Loading Now
Powershell SCCM SCCM Scripts , , ,

SCCM Script – Force Windows update from SCCM or Microsoft

Sometimes I have a server or workstation that for whatever reason I need to update outside of its scheduled maintenance window. Instead of having to RDP in and update manually I have this SCCM script. To create approve and add SCCM Scripts see this post. This script can be run directly on a workstation but it is meant to be run out of SCCM. I’ll share another version of this that can be used outside of SCCM. The magic behind this script is a module called PSWindowsupdate. Awesome module that lets you kick off updates from powershell. This will log the updates that were installed in a file on the C:\ drive names PSWindowsupdatelog-date.log. If you are “watching” this you can psremote into the endpoint and run this command to tail the log file and watch the progress:

type C:\PSWindowsupdate-date.log -wait



Script:

This one will get all available updates from Microsoft.

 try {                
            Import-Module PSWindowsupdate -ErrorAction 1 -verbose                
            }
            catch {
                Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
                Install-Module PSWindowsupdate -force -Confirm:$false -verbose
                Import-Module PSWindowsUpdate
            }

Import-Module PSWindowsUpdate
$updatelist = 0

$updatelist = Invoke-Command -ScriptBlock {Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process;get-windowsupdate -WindowsUpdate -verbose}

Invoke-Command -ScriptBlock {Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process;$date = get-date -f MM-dd-yyyy-HH-mm-ss;Invoke-WUJob -runnow -Script "Set-ExecutionPolicy -ExecutionPolicy Bypass;ipmo PSWindowsUpdate;get-windowsupdate -MicrosoftUpdate -verbose; Install-WindowsUpdate -Microsoftupdate -AcceptAll -autoreboot | Out-File C:\PSWindowsUpdate-$date.log" -Confirm:$false -Verbose} -Verbose

This one will get all the updates that have been approved through SCCM.

 try {                
            Import-Module PSWindowsupdate -ErrorAction 1 -verbose                
            }
            catch {
                Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
                Install-Module PSWindowsupdate -force -Confirm:$false -verbose
                Import-Module PSWindowsUpdate
            }

Import-Module PSWindowsUpdate
$updatelist = 0

$updatelist = Invoke-Command -ScriptBlock {Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process;get-windowsupdate -verbose}

Invoke-Command -ScriptBlock {Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process;$date = get-date -f MM-dd-yyyy-HH-mm-ss;Invoke-WUJob -runnow -Script "Set-ExecutionPolicy -ExecutionPolicy Bypass;ipmo PSWindowsUpdate;get-windowsupdate -verbose; Install-WindowsUpdate -AcceptAll -autoreboot | Out-File C:\PSWindowsUpdate-$date.log" -Confirm:$false -Verbose} -Verbose
Tag
Skylar Pearce

My name is Skylar Pearce, I have been working as a System Administror since 2013 as well some side consulting work. During my career I have worked with everything from Active Directory and vCenter to configuring routers and switches and phone systems, documenting and scripting my way through the whole thing. I have a Security+ certification and am currently working on my PenTest+. Throughout my career I have gained almost all of my knowledge from blogs like this. It is now time for me to pay it back. Over time I have gathered scripts and tricks over the years that I will share on this site. A lot of the posts here will be mainly reference posts, some will be full on how to’s. I am happy to go into more depth on any other topics I go over here, just make a comment on a post. I will do my best to post once a day on weekdays but as I run out of ideas it may slow down. My WordPress skills are still growing so the site will likely get better over time as I learn. You can reach me at contact@allthesystems.com or on LinkedIn

view all posts

Related Posts

You May Have Missed