PSWindowsUpdate: Managing Windows Updates from PowerShell

To manage Windows updates via the command line interface, it is very convenient to use the special PSWindowsUpdate module for PowerShell. PSWindowsUpdate is not integrated with Windows and is a third party module available in the Technet Script Gallery. PSWindowsUpdate allows administrators to remotely check, install, uninstall, and hide updates on Windows servers and workstations. The PSWindowsUpdate module is especially useful for managing updates in the Windows server kernel, in non-GUI versions of Hyper-V, and when configuring a Windows image in audit mode.

PSWindowsUpdate: Installing the Windows Update PowerShell Module

You can install the PSWindowsUpdate module on Windows 10 and Windows Server 2016 from the online repository (PSGallery) using a PackageManagement command:

InstallModule -Name PSWindowsUpdate

In my case a warning appeared that PSWindowsUpdate is already installed. To install a newer version of a module, run the command :

InstallModule -Name PSWindowsUpdate -Force

Once the installation is complete, you should check the package:

Get the package – PSWindowsUpdate name


If you have an older version of Windows (Windows 7/8.1/Windows Server 2008 R2/2012 R2) or do not have direct access to the Internet, you can install PSWindowsUpdate manually.

This module can be installed on any supported version of Windows, starting with Vista / Windows Server 2008 with PowerShell 2.0 installed (although PoSh 3.0 or later is recommended).

  1. Download the latest version of PSWindowsUpdate from this page: and unlock the downloaded file. Please note that only an older version of the module – v 1.5.6 – is available in the TechNet Script Gallery. While the NuGet Package Manager installs PSWindowsUpdate from PowershellGallery. The available PowerShell commands and options may vary between different versions of the module.
  2. Unpack the archive of the PS module in one of the following folders: %USERPROFILE%DocumentsWindowsPowerShellModules or %WINDIR%System32WindowsPowerShellv1.0Modules (the latter is preferred if you use the module frequently) ;
  3. Allow implementation of : Enforcement policy – Scope Process – Unlimited enforcement policy – Strength
  4. Import the module in a PowerShell session: PSWindowsUpdate Note Under Windows 7/ Windows Server 2008 R2, the following error may occur when importing the PSWindowsUpdate module: The term Unlock file is not recognized as a command name. Indeed, the module uses some functions that are new in PowerShell 3.0. To use these functions, it is necessary to either update the PowerShell version or manually remove the | Unlock line from the PSWindowsUpdate.psm1 file.

After installing the PSWindowsUpdate module on your computer you can use the command Update-WUModule to install it remotely on other computers or servers. All the way to the z. For example, to copy the PSWindowsUpdate module from your computer to two remote servers, execute the commands (you need to access the remote servers using the SMB protocol, TCP port 445):

Objectives = contoso-fs02, contoso-db01
Update -WUModule -ComputerName $Targets -Local

To save (export) the PoSh module to a shared network folder for later import to other computers, run it:

Storage Module -Name PSWindowsUpdate -Path \contoso-fs02ps Modules

Overview of PSWindowsupdate cmdlets

The list of available commands in the PSWindowsUpdate module can be displayed as follows:

get-command – PSWindowsUpdate module

Let’s briefly describe how to use the module’s commands:

  • Clear-WUJob – Use Get-WUJob to call WUJob in the task scheduler ;
  • Download-WindowsUpdate (also called Get-WindowsUpdate -Download) – retrieves and downloads the list of updates;
  • Get-WUInstall, Instl-WindowsUpdate (an alias for Get-WindowsUpdate -Install) – installs ;
  • Hide-WindowsUpdate (also called Get-WindowsUpdate -Hide:$false) – Hide the update ;
  • Delete – Windows Update – Delete the update with the function Delete – Windows Update ;
  • Add-WUServiceManager – Registers the Update Server (Windows Update Service Manager) on the Computer ;
  • Enable-WUREMOTING – enable the Windows Firewall rules to allow the use of PSWindowsUpdate commands remotely;
  • Get-WindowsUpdate (Get-WUList) – displays the list of updates that meet the specified criteria, so you can search for and install updates. This is the main task of the PSWindowsUpdate module. Allows you to download and install updates from a WSUS or Microsoft Update server. Allows you to select update categories, select specific updates, and set rules for restarting your computer when you install updates;
  • Get-WUApiVersion – Determines the version of the Windows Update Agent on the ;
  • Get-WUHistory – displays a list of installed updates (update history);
  • Get-WUInstallerStatus – checks the status of the Windows Installer ;
  • Get-WUJob – Performs WUJob update tasks in the task scheduler ;
  • Get-WULastResults – data from the last search and installation of updates (LastSearchSuccessDate and LastInstallationSuccessDate) ;
  • Get-WURebootStatus – allows you to check whether a reboot is required to apply a particular update;
  • Get-WUServiceManager – List of Update Sources ;
  • Get-WUSettings – Gets the settings from the Windows Update client;
  • Invoke-WUJob – Call WUJobs remotely in the task scheduler for immediate execution of PSWindowsUpdate commands ;
  • Delete Windows Update – allows you to delete the update with KB ID ;
  • Uninstall-WUServiceManager – Turns off the Windows Update Services Manager ;
  • Set-PSWUSettings – Saves the parameters of the PSWindowsUpdate module in an XML file ;
  • Set-WUSettings – Configure the settings of the Windows Update client;
  • Update-WUModule – updates the version of the PSWindowsUpdate module (you can update the module on a remote computer by copying it from the current computer or updating it from PSGallery).


