- SmartDeploy: Rethinking software deployment to remote workers in times of a pandemic - Thu, Jul 30 2020
- Outlook attachments now blocked in Office 365 - Tue, Nov 19 2019
- PolicyPak MDM Edition: Group Policy and more for BYOD - Tue, Oct 29 2019
Windows Server Update Services (WSUS) and System Center Configuration Manager (SCCM) are great at 30,000 feet. For our readers who use a rational system, that's like 9,000 meters. The point is—managed update environments are great for general widespread tasks. But they're horrible for specific actions and specific update scenarios. Managed environments cannot quickly distribute vital patches, control drivers, or simplify upgrade deployments.
Considering how important Windows Update is in the Microsoft ecosystem, it's crazy there isn't a robust command-line tool for tasks and scripting. In the past, I've used a few standalone functions and tried the Windows Update modules for PowerShell, released in version 1709. With these other solutions, I've always found them lacking in features.
Just six options are available in the WindowsUpdateProvider PowerShell module
The screenshot above shows the options available natively in PowerShell. As you can see, there isn't much. You might be wondering why you need a command-line tool to manage updates. Let me show you three common problems and how WuInstall solves them.
To follow along with these solutions, download WuInstall from here. It's a standalone tool, so there's nothing to install. Just extract the files to a folder accessible by computers in your network. Launch an administrative PowerShell/cmd prompt from that folder and run wuinstall.exe once to accept the end-user license agreement (EULA). On to our first problem!
Managing Microsoft Surface updates
To manage certain devices on older WSUS/SCCM instances, one recommended solution is to bypass managed updates entirely! This is notably true for Surfaces. Because this can lead to deployment of untested updates and feature upgrades, this solution is not optimal.
With WuInstall, you can keep these devices under your update umbrella. When updates are released, you can run the following command to see what's available:
wuinstall.exe -search
Unlike the Windows Update GUI, this option allows you to see the updates that would apply without automatically downloading and installing them. In a managed environment, the default search server looks at WSUS/SCCM.
To see what's available from Microsoft, run:
wuinstall.exe -search -useupdateservice MicrosoftUpdate
This Surface Book has 49 updates available from Microsoft not distributed by WSUS
With the list the command above returns, you can filter down to the exact updates you need to install. These might include Surface firmware updates or drivers. Once you are comfortable with the filtered updates, you can save that information or export the updates. Change the command to something like this where SurfaceUpdates.txt contains the list of tested updates:
wuinstall.exe -install -useupdateservice MicrosoftUpdate -matchfile SurfaceUpdates.txt
Deploying Windows Update drivers
As you probably know, no native or filterable solution allows managed environments to deploy drivers. In fact, the drivers category doesn't even exist on newer WSUS/SCCM instances!
Using Software Update Point to deploy drivers? Not since 2007!
If you try to search based off the Windows 10 drivers product, you'll find no results. The online Microsoft Update Catalog contains 60,000+ drivers available for non-managed clients to download.
No drivers are available in a managed environment
Unless you have standard hardware and regularly deploy driver update packages, your machines probably are not receiving certified driver updates. With WuInstall, you can specifically target driver updates to your machines while keeping devices managed. The command below lets you search for any missing drivers from Microsoft Update but not install them (yet).
wuinstall.exe -search -useupdateservice MicrosoftUpdate -driveronly
Wuinstall found 7 drivers from Microsoft that were applicable.
You can filter this list down to a single driver or install all of them with this command:
WuInstall.exe -install -useupdateservice MicrosoftUpdate -driveronly
Control Windows 10 feature updates and upgrades
The final way WuInstall can help is by bringing some sanity to the Window 10 feature updates and upgrades cycle. Instead of using fancy task sequences or complicated service plans, you can treat these upgrades as normal updates.
By handling these installs like normal updates, you can do things like suppress reboots and allow users to keep using their computers. Here's how to search for these updates:
wuinstall.exe -search -match "feature"
Once you're ready to install, run this command:
wuinstall.exe -install -show_progress -logfile wuinstall.log -xmlout wuinstall.xml -match "feature"
Windows Update needs a command-line tool
When you combine a managed update environment with WuInstall, your update environment becomes scriptable and flexible. You can use WuInstall as a single command-line tool or drop commands into a script or remote session. You can centrally download updates, such as drivers, to package up for imaging. If you use an imaging tool like SCCM or Microsoft Deployment Toolkit (MDT), you can even embed WuInstall as your update mechanism to give you maximum control over the updating steps.
Subscribe to 4sysops newsletter!
With these three solutions, I hope you see the need for a command-line tool for Windows Update. You can download a full-featured trial from here.
i prefer pswindowsupdates, available in the powershell gallery,