Windows Update Command Line Wsus

While everyone can agree that keeping on top of updates is of paramount importance to keeping devices protected, there are several alternatives that exist to the method of downloading updates directly from each client and server device. Among these include Microsoft's own enterprise solution, Systems Center Configuration Manager (SCCM) and Windows Server Update Services (WSUS), the component that downloads patches centrally and deploys them across the network.

• Force Wsus Update Command Line
• Windows Update Command Line Wsus
• Force Windows Update Command Line
• Wsus Command Prompt

These often come with expensive licensing fees or require extensive hardware requirements that may make it difficult to manage and/or seek purchase approval from management. Adding to the complexity is the fact that updates are released at an alarming rate, with dozens of new patches being released weekly (i.e., Patch Tuesday) multiplied by the number of different operating systems supported times the number of devices in the organization, and it's easy to see how the patch management process slips under the radar of even the largest IT departments.

WSUS Offline Update is a simple, lightweight, elegant solution, released free to use under the GNU GPL license. Its tagline is, '..since security, time, and bandwidth are money.' It's aimed at streamlining the process of updating your clients and servers through an innovative use of powerful, intelligently-written scripts to download updates directly from Microsoft's public catalog servers and deploy them. When you're ready. Since the process stores updates locally, updates may be deployed offline, ensuring that your devices get inoculated against known threats and do not become compromised during a lengthy online update process.

ABC-Update is a free command-line tool that allows you to install Windows updates. It is easy to use and gives you the flexibility of deploying only specific updates in your scripts. A while back, I reviewed the comparable tool WuInstall. WuInstall has a few more switches than ABC-Update has, and it. Bypass WSUS to install Windows updates While trying to setup a Windows 2012 cluster (to be used by Hyper-V) I ran into an issue where the cluster validation tool failed. It said that the MPIO software versions were different on the nodes. Is there a command line to force to check up for update - Windows 7 Help Forums. Last edited by Callender; 28 Mar 2018 at 13:11. The 'Check online for updates from Windows Update' link is no longer in Windows 10, but you could check Windows 10 update history online if wanted. I don't know how WSUS works - I imagined updates were pushed. Trigger windows updates from command line (wuauclt.exe alternative) closed. To force windows 10 to go get it's updates (in my case from a WSUS server)? You really have not accurately described what happens when you execute the Windows Update Agent from the cmd line. – Squashman Mar 7 '17 at 20:51. WSUS Useful Client Commands WUAUCLT.exe Here is a list of useful WSUS / Windows Update client commands. Force Detection of Updates and Report to the WSUS Server.

SEE: IT leader's guide to edge computing (Tech Pro Research)

Before we dive into the crux of setting this up, there are a few requirements we'll need before starting:

• Windows PC with Windows 7 or later (Optional) or Windows Server with Windows Server 2008 or later (Recommended)
• WSUS Offline Update software extracted to directory on storage drive
• Broadband Internet Access
• Internal storage device with available space
• Optical storage device with writable DVD media (Optional)
• Switched Network Infrastructure (Optional; yet Highly Recommended)

With the minimum requirements out of the way, let's look at how to run WSUS Offline Update to create our update repository.

1. Launch the UpdateGenerator.exe extracted from the WSUS Offline Update ZIP file (Figure A).

Force Wsus Update Command Line

2. Notice there are two tabs: Windows and Office. Each one toggles the supported versions of both Windows and Office respectively (Figure B).

3. Begin by placing a check in in the box for each version of Windows you wish to download catalog updates for. Take notice that some OSes are divided into two categories based on x86 and x64 architectures. Once complete, there are additional selections in the Options section that may be optionally enabled, such as .NET Framework, Runtimes, and Windows Defender definitions for newer systems with built-in malware protection. Additionally, the ability to create ISO images or USB/external media directories may be selected on this page as well by ticking the boxes under Create ISO images.. or USB medium sections. When you're ready to begin, click the Start button to proceed.

4. The process will launch a command line window that download the catalog file for each OS version and type, and compare it to what is currently available in the repo. If it's the first time running WSUS Offline Update then the repo will be empty and all missing updates will be downloaded (Figure C).

5. The process will download all the Microsoft updates for the selected versions of Windows client and server OSes. Depending on the number of items selected and the speed of your internet connection, the initial process could take several hours to complete. Additional options such as downloading optional components and creating ISOs of the updates (more on that later) will extend the completion time. Once done, a notification will appear asking for confirmation to check the log file. Clicking Yes will open the log, while clicking No will close the app (Figure D).

6. Navigating to the Client folder located within the root of the WSUSOffline folder, you will notice the addition of several folders, each holding the updates respective of each version of Windows selected in step 3 (Figure E)(Figure F).

7. When you're ready to deploy the updates to a device - either online or offline - simply connect to the server share or external media that stores the repository created in steps 4-5. Navigate to the root folder Client, and execute UpdateInstaller.exe. Similar to the selection screen in step 3 above, place a check next to each optional entry you wish to install alongside the updates (by default, the updates are always installed). Click Start when you are ready to begin deploying (Figure G).

8. The command line will launch and examine your device to determine what updates are currently installed. Those present will be skipped, while those pending will be added to a dynamically generated list and installed sequentially. In the case of certain updates or optional components that require a reboot, the process will halt and prompt you to restart. After rebooting, rerun the .exe and it will continue from where it left off (Figure H)(Figure I).

9. When the updates have finished installing, the process will end informing you that it is complete or prompting you to reboot (Figure J)(Figure K).