PowerShell: List of all available Windows updates for your computer

The available updates for this computer can be listed on the update server using the Get-WindowsUpdate or Get-WUList commands.


To check the list of available updates on the remote computer, run this command:

Get-WUList -Computer name contoso-fs2

You can check where Windows updates should come from. Execute the following command:

Get-WUServiceManager .

ServiceID Managed IsDefault Name
——— —-
8b24b027-1dee-babb-9a95-3517dfb9c552 False DCat Flighting Prod
855e8a7c-ecb4-4ca3-b045-1dfa50104289 False Windows Store (DCat Prod)
3da21691-e39d-4da6-8a4b-b43877bcb1b7 True Windows Server Update Service
9482f4b4-e343-43b6-b170-9a65bc822c777 False Windows Update

As you can see, the computer is configured to receive updates from the local WSUS server (Windows Server Update Service = True). In this case, you should see a list of updates released for your computer.

If you want to check your computer for Microsoft Update servers on the Internet (these servers contain updates for Office and other Microsoft products in addition to Windows), run this command:

Get-WUlist -MicrosoftUpdate

You’ll get this warning:

Get-WUlist : The Windows Update service was not found on the computer. Use Get-WUServiceManager to retrieve a registered service.

Run this command to enable scanning by Microsoft Update:

Add-WUServiceManager -ServiceID 79718-a847-4430-9279-4a52d1efe18d -AddServiceFlag 7

You can now search for Microsoft Update. As you can see, additional updates for Microsoft Visual C ++ 2008 and Microsoft Silverlight have been found in this case.


To check the version of the Windows Update Agent on the computer, run the command:


Computer name PSWindowsUpdate PSWUModuleDll ApiVersion WuapiDllVersion
———— ————— ————- ———- —————
DESKTOP-J . 2.0.6995.28496 8.0 10.0.18362.387

To remove specific products or packages from the list of updates your computer has received, you can exclude them:

  1. Category (-no category) ;
  2. Title (-Not category) ;
  3. Update number (-NotKBArticleID).

For example, exclude OneDrive, the drivers and a specific KB from the update list:

Get-WUlist -Unusual Category Drivers -NotTitle Single Disk Drive -NotKBArticleID KB4489873

Installing the Windows update: Installing Windows updates using PowerShell

To automatically download and install all available updates for your computer, run the command:

Install-WindowsUpdate -MicrosoftUpdate -AccessAll -AutoReboot

The Accept All button accepts the installation of all service packs, and the automatic restart automatically restarts Windows after the installation of the updates.

You can save the installation history of the updates in a log file (you can use this instead of the WindowsUpdate.log file).

InstallWindowsUpdate -AcceptAll -Install -AutoReboot | Out-File c:logs$(get-date -f yyyy-MM-dd)-WindowsUpdate.log -force

You can only install specific service packs per KB number:

Get-WindowsUpdate -KBArticleID KB2267602, KB4533002 -Installation


In this case, you must confirm the installation of each update manually.

If you want to exclude certain updates from the installation list, execute this command:

InstallWindowsUpdate -NotCategory Drivers -NotTitle OneDrive -NotKBArticleID KB4011670 -AcceptAll -IgnoreReboot

Installing Windows update on remote computers using PowerShell

The PSWindowsUpdate module allows you to remotely install updates on multiple workstations or servers at the same time (PSWindowsUpdate must be installed/imported on these computers). This is very convenient because the administrator does not have to log in manually to all servers when updates need to be installed.

