Recently, I ran into a challenge while creating a Windows 8.1 deployment image. I create my images just like many other IT pros do using Microsoft’s Sysprep utility. A good deployment image is current with all critical Windows Updates applied. In many cases, there are also a number of recommended and optional updates that I want incorporated into an image using PowerShell Windows update techniques.
Unfortunately, while creating an image using Sysprep’s Audit Mode in Windows 8.1, the standard Windows Update GUI isn’t an option. While in Audit Mode, Windows believes the Setup Out-of-Box Experience (OOBE) is running. By design, Windows Update will not run during the OOBE phase. This is primarily to prevent an unexpected reboot during the setup process. Leveraging the power of PowerShell windows update scripts and the ingenuity of fellow Microsoft MVP Michal Gajda, an elegant and easy solution is available. Today I’ll show you how to manage Windows updates using the PowerShell PSWindowsUpdate module.
Before I go further, let me mention that options do exist for applying updates to Windows deployment images after the fact. Primary among these is the Deployment Image Servicing and Management tool (DISM), which is great, but in some instances using this tool is an extra complexity IT pros just don’t need. These are the cases where being able to find and apply Windows Updates from within Sysprep’s Audit Mode is a major boon.
The secret to deploying Windows Updates from within Audit Mode is an excellent PowerShell module created by Michal Gajda. This module, aptly called PSWindowsUpdate, allows managing Windows Update on any computer running PowerShell 2.0 or higher. This module even enables Windows admins to check for and install updates on remote PCs and servers. PSWindowsUpdate is particularly handy for installing updates on Server Core machines that have no GUI, or in instances such as Sysprep’s Audit Mode where the Windows Update GUI doesn’t work.
This completes the one-time configuration of the module! Now it’s time to put PSWindowsUpdate to use!
When applying updates, I prefer connecting to the Microsoft Update servers. Using these instead of the standard Windows Update servers allows installing updates to Office and other Microsoft products in addition to the normal Windows updates. Unfortunately, trying to connect to the Microsoft Update servers using the PSWindowsUpdate module from a fresh Windows installation will produce an error, as shown below.
Another awesome feature of the PSWindowsUpdate module is its support of parameters. For example, using the –AcceptAll and the –AutoReboot parameters with the Get-WUInstall cmdlet changes the manual process into an automated one. Type Get-WUInstall –MicrosoftUpdate –AcceptAll –AutoReboot and press Enter. The system will download and install all available updates and then automatically reboot if any of the updates require a reboot.
Don’t want a particular update to be installed? No problem! Use Hide-WUUpdate. Selection parameters such as –Title or –KBArticleID narrow in and hide specific updates. Feel free to use wildcards with these parameters. As an example, type Hide-WUUpdate –Title “Bing*” –KBArticleID “KB2673774” –MicrosoftUpdate –Confirm:$false and press Enter to hide the Bing Bar 7.3 update.
Notice that I used the –Confirm parameter, along with the $false switch, to automatically confirm hiding the selected update. In the future the update won’t appear when listing available updates.
Did you make a mistake and hide the wrong update? No problem! Hide-WUUpdate can unhide an update by using the –HideStatus parameter with the $false switch. To unhide the update hidden earlier, type Hide-WUUpdate –Title “Bing*” –KBArticleID “KB2673774” –MicrosoftUpdate –HideStatus:$false –Confirm:$false then press Enter. As before, I used the –Confirm:$false parameter to keep everything streamlined.
I started out seeking simply to solve a challenge installing updates within Sysprep’s Audit mode. The PSWindowsUpdate module goes far beyond simply solving this problem. It offers to automate and simplify dealing with Windows Updates. In addition to all the functionality discussed in this article, it can be scripted and even used to process updates on remote computers. Want my advice? Download PSWindowsUpdate and put it to use on your systems today!
Using PowerShell Windows Update commands like Invoke-WUJob and Get-WUInstall with the -ComputerName parameter, you can schedule and execute updates across multiple servers. Create a server list file and use ForEach-Object loops to process Windows Updates in parallel, significantly reducing maintenance windows.
PowerShell Windows Update operations require proper security configurations, including RunAs Administrator privileges and specific execution policies. Implement RBAC (Role-Based Access Control) and use signed scripts to ensure secure Windows Update management through PowerShell.
Yes, PowerShell Windows Update can manage driver and firmware updates by utilizing the -Category parameter with Get-WUList and Get-WUInstall cmdlets. Specify “Drivers” or “Microsoft” as categories to filter and install specific update types.
Create custom PowerShell Windows Update reporting scripts that leverage Get-WUHistory and Get-HotFix cmdlets. Export results to CSV files or integrate with System Center Configuration Manager (SCCM) for comprehensive update tracking.
Implement PowerShell Windows Update scheduling using Task Scheduler or PowerShell jobs. Create maintenance windows during off-peak hours, set proper timeout values, and include error handling routines to manage failed updates automatically.