10 days.
.\Deploy-Application.EXE -DeploymentType UnInstall -DeployMode Interactive -Updatesince 10
Script Content:
Param (
[ValidateSet("Install","Uninstall")]
[string]$DeploymentType = "Install",
[ValidateSet("Interactive","Silent","NonInteractive")]
[string]$DeployMode = "silent",
[switch] $AllowRebootPassThru = $False,
[switch] $TerminalServerMode = $false,
[switch] $ForceRestartMode = $True,
[Parameter(Mandatory=$true)]
[int] $Updatesince = 1
)
#*===============================================
#* VARIABLE DECLARATION
Try {
#*===============================================
#*===============================================
# Variables: Application
$appVendor = "UOA"
$appName = "Install or Uninstall Windows Updates"
$appVersion = [version]"1.0"
$appArch = ""
$appLang = "EN"
$appRevision = "01"
$appScriptVersion = "1.0.0"
$appScriptDate = "02/07/2014"
$appScriptAuthor = "Topaz Paul"
#*===============================================
# Variables: Script - Do not modify this section
$deployAppScriptFriendlyName = "Deploy Application"
$deployAppScriptVersion = [version]"3.1.2"
$deployAppScriptDate = "04/30/2014"
$deployAppScriptParameters = $psBoundParameters
# Variables: Environment
$scriptDirectory = Split-Path -Parent $MyInvocation.MyCommand.Definition
# Dot source the App Deploy Toolkit Functions
."$scriptDirectory\AppDeployToolkit\AppDeployToolkitMain.ps1"
."$scriptDirectory\SupportFiles\Get-ApplicationInfo.ps1"
."$scriptDirectory\SupportFiles\Get-PendingReboot.ps1"
."$scriptDirectory\SupportFiles\Get-ScheduledTask.ps1"
."$scriptDirectory\SupportFiles\Get-UOAHotfix.ps1"
#*===============================================
#* END VARIABLE DECLARATION
#*===============================================
#*===============================================
#* PRE-INSTALLATION
If ($deploymentType -ne "uninstall") { $installPhase = "Pre-Installation"
#*===============================================
function Get-WIAStatusValue($value)
{
switch -exact ($value)
{
0 {"NotStarted"}
1 {"InProgress"}
2 {"Succeeded"}
3 {"SucceededWithErrors"}
4 {"Failed"}
5 {"Aborted"}
}
}
#*===============================================
#* INSTALLATION
$installPhase = "Installation"
#*===============================================
# Is reboot pending
if ($(Get-PendingReboot).RebootPending) {
Write-Log "The system is pending reboot from a previous install or uninstall."
}
# Prompt the user if not silent mode:
Show-InstallationWelcome -AllowDefer -DeferTimes 3 -CloseAppsCountdown "120"
# Show Progress Message (with the default message)
Show-InstallationProgress -StatusMessage "Installing Security Updates. Please Wait..."
if ((Get-Service -Name wuauserv).Status -ne "Running"){
Write-Log "WSUS Service is stopped: Restarting the service"
Set-Service wuauserv -StartupType Automatic
Start-Service -name wuauserv
}
$needsReboot = $false
$UpdateSession = New-Object -ComObject Microsoft.Update.Session
$UpdateSearcher = $UpdateSession.CreateUpdateSearcher()
Write-Log " - Searching for Updates"
$SearchResult = ($UpdateSearcher.Search("IsAssigned=1 and IsHidden=0 and IsInstalled=0")).Updates
Write-Log "$($SearchResult.Count) updates in total. But checking for assigned updates in the last $Updatesince days."
$SearchResult = $SearchResult | Where-Object {$_.LastDeploymentChangeTime -gt ((Get-Date).Adddays(-$Updatesince))}
if (!($SearchResult)) {
Write-Log "0 updates have been assigned to this machine in the last $Updatesince days."
Exit-Script -ExitCode 0
}
Write-Log "$($SearchResult.Count) updates in the last $Updatesince days. Starting to install $($SearchResult.Count) updates..."
