Powershell script to run 20-30 updates at a time

Question

Hi guys,

very new sysadmin here.

I've currently taken over WSUS management and have found that we haven't been updating client agent machines for several years now...
I went through the process of cleaning up superseded updates, but have found that each of my clients need around 60-70 updates.

I've tested downloading and installing all 70 at once on a test machine, but this just causes it to crash.

Is there a way in PowerShell to group updates into several batches e.g., 20-30 at a time * 3 times = 60 updates, so that my machines don't freak?

I'm considering using PSWindowsUpdate as I can simply use Get-WindowsUpdate to find available updates.

The next steps are to divide the updates into batches of 20-30, probably by using a Foreach loop, and then simply install those updates, restart my pc, and then repeat till the other batches are done too.

I think I have the logic behind this, but I am too inexperienced in scripting to even know how I would loop through these updates, what sort of objects they are and where/how I could find/reference them in my script.

Any help would be appreciated, thanks!

Answer 1

I referenced these web sites.

https://adamtheautomator.com/pswindowsupdate/
http://woshub.com/pswindowsupdate-module/

My test vm only needed 4 updates, so I installed the first 2 with this.

#import-module PSWindowsUpdate
$Updates = Get-WindowsUpdate      
$InstallKB = ($Updates).KB | Select-Object -First 2
$InstallKB
Get-WindowsUpdate -KBArticleID $InstallKB -Install -Confirm -AcceptAll -IgnoreReboot 
if ((Get-WURebootStatus -Silent)) {
    "We need to reboot"
}        

Answer 2

Could you use PS Remoting to the servers? Or PSExec? Then you could loop through a bunch of .MSUs (the windows update installers).

Answer 3

Hi @Rita Hu -MSFT ,

thanks for taking the time to respond. I very much appreciate it.

90% of the machines I need to update run Windows Server 2012.

I have run a PowerShell script in advance to delete the chains of superseded updates, leaving only the latest ones.

I am not too concerned as to whether or not we have received the right updates - the previous admin has set up client agents to only receive critical + security updates.
The only issues are the persistent crashing and time-sink of having to remote into each client agent, then push 20 or so updates at a time.

Are there any alternatives to this brute-force method?

Thanks again!

Answer 4

@MotoX80
Thanks for your sharing on this forum. I totally agree with you. In my opinion, connecting to the Internet and scanning for the updates from the Internet is the best choice.

@Jayjay221
In addition, the Windows Server 2012 servers are not the same. For example, the Server 1 installed the updates which Server 2 didn't. So it is difficult for us to run the PowerShell scripts to deploy the updates. In my opinion, the better choice is to let the server to choose and install the missed updates.

Hopefully I'll describe myself clearly.

Have a great day.

Best regards,
Rita

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 5

@Jayjay-1872
Thanks for your posting on Q&A.

I've currently taken over WSUS management and have found that we haven't been updating client agent machines for several years now...

What is the windows Version and OS build version of the machines? We could run the winver command on the RUN to confirm.

I went through the process of cleaning up superseded updates, but have found that each of my clients need around 60-70 updates

In fact, a lot of superseded updates will shown as Needed on the WSUS console. But we should only install the latest updates. Because all the previous Cumulative Updates will included into the Latest Cumulative Update. Please make sure you have approve the indeed Needed updates. It will be better if you could provide the related screenshot :) Thanks for your cooperation in advance.

In addition, we could apply the Specify source service for specific classes of Windows Updates policy and push the clients to scan for updates from the Internet and then install all the Needed updates. Then we could convert to the configuration back.
Please review the link to know more about the policy.

I didn't found any PowerShell scripts which we group updates into several batches and deploy for the clients. I will research further and will come back as soon as possible if there are any good news.

Hope the above will be helpful. Have a great day.

Best regards,
Rita

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.