none
Looking for a script that can get & install wsus updates from windowsupdate, not the local wsus server

    Question

  • I'm looking for a script that can download wsus updates from Windowsupdate, from a client that has SCCM agent installed and is under control of a local WSUS server.

    I want to bypass WUServer. This can be done by change this key, but this requires a reboot, so this is not a solution.

    HKLM\software\microsoft\policies\microsoft\Windowsupdate\AU

    key: UseWUServer Value 1, change to 0 to bypass.

    

    I have a script that can du this by contacting the local WSUS server. But I need a way to download patches that aren't deployed om my SCCM 2007 server. I'm using the Powershell PSWindowsUpdate module.

    The updates I need to download is the Exchange block and anto-spam updates, that reuires freqquent update.

    I would like to do this with a schedules script.

    
    Friday, July 05, 2013 9:27 PM

Answers

  • solved: the trick wa sto use -MicrosoftUpdate instead og -windowsupdate

    Example: download and installs updates with the text "antispam" or "Block list" in the title description.

    $UpdatesToInstall=

    "AntiSpam",

    "Block list"

    ForEach ($Up_dates in $UpDatestoInstall) {

    Get-WUInstall -MicroSoftUpdate -Accept -IgnoreUserInput -Verbose -Title $Up_Dates

    }

    

    Monday, July 08, 2013 9:23 AM

All replies

  • Well via the UI if you run windows update you can tell it to connect direct to Microsoft rather than WSUS.

    In terms of scripting it, check out http://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc#content which I think should do what you're looking for. There's a bit of a discussion here on the scripting guys blog http://blogs.technet.com/b/heyscriptingguy/archive/2012/11/08/use-a-powershell-module-to-run-windows-update.aspx .

    I haven't tested it, but from having a look at Get-WUInstal.ps1 from the gallery download one of the parameters "WindowsUpdate" seems to tell the script to use Windows Update as the source rather than the source configured via computer policy.

    Saturday, July 06, 2013 4:44 PM
  • Thanks for your feedback.

    The -windowsupdate switch dont seem to bypass the local WSUS server.

    I will continue investigating and update the post, if I find a solution.

    Monday, July 08, 2013 7:48 AM
  • solved: the trick wa sto use -MicrosoftUpdate instead og -windowsupdate

    Example: download and installs updates with the text "antispam" or "Block list" in the title description.

    $UpdatesToInstall=

    "AntiSpam",

    "Block list"

    ForEach ($Up_dates in $UpDatestoInstall) {

    Get-WUInstall -MicroSoftUpdate -Accept -IgnoreUserInput -Verbose -Title $Up_Dates

    }

    

    Monday, July 08, 2013 9:23 AM
  • This does not look to be correct info.  The answer appears to be to remove both -WindowsUpdates and also remove -MicrosoftUpdates. 

    I think WindowsUpdates applies to OS updates and MicrosoftUpdates applies to other Microsoft products like Office, Skype, etc.  I ran "Get-WUinstall -windowsupdate -acceptall -ignorereboot" from a server. I then noticed the server pulling down several updates that have not been approved on WSUS for servers(like IE11) and I ran a netstat and did not see a connection to our wsus server, that is specified in a GPO and in the registry on this server.  So I think both commands bypass and go out to Microsoft. I actually do want to use Get-WUInstall to go to my wsus server, but not seeing where I can pass that argument.  The only thing I care about is avoiding the mandatory reboots on some servers because we need it to run a special script when it reboots and trying to use this powershell command to help automate things. and will have a different script that is set for monthly reboots.

     

    Dave




    • Edited by DaveBryan37 Tuesday, December 01, 2015 9:06 PM
    • Proposed as answer by DaveBryan37 Tuesday, December 01, 2015 9:06 PM
    Tuesday, November 17, 2015 10:02 PM
  • if you do not enter an update source it should go to your default from the registry, although it does nto seem to work with SCCM as the server, not sure why.

    -- Adam

    Sunday, November 22, 2015 9:52 PM