$SearchResult = $SearchResult | Sort-Object LastDeploymentChangeTime -Descending # Sort updates
foreach($Update in $SearchResult) {
# Add Update to Collection
$UpdatesCollection = New-Object -ComObject Microsoft.Update.UpdateColl
if ( $Update.EulaAccepted -eq 0 ) { $Update.AcceptEula() }
$UpdatesCollection.Add($Update)
# Download
Write-Log " + Downloading - $($Update.Title)"
$UpdatesDownloader = $UpdateSession.CreateUpdateDownloader()
$UpdatesDownloader.Updates = $UpdatesCollection
$UpdatesDownloader.Priority = 3
$DownloadResult = $UpdatesDownloader.Download()
$Message = " - Download {0}" -f (Get-WIAStatusValue $DownloadResult.ResultCode)
Write-Log "$message"
# Install
Write-Log " - Installing Update"
$UpdatesInstaller = $UpdateSession.CreateUpdateInstaller()
$UpdatesInstaller.Updates = $UpdatesCollection
$InstallResult = $UpdatesInstaller.Install()
$Message = " - Install {0}" -f (Get-WIAStatusValue $DownloadResult.ResultCode)
Write-Log "$message"
$needsReboot = $installResult.rebootRequired
if ((Get-Service -Name wuauserv).Status -ne "Running"){
Write-Log "WSUS Service is stopped: Restarting the service"
Set-Service wuauserv -StartupType Automatic
Start-Service -name wuauserv
}
}
if (($needsReboot) -or ($(Get-PendingReboot).RebootPending)) {
Write-Log "Reboot required: One or more of the installed update(s) require a reboot"
if ($DeployMode -match "silent") {
Write-Log "Deployment mode is SILENT. Forcing a reboot without any notification"
restart-computer -Force
} else {
Write-Log "Deployment mode is INTERACTIVE. The script Will notify user about the reboot"
Show-InstallationRestartPrompt -Countdownseconds 600 -CountdownNoHideSeconds 60
}
}
#*===============================================
#* POST-INSTALLATION
$installPhase = "Post-Installation"
#*===============================================
#*===============================================
#* UNINSTALLATION
} ElseIf ($deploymentType -eq "uninstall") { $installPhase = "Uninstallation"
#*===============================================
# Prompt the user to close the following applications if they are running:
Show-InstallationWelcome -AllowDefer -DeferTimes 3 -CloseAppsCountdown "120"
# Show Progress Message (with a message to indicate the application is being uninstalled)
Show-InstallationProgress -StatusMessage "Uninstalling Security Updates. Please Wait..."
if ((Get-Service -Name wuauserv).Status -ne "Running"){
Write-Log "WSUS Service is stopped: Restarting the service"
Set-Service wuauserv -StartupType Automatic
Start-Service -name wuauserv
}
$Updates = ((New-Object -ComObject Microsoft.Update.Session).CreateUpdateSearcher()).Search("IsInstalled = 1").Updates # Retrieve installed updates
Write-Log "$($Updates.Count) updates total"
#$Updates = $Updates | Where-Object {$_.LastDeploymentChangeTime -gt ((Get-Date).Adddays(-$Updatesince))}
$Updates = Get-UOAHotfix|Where-Object {$_.Installedon -gt ((Get-Date).Adddays(-$Updatesince))}
$Updates = $Updates | Sort-Object Installedon -Descending # Sort updates
if (!($Updates)) {
Write-Log "0 updates have been installed on this machine in the last $Updatesince days."
Exit-Script -ExitCode 0
}
Write-Log "$($Updates.Count) updates in the last $Updatesince days. Starting to Uninstall $($Updates.Count) updates..."
Foreach($Update in $Updates) {
if ((Get-Service -Name wuauserv).Status -ne "Running"){
Write-Log "WSUS Service is stopped: Restarting the service"
Set-Service wuauserv -StartupType Automatic
Start-Service -name wuauserv
}
$ID = $($Update.HotFixID -replace 'KB', '')
Write-Log "Removing KB$ID"
Invoke-Expression "wusa.exe /uninstall /kb:$ID /quiet /log /norestart"
while (@(Get-Process wusa -ErrorAction SilentlyContinue).Count -ne 0) { Start-Sleep 1 }
}
if ($(Get-PendingReboot).RebootPending) {
Write-Log "Reboot required: One or more of the Uninstalled update(s) require a reboot"
if ($DeployMode -match "silent") {
Write-Log "Deployment mode is SILENT. Forcing a reboot without any notification"
restart-computer -Force
} else {
Write-Log "Deployment mode is INTERACTIVE. The script Will notify user about the reboot"
Show-InstallationRestartPrompt -Countdownseconds 600 -CountdownNoHideSeconds 60
}
}
#*===============================================
#* END SCRIPT BODY
} } Catch {$exceptionMessage = "$($_.Exception.Message) `($($_.ScriptStackTrace)`)"; Write-Log "$exceptionMessage"; Exit-Script -ExitCode 1} # Catch any errors in this script
Exit-Script -ExitCode 0 # Otherwise call the Exit-Script function to perform final cleanup operations
#*===============================================
Key’s Microsoft PowerShell
The list of available cmdlets for the module can be displayed as:
get-command-module PSWindowsUpdate