How do you automate Windows Updates using SimpleHelp?

Uni-ICT-Dept · December 5, 2019, 10:43am

Not sure if I am posting to the right forum category.

I would like to automate Windows Updates for our physical and virtual servers. I am thinking about Powershell scripting in SimpleHelp Toolboxes. A script that will weekly check for available critical updates, install them and blocks / delays automatic reboot. Automatic reboot is a bad idea in our environment, some servers need Domain Controller during their startup.

Has anybody seen a script like this? Or is there a better approach for Windows Updates and Patch Management automation?

In general, all Patch Management ideas are welcome.

James_Fouracre · December 17, 2019, 9:56am

I’d also love to know this as well…

Jarred_Wheeler · December 17, 2019, 6:14pm

I use this PS script:

------------------------------------------------------------------

PowerShell Script To Automate Windows Update

Script should be executed with “Administrator” Privilege

------------------------------------------------------------------

$Today = Get-Date

$UpdateCollection = New-Object -ComObject Microsoft.Update.UpdateColl
$Searcher = New-Object -ComObject Microsoft.Update.Searcher
$Session = New-Object -ComObject Microsoft.Update.Session

Write-Host
Write-Host “`t Initializing and Checking for Applicable Updates. Please wait …” -ForeGroundColor “Yellow”
$Result = $Searcher.Search(“IsInstalled=0 and Type=‘Software’ and IsHidden=0”)

If ($Result.Updates.Count -EQ 0) {
Write-Host “t There are no applicable updates for this computer." } Else { $ReportFile = $Env:ComputerName + "_Report.txt" If (Test-Path $ReportFile) { Remove-Item $ReportFile } New-Item $ReportFile -Type File -Force -Value "Windows Update Report For Computer: $Env:ComputerNamern" | Out-Null Add-Content $ReportFile "Report Created On: $Todayr”
Add-Content $ReportFile “==============================================================================rn”
Write-Host “t Preparing List of Applicable Updates For This Computer ..." -ForeGroundColor "Yellow" Add-Content $ReportFile "List of Applicable Updates For This Computerr”
Add-Content $ReportFile “------------------------------------------------r" For ($Counter = 0; $Counter -LT $Result.Updates.Count; $Counter++) { $DisplayCount = $Counter + 1 $Update = $Result.Updates.Item($Counter) $UpdateTitle = $Update.Title Add-Content $ReportFile "t $DisplayCount – $UpdateTitle”
}
$Counter = 0
$DisplayCount = 0
Add-Content $ReportFile “rn”
Write-Host “t Initializing Download of Applicable Updates ..." -ForegroundColor "Yellow" Add-Content $ReportFile "Initializing Download of Applicable Updates" Add-Content $ReportFile "------------------------------------------------r”
$Downloader = $Session.CreateUpdateDownloader()
$UpdatesList = $Result.Updates
For ($Counter = 0; $Counter -LT $Result.Updates.Count; $Counter++) {
$UpdateCollection.Add($UpdatesList.Item($Counter)) | Out-Null
$ShowThis = $UpdatesList.Item($Counter).Title
$DisplayCount = $Counter + 1
Add-Content $ReportFile “t $DisplayCount -- Downloading Update $ShowThisr”
$Downloader.Updates = $UpdateCollection
$Track = $Downloader.Download()
If (($Track.HResult -EQ 0) -AND ($Track.ResultCode -EQ 2)) {
Add-Content $ReportFile “t Download Status: SUCCESS" } Else { Add-Content $ReportFile "t Download Status: FAILED With Error – $Error()”
$Error.Clear()
Add-content $ReportFile “r" } } $Counter = 0 $DisplayCount = 0 Write-Host "t Starting Installation of Downloaded Updates …” -ForegroundColor “Yellow”
Add-Content $ReportFile “rn”
Add-Content $ReportFile “Installation of Downloaded Updates”
Add-Content $ReportFile “------------------------------------------------r" $Installer = New-Object -ComObject Microsoft.Update.Installer For ($Counter = 0; $Counter -LT $UpdateCollection.Count; $Counter++) { $Track = $Null $DisplayCount = $Counter + 1 $WriteThis = $UpdateCollection.Item($Counter).Title Add-Content $ReportFile "t $DisplayCount – Installing Update: $WriteThis”
$Installer.Updates = $UpdateCollection
Try {
$Track = $Installer.Install()
Add-Content $ReportFile “t Update Installation Status: SUCCESS" } Catch { [System.Exception] Add-Content $ReportFile "t Update Installation Status: FAILED With Error – $Error()”
$Error.Clear()
Add-content $ReportFile “`r”
}
}
}
exit 0

Works on Win10 and Server 2012 or newer.

Major feature updates (e.g.: 1803 to 1907 upgrade) doesn’t work on - user has to touch the machine for that. Otherwise, it works well.

James_Fouracre · December 17, 2019, 6:34pm

Thank you!

Is there a way to get a run down on machine out of date and which updates are missing?

Uni-ICT-Dept · December 19, 2019, 7:18am

Jarred_Wheeler, thanks for sharing your script. I am thinking about putting it into SimpleHelp toolbox. Will this work? How to ensure starting with Admin privilege?

Uni-ICT-Dept · January 8, 2020, 12:29pm

I found some time to test few other Windows Updates automation ideas. We run a mix of Windows Server OSs on our servers: 2008-2019. It is difficult to get a single command working for all of them.

SImplehelp has a build-in “Run Windows Updates” command in toolbox (wuauclt.exe /detectnow /updatenow). This method does not work for most of my servers.

PSWindowsupdate module, sounds very promising. Not best match for my environment. It requires multiple components to be at the same fresh versions: Powershell, WMF, dotnet etc. Difficult to achieve in our Windows OS zoo.

ABC-Update FreeWare, command line version. Works best for me now. It still needs dot net 2, no problem to enable on all my servers. Easy to fine- tune actions like list missing updates only or list and install them, save log to file or send via email.

Jarred_Wheeler · January 8, 2020, 3:23pm

Apologies for the late reply.

The windows agent runs with highest privileges regardless (as per SH support).

The script works on anything windows 10 1709 and newer. I’ve tested it on Server 2008+ but the latest Powershell has to be installed to understand some cmdlets.

MacOS is the one I’m running into issues with on sudo’ing.

Jarred_Wheeler · January 8, 2020, 3:44pm

There are a few ps1 files on TechNet that will assist with this.

I don’t really care about knowing what updates are available - just so that they get installed.

On the other hand, I care about the updates that are available for MacOS - of which is a MUCH easier script to pull that info.

Uni-ICT-Dept · January 10, 2020, 2:02pm

James_Fouracre> Is there a way to get a run down on machine out of date and which updates are missing?

James, there are multiple PowerShell modules and scripts available for this type of reporting (as Jarred_Wheeler mentions). It is sometimes a challenge to adopt them for your needs.

I use abc-udate for listing missing updates (per computer), that small util can even email the report. Still interested in getting a report for my all servers.

I have an idea - collect individual logs and parsing them in a consolidated report. With colors (green, yellow and red) to indicate amount of missing updates, managers will be happy.

Travus_Elm · September 5, 2022, 9:38am

curl -LJ https://raw.githubusercontent.com/nexusofdoom/Windows-10-Feature-Update/main/Update.bat -o C:\Windows\Temp\Update.bat
C:\Windows\Temp\Update.bat