Howto initiate Windows Update on server core from a PS remote session?

Question

When I am logged in via remote desktop on a Windows Server 2012 R2 Core machine I can trigger the windows update by running sconfig.cmd. This however fails when its getting called within a PS remote session:

Enter-PSSession -ComputerName server2

This is what sconfig complains about. It basically says that it can't find a specific registry value. A funny thing to note is that Microsoft choose VBScript over PowerShell to program this CLI interface...

[server2]: PS C:\> sconfig

C:\>echo off
sconfig : FEHLER: Der angegebene Registrierungsschl?ssel bzw. Wert wurde nicht gefunden.
    + CategoryInfo          : NotSpecified: (FEHLER: Der ang...nicht gefunden.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError

Microsoft (R) Windows Script Host, Version 5.8
Copyright (C) Microsoft Corporation. Alle Rechte vorbehalten.

System wird ?berpr?ft...

[...]

14) Server herunterfahren
15) Zur Befehlszeile wechseln

C:\Windows\System32\de-DE\sconfig.vbs(326, 1) Laufzeitfehler in Microsoft VBScript: Eingabe hinter Dateiende.

How should/can I initiate a Windows Update when being logged in via PS remote session?

I don't read German, but is that a Permissions/access denied message? Fact of the matter is that it's a huge pain to install Windows Updates remotely without something like SCCM or WSUS. Every method I've seen, that actually works, relies on PSexec (or similar) to execute the command locally, but from a remote computer. I think I end up using WuInstall or BatchPatch when I need to do this sort of thing, without SCCM. There are also some PowerShell modules on Technet for this kind of thing that might be of use, by my experience with them has been very hit-or-miss. Mostly miss. — HopelessN00b, Nov 19 '14 at 19:59
Oh, almost forgot. The best free, non-trial/freemium app I've seen for remotely installing Windows Updates without SCCM/WSUS/etc. is [PoshPAIG](http://poshpaig.codeplex.com/), and [The Scripting Guy has a blog article about it you might want to check out](http://blogs.technet.com/b/heyscriptingguy/archive/2011/08/13/use-powershell-to-audit-and-install-windows-patches.aspx). It's not exactly what you're looking for, but it's as close as you'll get without rolling your own. — HopelessN00b, Nov 19 '14 at 20:07
Basically a dup of http://serverfault.com/questions/336705/issues-with-patching-servers-remotely-using-winrm-and-microsoft-update-session — Zoredache, Nov 19 '14 at 20:43
@Zoredache But the answers there suck. Yours is much better, and I wouldn't vote to dupe close this on that basis alone. — HopelessN00b, Nov 19 '14 at 21:13

Zoredache · Accepted Answer · 2021-02-24T17:50:17.033

7

You can't actually trigger that directly over winrm/winrs.

A somewhat popular powershell module (PSWindowsUpdate) for performing Windows Updates from Powershell exists, and to perform updates on a remote system it actually copies the module to the remote system and schedules a new one-time task on the remote system.

In the invoke-WUInstall.ps1 file it has this comment about remotely triggering an update.

Use Invoke-WUInstall to invoke Windows Update install remotly. It Based on TaskScheduler because CreateUpdateDownloader() and CreateUpdateInstaller() methods can't be called from a remote computer - E_ACCESSDENIED.

edited Feb 24 '21 at 17:50

answered Nov 19 '14 at 20:42

Zoredache

130,897
41
276
420

The link is dead – Vadzim Feb 24 '21 at 08:52
1

@Vadzim updated, the module is PSWindowsUpdate. – Zoredache Feb 24 '21 at 17:50

score 3 · Answer 2 · answered Feb 25 '21 at 00:51

FWIW, on Windows Server 2019, you can use

$u = Start-WUScan
$b = Install-WUUpdates $u

The array $u tells you what updates are available, if it is empty, you are done.

The boolean $b tells you whether a reboot is required. After rebooting, you should scan for updates again.

score 1 · Answer 3 · edited Jul 23 '15 at 08:01

All hail to the poster of the last comment. It works.

Get the pswidowsupdate files from the web & unzip them. Then import the module & run this code (the invoke-wsuinstall.ps1 file has the sample code but I removed a bit from it and it still works):

$Script = {Get-WUInstall -AcceptAll -AutoReboot | Out-File C:\PSWindowsUpdate.log}
Invoke-WUInstall -ComputerName computername -Script $Script
Get-Content \ \ computername\c$\PSWindowsUpdate.log

Howto initiate Windows Update on server core from a PS remote session?

3 Answers3