none
Windows Update PowerShell Remoting

    질문

  • I am working on a script to do Windows Updates on a remote machine. I am using the runspace and powershell objects. I can query and recieve the list of updates, but as I go to download and install them I can an error which indicates that these methods cannot be run from remote computers. Should the object creation and everything be happening on the remote computer? I thought this was the whole idea of the remoting. Am I doing something wrong?
    2010년 2월 3일 수요일 오후 4:41

모든 응답

  • I tend to agree with what you're saying about how the remoting should work.  Can you provide more details/examples of what you're trying/seeing?
    2010년 2월 3일 수요일 오후 5:02
    중재자
  • function Get-WIAStatusValue($value)
    {
       switch -exact ($value)
       {
          0   {"NotStarted"}
          1   {"InProgress"}
          2   {"Succeeded"}
          3   {"SucceededWithErrors"}
          4   {"Failed"}
          5   {"Aborted"}
       } 
    }
    
    $needsReboot = $false
    $UpdateSession = New-Object -ComObject Microsoft.Update.Session
    $UpdateSearcher = $UpdateSession.CreateUpdateSearcher()
    
    Write-Host " - Searching for Updates"
    $SearchResult = $UpdateSearcher.Search("IsAssigned=1 and IsHidden=0 and IsInstalled=0")
    
    Write-Host " - Found [$($SearchResult.Updates.count)] Updates to Download and install"
    Write-Host
    
    foreach($Update in $SearchResult.Updates)
    {
       # Add Update to Collection
       $UpdatesCollection = New-Object -ComObject Microsoft.Update.UpdateColl
       if ( $Update.EulaAccepted -eq 0 ) { $Update.AcceptEula() }
       $UpdatesCollection.Add($Update) | out-null
    
       # Download
       Write-Host " + Downloading Update $($Update.Title)"
       $UpdatesDownloader = $UpdateSession.CreateUpdateDownloader()
       $UpdatesDownloader.Updates = $UpdatesCollection
       $DownloadResult = $UpdatesDownloader.Download()
       $Message = "   - Download {0}" -f (Get-WIAStatusValue $DownloadResult.ResultCode)
       Write-Host $message   
    
       # Install
       Write-Host "   - Installing Update"
       $UpdatesInstaller = $UpdateSession.CreateUpdateInstaller()
       $UpdatesInstaller.Updates = $UpdatesCollection
       $InstallResult = $UpdatesInstaller.Install()
       $Message = "   - Install {0}" -f (Get-WIAStatusValue $DownloadResult.ResultCode)
       Write-Host $message
       Write-Host
       
       $needsReboot = $installResult.rebootRequired   
    }
    
    if($needsReboot)
    {
        restart-computer
    }
    Remember I did not write this script but I got it from the internet, but it does work beautifully when you are local
    • 편집됨 AlexHutton 2010년 2월 3일 수요일 오후 6:19 making sure they know I didnt write this.
    2010년 2월 3일 수요일 오후 5:16
  • I put the code and the output above.

    I know I am connecting to the box and connecting well. I can get info about that computer, and the updates search returns the updates list for that could only be for that computer. But as you can see the createUpdateDownloader and createUpdateInstaller both give an error that according to MSDN is because I am running them from a remote computer
    2010년 2월 3일 수요일 오후 5:19
  • Oye!  The first thing I'm going to suggest is sticking with PowerShell scripting versus diving into C# to check this out first.  What kind of setup?  Is the "client" and "server" part of the same AD domain?


    2010년 2월 3일 수요일 오후 5:20
    중재자
  • Well it works the same either way, sorry for mixing the C# into it. But it is how I am using it. The code is run on the server X on Domain A, and it is executing it on Client Y, not on the domain. However, X calls into Y with a local admins credentials and does not have issues doing anything else we have done through this mechanism.
    2010년 2월 3일 수요일 오후 5:35
  • Just tried another way and had the script on the Client, and had the server just tell the client to execute its local copy of the script and I got the same responses.....
    2010년 2월 3일 수요일 오후 5:54
  • Sorry, I can't try it out right now...
    2010년 2월 3일 수요일 오후 6:23
    중재자
  • Hi,

    Have you tried PsExec tool? If not, please try to use it to execute remote script to test. You can run "psexec \\remotecomputer powershell wu.ps1"

    http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

    If there is any error, please let us know the detailed error message.

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    2010년 2월 4일 목요일 오전 5:45
    중재자
  • I tried it just to see what respnse I got, and psexec just hung with no respose once I got it actually connecting and getting the script. So no luck there, also PSExec wouldn't be a good solution. PowerShell remoting should do what PsExec does right? I want the benefits of PowerShell Remoting. I should not need code or scripts physically on the remote vm's that is the whole reason to move to remoting.
    2010년 2월 4일 목요일 오후 8:14
  • Just curious, but what OS are you using... I use PoSh for Sharepoint, and according to the scripting guy, remoting and SharePoint do not work so well, unless you have win7 and svr 2008...

    http://blogs.technet.com/heyscriptingguy/archive/2010/02/17/hey-scripting-guy-february-17-2010a.aspx

    Maybe if you are using 2003, you may have the same type of issue.
    2010년 3월 4일 목요일 오후 4:44
  • Thanks for the useful script mate, looking forward in executing this on all of my Windows Server 2003 OU :-)
    /* Windows Infrastructure Support Engineer */
    2010년 3월 8일 월요일 오전 2:14
  • Thanks for the script mate !

    looking forward for running this script on all of my Win2003 OU.

