Using PowerShell to Manage Windows Updates

Using PowerShell to Manage Windows Updates:  PSWindowsUpdate

Often we have to update computers that have not – for whatever reason been updated in a long time. AND we often have to create new deploy images using sysprep. What usually happens is that Windows update will hang at ‘checking for updates’ for a very long time and either error out or never complete. A secret I found to deploying Windows Updates when this happens or from within Audit Mode is an excellent PowerShell module created by Michal Gajda. This module, aptly called PSWindowsUpdate, allows managing Windows Update on any computer running PowerShell 2.0 or higher. This module even enables Windows admins to check for and install updates on remote PCs and servers. PSWindowsUpdate is particularly handy for installing updates on Server Core machines that have no GUI, or in instances such as Sysprep’s Audit Mode where the Windows Update GUI doesn’t work.

· Get started by downloading the latest version of PSWindowsUpdate.zip.

image

· Once downloaded, extract the contents of the zip file to C:\Windows\System32\WindowsPowerShell\v1.0\Modules\.

image

Extracting files from PSWindowsUpdate.zip.

· Click Continue if a UAC prompt appears.

image

· When the files have been extracted into the PowerShell Modules folder, open an elevated PowerShell prompt. Change PowerShell’s Execution Policy to RemoteSigned. The RemoteSigned Execution Policy allows PowerShell scripts downloaded from the Internet to run on a PC as long as they are signed by a trusted publisher.

· Type Set-ExecutionPolicy RemoteSigned and press Enter. When prompted, confirm the change by pressing Y and then Enter.

image

Changing PowerShell’s execution policy

This completes the one-time configuration of the module! Now it’s time to put PSWindowsUpdate to use!

· If running PowerShell v2.0, type Import-Module PSWindowsUpdate and hit Enter. This isn’t necessary in PowerShell v3 and higher, but it doesn’t hurt anything either. This step simply guarantees that the modules cmdlets will be available to the PowerShell v2.0 session.

· Display a list of all the module’s available cmdlets by typing Get-Command –module PSWindowsUpdate and hitting Enter.

image

Using Get-Command -module PSWindowsUpdate.

· Possibly the most important function for getting and installing updates is Get-WUInstall. Help for each cmdlet is available, so to see full help for Get-WUInstall type Help Get-WUInstall –full and press Enter.

image

Looking at help for Get-WUInstall.

When applying updates, I prefer connecting to the Microsoft Update servers. Using these instead of the standard Windows Update servers allows installing updates to Office and other Microsoft products in addition to the normal Windows updates. Unfortunately, trying to connect to the Microsoft Update servers using the PSWindowsUpdate module from a fresh Windows installation will produce an error, as shown below.

image

· The reason for this error is because Windows is registered to use only the standard Windows Update servers by default. To use the Microsoft Update servers, the Microsoft Update Service must be registered on the computer. In the GUI, this is done by selecting the checkbox for Give me updates for other Microsoft products when I update Windows from the Control Panel – Windows Update – Change Settings applet.

· In the PSWindowsUpdate module, the same process is completed by using the Add-WUServiceManager cmdlet with the ServiceID for the Microsoft Update service specified. Type Add-WUServiceManager -ServiceID 7971f918-a847-4430-9279-4a52d1efe18d and press Enter. When prompted, confirm registering the service by typing Y and pressing Enter one more time.

image

Registering the Microsoft Update servers.

· List available updates from the Microsoft Update servers by typing Get-WUInstall –MicrosoftUpdate –ListOnly and pressing Enter. After a few moments, the system will return a list of the available updates for the current machine. No error this time!

image

· The same results are produced by typing Get-WUList –MicrosoftUpdate and pressing Enter.

image

· Type Get-WUInstall –MicrosoftUpdate and press Enter to go through the available updates, confirming installation of each one manually.

image

PSWindowsUpdate and Parameter Support

Another awesome feature of the PSWindowsUpdate module is its support of parameters. For example, using the –AcceptAlland the –AutoReboot parameters with the Get-WUInstall cmdlet changes the manual process into an automated one. Type Get-WUInstall –MicrosoftUpdate –AcceptAll –AutoReboot and press Enter. The system will download and install all available updates and then automatically reboot if any of the updates require a reboot.

image

Retrieving updates and installing automatically.