Generating ISO images:

In step 3, under the section titled Create ISO image(s).., users have the ability to create ISO image(s) of the updates they've downloaded. When this box is checked, the process will create an ISO image for each version of Windows client and server selected. This can be extremely useful as the ISO file may be mounted, burned to a DVD, or copied to a USB Flash Drive for deployment to systems that have been compromised, have a poor network connection, or are otherwise inaccessible, like air gapped devices, for example (Figure L).

As the process completes downloading updates for a particular version of Windows, the script will run a subcommand to create the ISO (Figure M).

These ISO files will be written to the ISO folder located at the root of the extracted WSUSOffline directory. As an additional security precaution, hash files will also be generated for each ISO to verify the integrity of each file and protect against tampering (Figure N).

Optional Controls and Automation:

When running the UpdateInstaller.exe file to kick-off the installation of updates in step 7, there are some optional settings that may be enabled under the Control section to perform specific functions, such as verification of installation packages to ensure that the packages installed correctly and are not corrupt or broken, which could lead to system instability (Figure O).

By selecting the Automatic reboot and recall feature, you will be prompted to confirm the use of the option, as well as be informed of a few changes that are made by WSUS Offline Update to ensure that automation will occur without a hitch (Figure P).

Below is a list of changes that must be made in order for automate and recall to work as intended and pick up where it left off in the event of a system required reboot:

• The WSUS Offline Update folder where the files are extracted to must be configured as a shared folder with read permissions granted to the Anonymous security group. (This is the only change that must be made manually, all others below will be made automatically by WSUS Offline Update).
• A temporary admin account will be created and set to autologon to continue running the process with admin rights to install the updates.
• The WSUS Offline shared folder will be configured as a mapped drive to the local device, since UNC paths are not supported by the CLI.
• User Access Control (UAC) will be disabled until the update process has completed successfully.

Microsoft Weekly Newsletter

Be your company's Microsoft insider with the help of these Windows and Office tutorials and our experts' analyses of Microsoft's enterprise products. Delivered Mondays and Wednesdays

Also see:

• Network security policy (Tech Pro Research)
• Windows 10 users should wait to install the latest update-it's bricking some PCs (TechRepublic)
• Sick of Windows 10 updates taking over your PC? We've got your covered says Microsoft(TechRepublic)
• What's new in the Windows 10 April 2018 Update (ZDNet)
• Windows 10 April 2018 Update: A cheat sheet (TechRepublic)

Michael Pietroforte

Latest posts by Michael Pietroforte (see all)

• Results of the 4sysops member and author competition in 2018 - Tue, Jan 8 2019
• Why Microsoft is using Windows customers as guinea pigs - Reply to Tim Warner - Tue, Dec 18 2018
• PowerShell remoting with SSH public key authentication - Thu, May 3 2018

A while back, I reviewed the comparable tool WuInstall. WuInstall has a few more switches than ABC-Update has, and it supports caching. However, contrary to WuInstall, ABC-Update is free. Thus, if you plan to update Windows at the command prompt every now and then, ABC-Update is worth a look.

I think patch management tools will gain importance once Windows 10 is released to the public. You’ve probably heard that Microsoft is planning no major releases after Windows 10. This means that, in the future, all changes to Windows will come through Windows Update.

Enterprises will have the ability to opt out from feature updates and to automatically install security updates only. However, even the most conservative IT departments will be tempted to install one enhancement or another. And, since updates often depend on other updates, things will get complicated. If you work in a complex network, scripting gives you the maximum flexibility. This is where command-line tools such as ABC-Update come in.

ABC-Update requires .NET Framework 3.5. If you launch the tool the first time on a Windows 8.1 machine where you didn’t install this version of the framework, Windows will automatically download and install .NET 3.5.

ABC-Update itself is a standalone tool and doesn’t have to be installed. You can copy it to the folder of your choice. If you just run ABC-Update, you will get a list of all missing patches from Windows Update.

List of missing updates

Sep 30, 2019  HDD Unlock Wizard is a window based utility. It works as a new life for your locked hard disks, as it is competent to unlock almost all hard disks of major brands available in market. HDD Unlock Wizard is a freeware HDD repair software app filed under disk management and made available by A-FF Data Recovery for Windows. The review for HDD Unlock Wizard has not been completed yet, but it was tested by an editor here on a PC and a list of features has been compiled; see below. The 4.2 version of HDD Unlock Wizard is available as a free download on our website. Our antivirus scan shows that this download is malware free. This free tool was originally designed by A-FF Data Recovery. HDD Unlock Wizard is included in System Utilities. Hdd unlock wizard free.

If you have a WSUS server installed in your network, you can also bypass Windows Update and search for updates on WSUS instead by using the following command:

ABC-Update allows you to install all missing updates, only updates of a certain category (security, application, etc.) or type (software or driver), or only a specific update (KB number). The date filter, which enables you to select updates within a time period, is useful. For example, suppose you don’t want to always install updates right after they are released because you want to wait until other admins have found all the bugs. The following command lists all updates that are more than 30 days old:

Listing missing updates more than 30 days old

I ran the command on October 29. As you can see in the screenshot above, ABC-Update only lists updates that were released before September 29.

If you are ready to install the listed updates, you would run the following command:

ABC-Update also supports filtering by string and enables you to control reboots after installations and uninstalls. Below is a list of all available parameters, which you can display with ABC-Update /?.

Windows Update Command Line Wsus

Force Windows Update Command Line

Wsus Command Prompt

Users who have LIKED this post: