none
Windows Update PowerShell Remoting RRS feed

  • Question

  • I am working on a script to do Windows Updates on a remote machine. I am using the runspace and powershell objects. I can query and recieve the list of updates, but as I go to download and install them I can an error which indicates that these methods cannot be run from remote computers. Should the object creation and everything be happening on the remote computer? I thought this was the whole idea of the remoting. Am I doing something wrong?
    Wednesday, February 3, 2010 4:41 PM

All replies

  • I tend to agree with what you're saying about how the remoting should work.  Can you provide more details/examples of what you're trying/seeing?
    Wednesday, February 3, 2010 5:02 PM
    Moderator
  • function Get-WIAStatusValue($value)
    {
       switch -exact ($value)
       {
          0   {"NotStarted"}
          1   {"InProgress"}
          2   {"Succeeded"}
          3   {"SucceededWithErrors"}
          4   {"Failed"}
          5   {"Aborted"}
       } 
    }
    
    $needsReboot = $false
    $UpdateSession = New-Object -ComObject Microsoft.Update.Session
    $UpdateSearcher = $UpdateSession.CreateUpdateSearcher()
    
    Write-Host " - Searching for Updates"
    $SearchResult = $UpdateSearcher.Search("IsAssigned=1 and IsHidden=0 and IsInstalled=0")
    
    Write-Host " - Found [$($SearchResult.Updates.count)] Updates to Download and install"
    Write-Host
    
    foreach($Update in $SearchResult.Updates)
    {
       # Add Update to Collection
       $UpdatesCollection = New-Object -ComObject Microsoft.Update.UpdateColl
       if ( $Update.EulaAccepted -eq 0 ) { $Update.AcceptEula() }
       $UpdatesCollection.Add($Update) | out-null
    
       # Download
       Write-Host " + Downloading Update $($Update.Title)"
       $UpdatesDownloader = $UpdateSession.CreateUpdateDownloader()
       $UpdatesDownloader.Updates = $UpdatesCollection
       $DownloadResult = $UpdatesDownloader.Download()
       $Message = "   - Download {0}" -f (Get-WIAStatusValue $DownloadResult.ResultCode)
       Write-Host $message   
    
       # Install
       Write-Host "   - Installing Update"
       $UpdatesInstaller = $UpdateSession.CreateUpdateInstaller()
       $UpdatesInstaller.Updates = $UpdatesCollection
       $InstallResult = $UpdatesInstaller.Install()
       $Message = "   - Install {0}" -f (Get-WIAStatusValue $DownloadResult.ResultCode)
       Write-Host $message
       Write-Host
       
       $needsReboot = $installResult.rebootRequired   
    }
    
    if($needsReboot)
    {
        restart-computer
    }
    Remember I did not write this script but I got it from the internet, but it does work beautifully when you are local
    • Edited by AlexHutton Wednesday, February 3, 2010 6:19 PM making sure they know I didnt write this.
    Wednesday, February 3, 2010 5:16 PM
  • I put the code and the output above.

    I know I am connecting to the box and connecting well. I can get info about that computer, and the updates search returns the updates list for that could only be for that computer. But as you can see the createUpdateDownloader and createUpdateInstaller both give an error that according to MSDN is because I am running them from a remote computer
    Wednesday, February 3, 2010 5:19 PM
  • Oye!  The first thing I'm going to suggest is sticking with PowerShell scripting versus diving into C# to check this out first.  What kind of setup?  Is the "client" and "server" part of the same AD domain?


    Wednesday, February 3, 2010 5:20 PM
    Moderator
  • Well it works the same either way, sorry for mixing the C# into it. But it is how I am using it. The code is run on the server X on Domain A, and it is executing it on Client Y, not on the domain. However, X calls into Y with a local admins credentials and does not have issues doing anything else we have done through this mechanism.
    Wednesday, February 3, 2010 5:35 PM
  • Just tried another way and had the script on the Client, and had the server just tell the client to execute its local copy of the script and I got the same responses.....
    Wednesday, February 3, 2010 5:54 PM
  • Sorry, I can't try it out right now...
    Wednesday, February 3, 2010 6:23 PM
    Moderator
  • Hi,

    Have you tried PsExec tool? If not, please try to use it to execute remote script to test. You can run "psexec \\remotecomputer powershell wu.ps1"

    http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

    If there is any error, please let us know the detailed error message.

