Windows – Remotely install Windows Updates with PsExec

windowswindows 7windows-update

Problem I am working on : I am now in charge of all the Windows machines of a company. All workstations are running Windows 7, I do not have a domain and there is no Windows Server running on the network. To administrate them, I use PsExec to remotely execute commands on each workstations, like this : 

FOR /F "tokens=*" %%a IN (E:\list-of-workstations.txt) DO CALL :theCommand %%a
PAUSE

:theCommand
FOR /F "tokens=1,2,3,4" %%a IN ("%*") DO (
        psexec \\%%a -s -u %%b -p %%c -c E:\script-to-execute-remotely.bat
)
GOTO:EOF

I now want to trigger the Windows updates on each workstations.

Research I have done :
Apparently, there is no set command you can send to Windows devices that specifically instructs them to begin installing pending updates.

Many serverfault and blogs topics recommands using third party solutions to install Windows Updates on demand but all these recommanded third party solutions can only be used if you buy them, and I don't want to.

Steps taken so far to solve the problem :
So, as far as I am, it seems that I am stuck : without a Windows server, there is no native way to specifically ask workstations to install updates and all the third party solutions I heard of are not free.

Am I right ? Do you know a way to accomplish the problem I am facing ?

Best Answer

In addition to the VBS method by Michael Bailey, I've modified a powershell script I found online (from technet somewhere, but I can't find the exact link offhand):

#Define update criteria.
$Criteria = "IsInstalled=0 and Type='Software'"

#Search for relevant updates.
$Searcher = New-Object -ComObject Microsoft.Update.Searcher
$SearchResult = $Searcher.Search($Criteria).Updates

If($SearchResult.Count -eq 0){
Write-Host "No Updates Available"
Exit
}

Write-Host "Updates Found: $($SearchResult.Count)`r`n"
$SearchResult | ForEach-Object{Write-Host "$($_.Title) `r`n"}

#Download updates.
$Session = New-Object -ComObject Microsoft.Update.Session
$Downloader = $Session.CreateUpdateDownloader()
$Downloader.Updates = $SearchResult
Write-Host "Download Results:"
$Downloader.Download()

#Install updates.
$Installer = New-Object -ComObject Microsoft.Update.Installer
$Installer.Updates = $SearchResult
$Result = $Installer.Install()
Write-Host "Install Result: $($Result.HResult) `r`n"
Write-Host "Reboot Required: $($Result.RebootRequired) `r`n"

#Reboot if required by updates.
#If ($Result.rebootRequired) { shutdown.exe /t 0 /r }

I run it using PDQ, but have used it with PSExec as well. If you want to just list updates per machine as an audit, you can cut out everything after the search section.

I also took a long look at this when I was looking for an answer to our update issues: http://blogs.technet.com/b/heyscriptingguy/archive/2011/08/13/use-powershell-to-audit-and-install-windows-patches.aspx

It looks like a tool that might fit your org well.

Related Topic