    Cheers !
    /* Windows Infrastructure Support Engineer */
    2010년 3월 8일 월요일 오전 2:14
  • This script works great but I would like to make a suggestion.

    Add $VerbosePreference = "Continue" to the top and then change all Write-Host with Write-Progress.  It has the same effect except instead of saying that it is downloading an update it is giving you a progress bar as well.  Updated script below. 



    $VerbosePreference = "Continue"
    $DebugPreference = "Stop"

    function Get-WIAStatusValue($value)
    {
       switch -exact ($value)
       {
          0   {"NotStarted"}
          1   {"InProgress"}
          2   {"Succeeded"}
          3   {"SucceededWithErrors"}
          4   {"Failed"}
          5   {"Aborted"}
       }
    }

    $needsReboot = $false
    $UpdateSession = New-Object -ComObject Microsoft.Update.Session
    $UpdateSearcher = $UpdateSession.CreateUpdateSearcher()

    Write-Progress " - Searching for Updates"
    $SearchResult = $UpdateSearcher.Search("IsAssigned=1 and IsHidden=0 and IsInstalled=0")

    Write-Verbose " - Found [$($SearchResult.Updates.count)] Updates to Download and install"


    foreach($Update in $SearchResult.Updates)
    {
       # Add Update to Collection
       $UpdatesCollection = New-Object -ComObject Microsoft.Update.UpdateColl
       if ( $Update.EulaAccepted -eq 0 ) { $Update.AcceptEula() }
       $UpdatesCollection.Add($Update) | out-null

       # Download
       Write-Progress " + Downloading Update $($Update.Title)"
       $UpdatesDownloader = $UpdateSession.CreateUpdateDownloader()
       $UpdatesDownloader.Updates = $UpdatesCollection
       $DownloadResult = $UpdatesDownloader.Download()
       $Message = "   - Download {0}" -f (Get-WIAStatusValue $DownloadResult.ResultCode)
       Write-Verbose $message   

       # Install
       Write-Progress "   - Installing Update"
       $UpdatesInstaller = $UpdateSession.CreateUpdateInstaller()
       $UpdatesInstaller.Updates = $UpdatesCollection
       $InstallResult = $UpdatesInstaller.Install()
       $Message = "   - Install {0}" -f (Get-WIAStatusValue $DownloadResult.ResultCode)
       Write-Verbose $message

       
       $needsReboot = $installResult.rebootRequired   
    }

    if($needsReboot)
    {
        Write-Debug "Restarting Computer please close all open apps"
        restart-computer
    }
    • 편집됨 Carlos052010 2012년 3월 8일 목요일 오후 12:55
    2012년 3월 8일 목요일 오후 12:20
  • Carlos,

    I am glad you liked the script, the reasons I used write-host and not show a progress bar is this script was intended to run on remote machines (QA Machines) in the middle of the night with no users logged in. It is meant as part of an automation framework and progress bars would only break the system.

    2012년 3월 8일 목요일 오후 1:02
  • did you ever figure out why remoting didn't work? does it have to do with needing admin rights on the remote client to install updates?
    2013년 4월 22일 월요일 오후 3:15
  • Hi,

    this is a security Feature, Windows Update with Powershell Remoting do not work.

    But here is a work a round:

    - save your Update Script on a Network Share
    - create remote on each System a Update Task with the Task sheduler

    SCHTASKS /Create /S $Computer /RU "{User}" /RP "{PASSWORT}" /RL HIGHEST /SC ONCE /ST 05:30 /TR 'powershell.exe -noProfile -ExecutionPolicy Bypass -File "\\{SHARE}\{Path}\{Script}"  /TN "{TaskName}"

    This Task can you now start remote

    SCHTASKS /Run /S $Computer /TN "{TaskName}"
    You can use for >SCHTASKS< in Powershell 3.0 the TaskScheduler CMDLETS for create the Tasks.

    Beste regards
    brima
     
    2013년 4월 22일 월요일 오후 5:34
  • did you ever figure out why remoting didn't work? does it have to do with needing admin rights on the remote client to install updates?

    PowerShell remoting doesn't work because it is still detected as a remote COM object creation, which is by design for security reasons. If you view the $host.name properties while using PowerShell remoting, comes back with ServerRemoteHost. A couple of options include using PSexec.exe (do not supply credentials as it goes across the network as cleartext) or creating a scheduled job like brima has shown. More information about these COM objects and the ones that are and are not "remote capable" are at the link below.

    http://msdn.microsoft.com/en-us/library/aa387288(v=vs.85).aspx


    Boe Prox
    Blog | PoshWSUS | PoshPAIG | PoshChat

    • 답변으로 제안됨 KazunMVP 2013년 4월 22일 월요일 오후 7:40
    2013년 4월 22일 월요일 오후 5:42
  • This whole concept is beyond odd.  I'm a domain admin, I'm properly authenticated, I've gone to the effort to enable powershell remoting in the first place - and I'm not allowed to run updates.  How is this any different than a Linux admin using ssh to connect and run 'apt-get' or 'yum' or whatever is appropriate to the distro?

    I'm connected as an admin, I can already do all kinds of damage so I'm not sure how this 'security feature' is implementing any real security.  Makes me wonder if this isn't come thinly veiled attempt to block this kind of usage and 'encourage' us to purchase whatever part of System Center will do this for me.

    Annoying...

    2013년 7월 9일 화요일 오후 9:19
  • Well said.
    2014년 4월 9일 수요일 오전 10:49