You can use almost any command in the PSWindowsUpdate module to manage and install updates on remote computers. Use the attribute: -computer name contoso-fs01, contoso-fs02, contoso-fs03

To manage updates on remote computers, you must add the host names to the winrm list of trusted hosts:

winrm set winrm/config/client ‘@{TrustedHosts=contoso-fs01,contoso-fs02,contoso-fs02,}}”.

Install the PSWindowsUpdate module on remote computers and access the dllhost.exe process via dynamic RPC ports in the Windows Defender Firewall.

The following command installs all available updates on the three remote servers:

Invoke-WUInstall -ComputerName contoso-fs01, contoso-fs02, contoso-fs03 -Script {ipmo PSWindowsUpdate; Get-WindowsUpdate -Install -AcceptAll -AutoReboot| Out-File C:WindowsWindowsUpdatelog } -Confirm:$false -Verbose -SkipModuleTest -RunNowIn PSWindowsUpdate 2.1, you must use the Invoke-WUJob command instead of Invoke-WUInstall. This command creates a planning task on the remote computer running in the SYSTEM.

In new versions of the PSWindowsUpdate module, use the following command to remotely install updates on multiple computers :

$ServerNames = contoso-fs01, contoso-fs02, contoso-fs03
Invoke-WUJob -ComputerName $ServerNames -Script {ipmo PSWindowsUpdate; InstallWindowsUpdate -AcceptAll | Out-File C:WindowsPSWindowsUpdate.log } -Confirm:$false

You can install the updates on the remote computer and e-mail the report to the administrator:

InstallWindowsUpdate -ComputerName contoso-fs01 -MicrosoftUpdate -AcceptAll – IgnoreReboot -SendReport -PSWUSettings @{;From=[protected by email];To=[protected by email];Port=25}. -Verbose

Get-History: Viewing the Windows update history using PowerShell

You can use the Get-WUHistory command to get a list of updates previously installed on your computer, either automatically or manually.


You can get information about the installation date of a specific update:

Get-WUHistory| Where-Object {$_.Title -match KB4517389} | Select-Object *|ft


You can use this PowerShell code to see if an update has been installed on multiple remote computers:

contoso-fs01,contoso-fs02 | Get-WUHistory| Where-Object {$_.Title -match KB4011634} | Select-Object *|ft

Delete the update window: WindowsRemove Updates

To properly remove PowerShell updates, you can use the Remove-WindowsUpdate cmdlet. Just enter the KB number as an argument for the KBArticleID parameter. To delay the automatic restart of the computer, add the -NoRestart key:

Remove-WindowsUpdate -KBArticleID KB4489873 -NoRestart

Window coveringsUpdated: How do I hide Windows updates with PowerShell?

You can hide certain updates so that Windows Update never installs them on your computer (usually you want to hide driver updates). For example, to hide updates KB4489873 and KB4489243, execute these commands:

$HideList = KB4489873, KB4489243
Get-WindowsUpdate -KBArticleID $HideList -Hide


Now, the next time you use the Get-WUInstall command to check for updates, hidden updates will not appear in the list of updates available for installation.

This allows you to view a list of updates that are hidden on this computer:

Get-WindowsUpdate -Hidden

Note that the H (Hidden) attribute has appeared in the Update Hidden Status column.


To remove an update from the hidden, execute this command:

Get-WindowsUpdate -KBArticleID $HideList -Hidden -Hide:$false

or… :

Show-WindowsUpdate -KBArticleID $HideList

For those who are not familiar with the PowerShell console, I recommend the Windows Update MiniTool graphical package to manage Windows 10 updates.

Related Tags:

netflix on family link,can you share location on an android,family link android,how to track family members on google maps,google family link your device is offline,location sharing setting injector service,child phone monitoring free,how to see what my kid is doing online,famisafe child tracker,best phone tracking app uk,the spy bubble,kids location tracker,family orbit reviews,programs to monitor iphone activity,icloud track,find my phone for android and iphone,android iphone gps tracker,find my parents'' app,locate a cell phone position free online,track a cell phone location by number,track my phone for free online,best phone tracker app without permission,how to track a phone without them knowing,find my kids iphone,kid finder,find my kids mod apk,volkano gps watch app,best phone tracking app for family,tracing agent,best free child tracking app for iphone,can i track my child with apple watch,find my kids watch reviews,iphone parental tracking,how to monitor my sons iphone,best free child tracking app australia,xplora 2,track my child's phone uk,famisafe vs life360,accurate location tracker,most accurate phone tracker,family link,mspy mspy,mamabear app,family orbit,how to track my daughter's iphone location,how to track your child's android phone,find my kids,my daughter ran away how can i track her phone,find my kids app,best free child tracking app,track my child's phone without them knowing