Remotely install Windows Updates with PsExec

Question

Problem I am working on : I am now in charge of all the Windows machines of a company. All workstations are running Windows 7, I do not have a domain and there is no Windows Server running on the network. To administrate them, I use PsExec to remotely execute commands on each workstations, like this :

FOR /F "tokens=*" %%a IN (E:\list-of-workstations.txt) DO CALL :theCommand %%a
PAUSE

:theCommand
FOR /F "tokens=1,2,3,4" %%a IN ("%*") DO (
        psexec \\%%a -s -u %%b -p %%c -c E:\script-to-execute-remotely.bat
)
GOTO:EOF

I now want to trigger the Windows updates on each workstations.

Research I have done : Apparently, there is no set command you can send to Windows devices that specifically instructs them to begin installing pending updates.

Many serverfault and blogs topics recommands using third party solutions to install Windows Updates on demand but all these recommanded third party solutions can only be used if you buy them, and I don't want to.

Steps taken so far to solve the problem : So, as far as I am, it seems that I am stuck : without a Windows server, there is no native way to specifically ask workstations to install updates and all the third party solutions I heard of are not free.

Am I right ? Do you know a way to accomplish the problem I am facing ?

Sorry that I can't provide a direct answer. I would ask you this though: Is there any particular reason why you *can't* invest into a third party product or a domain oriented solution like AD other than not wanting to? There may be a solution for the current problem, but experience tells me that similar issues will likely crop up sooner or later. Being able to do things like distribute patches for other products (Adobe, Wireshark, etc.) may become *extremely* important. Having a good baseline in GPO can also be really important if your company is at all concerned with security. — Sawta, Jul 01 '15 at 15:20
Thank you for answering. This is my boss who doesn't want to. Maybe I can convince him to pay for an annual licence of softs like WuInstall or BatchPatch, but I surely can't convince to buy a new server, Windows Server licence plus all the CAL, that would be a real budget. — dbourcet, Jul 01 '15 at 15:40

score 2 · Answer 1 · answered Jul 07 '15 at 16:54

In addition to the VBS method by Michael Bailey, I've modified a powershell script I found online (from technet somewhere, but I can't find the exact link offhand):

#Define update criteria.
$Criteria = "IsInstalled=0 and Type='Software'"

#Search for relevant updates.
$Searcher = New-Object -ComObject Microsoft.Update.Searcher
$SearchResult = $Searcher.Search($Criteria).Updates

If($SearchResult.Count -eq 0){
Write-Host "No Updates Available"
Exit
}

Write-Host "Updates Found: $($SearchResult.Count)`r`n"
$SearchResult | ForEach-Object{Write-Host "$($_.Title) `r`n"}

#Download updates.
$Session = New-Object -ComObject Microsoft.Update.Session
$Downloader = $Session.CreateUpdateDownloader()
$Downloader.Updates = $SearchResult
Write-Host "Download Results:"
$Downloader.Download()

#Install updates.
$Installer = New-Object -ComObject Microsoft.Update.Installer
$Installer.Updates = $SearchResult
$Result = $Installer.Install()
Write-Host "Install Result: $($Result.HResult) `r`n"
Write-Host "Reboot Required: $($Result.RebootRequired) `r`n"

#Reboot if required by updates.
#If ($Result.rebootRequired) { shutdown.exe /t 0 /r }

I run it using PDQ, but have used it with PSExec as well. If you want to just list updates per machine as an audit, you can cut out everything after the search section.

I also took a long look at this when I was looking for an answer to our update issues: http://blogs.technet.com/b/heyscriptingguy/archive/2011/08/13/use-powershell-to-audit-and-install-windows-patches.aspx

It looks like a tool that might fit your org well.

GeraldDC · Answer 2 · 2015-10-16T21:02:34.107

1

For pushing updates with psexec check out this article: http://techthoughts.info/remotely-install-windows-updates/

This probably describes quite exactly how to do what you would like to accomplish - Basically you use the third party command line tool wuinstall via psexec to push updates to remote machines via shell scripts

edited Oct 16 '15 at 21:02

answered Oct 16 '15 at 20:22

GeraldDC

31
2

2

Could you summarize the link, rather than simply linking? We like to have the answer here, in case of link rot. – Katherine Villyard Oct 16 '15 at 20:38
Sure - just updated – GeraldDC Oct 16 '15 at 21:02
2

WUInstall is a commercial program with a starting price of 290$! – Alex Stragies Jul 14 '17 at 08:08

score 0 · Answer 3 · answered Jul 02 '15 at 05:43

0

The good people at SevenForums have a script I don't have the chance to test in VBS to do this. http://www.sevenforums.com/windows-updates-activation/235764-run-window-update-command-line.html

VBS scripts can be written and triggered through the command line.

In addition, you could manipulate the registry key that handles automatic updating. But that's not a perfect answer.

answered Jul 02 '15 at 05:43

Michael Bailey

462
2
12

Thank you for answering. I will give it a try next week and tell you. – dbourcet Jul 02 '15 at 14:02
I have a virtual machine I can waste, I'll try it here. – Michael Bailey Jul 04 '15 at 01:41
It gives odd stuff involving input. I'm just trying to subvert the Yes/No entirely. I'd gain value from this as well so I'll play with it. – Michael Bailey Jul 04 '15 at 02:27
It works okay, I just don't have time to run all the way through it. I made it up until installing. I may just be having issues because I'm not running genuine windows in my VM. – Michael Bailey Jul 04 '15 at 20:16
I added Genuine Windows and it's kinda weird about when to actually reboot should updates require a reboot. Lemme know if it works in your actual environment. – Michael Bailey Jul 07 '15 at 17:13

Remotely install Windows Updates with PsExec

3 Answers3