Don’t want a particular update to be installed? No problem! Use Hide-WUUpdate. Selection parameters such as –Title or –KBArticleID narrow in and hide specific updates. Feel free to use wildcards with these parameters. As an example, type Hide-WUUpdate –Title “Bing*” –KBArticleID “KB2673774” –MicrosoftUpdate –Confirm:$false and press Enter to hide the Bing Bar 7.3 update.

image

Hiding an unwanted update.

Notice that I used the –Confirm parameter, along with the $false switch, to automatically confirm hiding the selected update. In the future the update won’t appear when listing available updates.

Did you make a mistake and hide the wrong update? No problem! Hide-WUUpdate can unhide an update by using the –HideStatus parameter with the $false switch. To unhide the update hidden earlier, type Hide-WUUpdate –Title “Bing*” –KBArticleID “KB2673774” –MicrosoftUpdate –HideStatus:$false –Confirm:$false then press Enter. As before, I used the –Confirm:$false parameter to keep everything streamlined.

image

Unhiding a previously hidden update.

Once all the updates are complete make sure to open PowerShell (as Administrator) and set the Execution Policy back to ‘restricted’:

Type Set-ExecutionPolicy Restricted and press Enter. Then exit

Fix broken Dual boot machine–Linux and Vista/Windows 7

I you have a Windows machine and you’ve installed Linux (Ubuntu, Puppy or the like) and all of a sudden you can’t get into your Windows 7 or Vista Operating system you are not alone.

Many updates to both Linux and Windows seem to ‘bork’ the bootloaders of each. I just got done with a repair on a family members machine so I thought I put down what I did to fix the issue.

First and foremost I won’t say this anymore than once – HAVE YOUR SH$T BACKED UP REGULARLY! I have written so many articles on backups if, by now, you don’t have a back up and recovery solution you deserve to get f&^ked.

OK so let’s start. The system I was recovering was a Windows Vista installation that had recently had Ubuntu 11.04 installed ‘on top of/along side of’ the existing Windows installation – making for a ‘Dual Boot’ system.

After Ubuntu updated the Vista installation became un usable – the system would only boot into Ubuntu and would crash if trying to get into Vista.

You will need to boot with your Vista/Windows 7 installation disk. A repair disk will do. If you don’t have a Vista installation or repair disk you can check out here for information on how to create on. If you don’t have a Windows 7 installation or repair disk you can go here the process is simple.

Put you repair/installation disk in the drive and start your computer off of the DVD/CD. This often entails holding or hitting the ‘F12’ key and selecting the option to boot from the optical/dvd drive.

Hit Enter at the language selection prompt

WelcomeToVistaSetup

then hit "R" to get to the repair section. You can then select the automatic boot repair tool, but it often will not do any good. Try that at least once. If it doesn’t work then select the command prompt (console)

SystemRecoveryOptions

and type in the following commands:

On Vista:
bootrec.exe /fixmbr
then hit enter
Then type in:
x:\boot\bootsect.exe /nt60 all /force
then hit enter (you may get error, just ignore for now)

On Windows 7:
bootrec.exe /fixmbr
Then hit enter
bootsect.exe /nt60 all /force
Then hit enter (again you may get error – just ignore)

Then type in:
BootRec.exe /FixBoot

DON”T EXIT THE COMMAND PROMPT YET!

Next type in:
attrib bcd -s -h -r C:\boot\BCD
Then hit enter

Next type in:
ren c:\boot\bcd bcd.old
Then hit enter

Then type in:
BootRec.exe /ScanOs
and Enter

Then type in:
bootrec.exe /rebuildbcd
And enter again

Type in:

Exit. and reboot your system.

HOPEFULLY you will be able to get back in.

If not be prepared to spend a few hours or more searching the web for solutions. Or better yet just restoring your system from a backup image Smile