Since Windows 10 1709 and Server 2019, Microsoft has been shipping the Windows Update Provider PowerShell module with the OS. Its functions master the basic tasks of patch management. Admins can also use them to remotely initiate the download and installation of updates.

While most Windows features have long supported detailed automation via PowerShell, this option was missing for the update client; it is now available to a limited extent. Compared to the popular PSWindowsUpdate by Michal Gajda, Microsoft's own module is less powerful.

Availability as an advantage ^

The main advantages of Windows Update Provider are its official support by Microsoft and that all newer versions of the operating system already have it on board. Therefore, when using it for remote management, you can assume that the required functions are already available on the target computer. In contrast, third-party modules must first be installed on every managed PC.

However, it is not possible to copy Microsoft's Windows Update Provider to older versions of Windows, such as Server 2012 R2 or 2016, because the CIM class required by the functions does not exist on those versions.

More control over updates ^

Command line tools such as usoclient.exe, wuinstall, or PowerShell cmdlets give admins more control over the update process because they can explicitly request the scan, download, install, or restart. This is useful, for example, if you want to secure a freshly installed computer by installing the latest patches. In addition, PowerShell is useful on Server Core because there is no GUI for managing updates.

Overview of the range of functions ^

If you search for Windows Update modules using

then the command returns two results. While one of them is WindowsUpdate, the module only contains a function called Get-WindowsUpdateLog.

The commands intended for the management of the update client can be found in WindowsUpdateProvider. They can be listed with:

As you can see, these are not cmdlets but only functions.

Functions of the WindowsUpdateProvider module

Functions of the WindowsUpdateProvider module

For example, if you want to display the contents of Start-WUScan with

then you can see that this function operates on the basis of the CIM class MSFT_WUOperations. The same applies to Install-WUUpdates.

The functions of the WindowsUpdateProvider module use the methods of the CIM class MSFT WUOperations

The functions of the WindowsUpdateProvider module use the methods of the CIM class MSFT WUOperations

While Get-WULastInstallationDate and Get-WULastScanSuccessDate are used to examine previous updates, and Get-WUAVersion outputs the version of the client, the three remaining functions provide the actual update management.

Checking for updates ^

As the name suggests, Start-WUScan looks for available updates. You cannot specify a source for updates; rather, the function queries the update server configured on the computer. This is a WSUS server in most cases.

If you don't specify any parameter, all updates that apply to the system will appear in the results. The only way to restrict the list is with SearchCriteria, which you have to pass a search expression:

The permitted search criteria follow the syntax described in the API documentation, but Microsoft does not offer any specific information on WindowsUpdateProvider as a whole.

As an alternative to the settings app, you can use Start WUScan to check for new updates

As an alternative to the settings app, you can use Start WUScan to check for new updates

For example, it is practical to query remote computers to find out whether a specific update is installed there. Since the ComputerName parameter is not supported, you have to use the Invoke-Command:

After executing the command, the variable $u will contain all updates which match the search criteria.

Downloading and installing updates ^

If you want to install pending updates, you have to save the result of Start-WUScan in a variable, as in the example above. You then pass this on to Install-WUUpdates. But first you establish a CIM session on the remote computer:

This example command only downloads the updates.

Find, download, and install updates on a remote PC with the WindowsUpdateProvider functions

Find, download, and install updates on a remote PC with the WindowsUpdateProvider functions

You then initiate the actual installation by executing Install-WUUpdate once more without the DownloadOnly switch:

Querying pending reboot ^

If the computer must be restarted after installing updates, you cannot initiate it via Install-WUUpdates. However, it is possible to query whether a reboot is pending with another function of this module:

If the command yields the value $true, then you can reboot the PC at the desired time using the Cmdlet Restart-Computer.

After installing the updates, you can query a pending reboot with Get WUIsPendingReboot

After installing the updates, you can query a pending reboot with Get WUIsPendingReboot

Get-WUIsPendingReboot can also be used to query a pending reboot of a remote computer.

Check remotely whether a restart is required

Check remotely whether a restart is required

The function simplifies this task considerably compared to the method that looks for it in the registry.

Conclusion ^

With the WindowsUpdateProvider module, Microsoft has provided the basic functions for managing updates via PowerShell, beginning with Windows 10 1709 and Server 2019. They are particularly suitable for updating computers remotely. However, the integrated module does not come close to the capabilities of PSWindowsUpdate.

Join the 4sysops PowerShell group!

Your question was not answered? Ask in the forum!

5+

Users who have LIKED this post:

  • avatar
  • avatar
Share
9 Comments
  1. Thanks for the article, just a confirmation, this is only for Windows Server 2019 and not for 2016 ?

    0

  2. I guess this is the same thing that the WIMwitch.ps1 script you wrote a while ago is using?

    0

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account