Skip to main content Logo

Quis custodiet ipsos custodes?
Home | About | All pages | Cluster Status | RSS Feed | Gopher

Windows 10 updates with PowerShell

Published: 06-01-2020 | Author: Remy van Elst | Text only version of this article

❗ This post is over one year old. It may no longer be up to date. Opinions may have changed.

Table of Contents

Recently I had issues updating one of my machines that runs Windows 10. Turns out the network firewall was to restrictive. However, the information provided by the update dialog was just, "Oh, updating failed, maybe try again". Nothing useful, so I tried to figure out if it's possible to use Powershell for updating. Since Windows 10 build 1709 Microsoft provides a built in module, but that is not that user friendly. In this article I'll talk about using PSWindowsUpdate and the built in Microsoft WindowsUpdateProvider to update a Windows 10 machine via the command line.

I'm developing a desktop monitoring app, Leaf Node Monitoring, open source, but paid. For Windows, Linux & Android, go check it out.

Consider sponsoring me on Github. It means the world to me if you show your appreciation and you'll help pay the server costs.

You can also sponsor me by getting a Digital Ocean VPS. With this referral link you'll get $100 credit for 60 days.

These steps were tested on a Windows 10 machine running build 1703 and one running 1903.

The module is not open source and the source is also not available since version 2 of the module. It is a compiled .dll file.

PSWindowsUpdate vs WindowsUpdateProvider (Install-WUUpdates)

I choose to use this module instead of the Install-WUUpdates / Start-WUScan powershell module provided by Microsoft because the machine I was using did not run build 1709 or later. These microsoft modules are not available on Windows 10 1703, which the machine ran. Also, the powershell module is way more user friendly.

Later I updated the machine to build 1909, after which the modules are available:

Get-Command -Module WindowsUpdateProvider


CommandType     Name                  Version    Source
-----------     ----                  -------    ------
Function        Install-WUUpdates    WindowsUpdateProvider
Function        Start-WUScan    WindowsUpdateProvider

Updating with WindowsUpdateProvider

Once you're on a new enough build you can use the following commands to install updates. Not as verbose and easy to use, but it does not require an external module installation.

Scan for updates and install them, including other microsoft products:

$Updates = Start-WUScan -SearchCriteria "IsInstalled=0 AND IsHidden=0 AND IsAssigned=1"
Write-Host "Updates found: " $Updates.Count
Install-WUUpdates -Updates $Updates

If you want a bit of a progress report or information, you need to write up a loop yourself. Now back to the PSWindowsUpdate module, which features more information, filtering and more user friendly features.

PSWindowsUpdate Installation

Fire up Powershell as an Administrator and install the module with this command:

Install-Module -Name PSWindowsUpdate -Force

In my case I was asked to update the NUGet modules before the installation started. I also had to confirm installation from an untrusted source. Once the module is installed you can check the version:

Get-Package -Name PSWindowsUpdate


Name              Version   Source                           ProviderName
----              -------   ------                           ------------
PSWindowsUpdate   https://www.powershellgallery... PowerShellGet

Set the execution policy to unrestricted, for the current process only:

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force

Try not to just set the entire execution policy to unrestricted. That feels the same as just disabling SELinux.

When you are going to install updates in the future, remember to change the the execution policy with this command.

PSWindowsUpdate Usage

Since the graphical dialog window didn't show my any information on errors or what went wrong, I was happy to find this module having a -Verbose flag. With that flag I found out the network firewall was blocking specific requests. After fixing that, Windows was able to find updates again.

Get a list of available updates:

Get-WindowsUpdate -MicrosoftUpdate -Verbose


VERBOSE: GATEWAY (5-1-2020 13:15:47): Connecting to Microsoft Update server. Please wait...
VERBOSE: Found [3] Updates in pre search criteria
VERBOSE: Found [3] Updates in post search criteria

ComputerName Status     KB          Size Title
------------ ------     --          ---- -----
GATEWAY      -------    KB4533002   63MB 2019-12 Cumulatieve update voor .NET Framework 3.5 en 4.8 voor Windows 10 V...
GATEWAY      -------    KB2267602  720MB Beveiligingsinformatie-update voor Windows Defender Antivirus - KB2267602 (...
GATEWAY      -------                 3MB Intel - net - 8/26/2019 12:00:00 AM -

Install everything without prompting:

Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot


X ComputerName Result     KB          Size Title
- ------------ ------     --          ---- -----
1 GATEWAY      Accepted   KB4533002   63MB 2019-12 Cumulatieve update voor .NET Framework 3.5 en 4.8 voor Windows 10...
2 GATEWAY      Downloaded KB4533002   63MB 2019-12 Cumulatieve update voor .NET Framework 3.5 en 4.8 voor Windows 10...
3 GATEWAY      Installed  KB4533002   63MB 2019-12 Cumulatieve update voor .NET Framework 3.5 en 4.8 voor Windows 10...

Everything includes updates for office and other microsoft products. Accept all and autoreboot are self-explanatory I think.

If you omit the flags and just use Install-WindowsUpdate, it will ask you to accept each update and confirm the reboot.

Extended usage

The module seems to be quite comprehensive, including support for remote computers, WSUS servers, uninstalling updates, search filtering and a few more bits and pieces I have no use for at the moment. This website describes the usage in more details.

For me, just having the commandline to list and install updates was good enough.

Tags: blog , microsoft , powershell , server , updates , windows