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, February 4, 2010 5:45 AM
  • I tried it just to see what respnse I got, and psexec just hung with no respose once I got it actually connecting and getting the script. So no luck there, also PSExec wouldn't be a good solution. PowerShell remoting should do what PsExec does right? I want the benefits of PowerShell Remoting. I should not need code or scripts physically on the remote vm's that is the whole reason to move to remoting.
    Thursday, February 4, 2010 8:14 PM
  • Just curious, but what OS are you using... I use PoSh for Sharepoint, and according to the scripting guy, remoting and SharePoint do not work so well, unless you have win7 and svr 2008...

    http://blogs.technet.com/heyscriptingguy/archive/2010/02/17/hey-scripting-guy-february-17-2010a.aspx

    Maybe if you are using 2003, you may have the same type of issue.
    Thursday, March 4, 2010 4:44 PM
  • Thanks for the useful script mate, looking forward in executing this on all of my Windows Server 2003 OU :-)
    /* Windows Infrastructure Support Engineer */
    Monday, March 8, 2010 2:14 AM
  • Thanks for the script mate !

    looking forward for running this script on all of my Win2003 OU.

    Cheers !
    /* Windows Infrastructure Support Engineer */
    Monday, March 8, 2010 2:14 AM
  • This script works great but I would like to make a suggestion.

    Add $VerbosePreference = "Continue" to the top and then change all Write-Host with Write-Progress.  It has the same effect except instead of saying that it is downloading an update it is giving you a progress bar as well.  Updated script below. 



    $VerbosePreference = "Continue"
    $DebugPreference = "Stop"

    function Get-WIAStatusValue($value)
    {
       switch -exact ($value)
       {
          0   {"NotStarted"}
          1   {"InProgress"}
          2   {"Succeeded"}
          3   {"SucceededWithErrors"}
          4   {"Failed"}
          5   {"Aborted"}
       }
    }

    $needsReboot = $false
    $UpdateSession = New-Object -ComObject Microsoft.Update.Session
    $UpdateSearcher = $UpdateSession.CreateUpdateSearcher()

    Write-Progress " - Searching for Updates"
    $SearchResult = $UpdateSearcher.Search("IsAssigned=1 and IsHidden=0 and IsInstalled=0")

    Write-Verbose " - Found [$($SearchResult.Updates.count)] Updates to Download and install"


    foreach($Update in $SearchResult.Updates)
    {
       # Add Update to Collection
       $UpdatesCollection = New-Object -ComObject Microsoft.Update.UpdateColl
       if ( $Update.EulaAccepted -eq 0 ) { $Update.AcceptEula() }
       $UpdatesCollection.Add($Update) | out-null

       # Download
       Write-Progress " + Downloading Update $($Update.Title)"
       $UpdatesDownloader = $UpdateSession.CreateUpdateDownloader()
       $UpdatesDownloader.Updates = $UpdatesCollection
       $DownloadResult = $UpdatesDownloader.Download()
       $Message = "   - Download {0}" -f (Get-WIAStatusValue $DownloadResult.ResultCode)
       Write-Verbose $message   

       # Install
       Write-Progress "   - Installing Update"
       $UpdatesInstaller = $UpdateSession.CreateUpdateInstaller()
       $UpdatesInstaller.Updates = $UpdatesCollection
       $InstallResult = $UpdatesInstaller.Install()
       $Message = "   - Install {0}" -f (Get-WIAStatusValue $DownloadResult.ResultCode)
       Write-Verbose $message

       
       $needsReboot = $installResult.rebootRequired   
    }

    if($needsReboot)
    {
        Write-Debug "Restarting Computer please close all open apps"
        restart-computer
    }
    Thursday, March 8, 2012 12:20 PM
  • Carlos,

    I am glad you liked the script, the reasons I used write-host and not show a progress bar is this script was intended to run on remote machines (QA Machines) in the middle of the night with no users logged in. It is meant as part of an automation framework and progress bars would only break the system.

    Thursday, March 8, 2012 1:02 PM
  • did you ever figure out why remoting didn't work? does it have to do with needing admin rights on the remote client to install updates?
    Monday, April 22, 2013 3:15 PM
  • Hi,

    this is a security Feature, Windows Update with Powershell Remoting do not work.

    But here is a work a round:

    - save your Update Script on a Network Share
    - create remote on each System a Update Task with the Task sheduler

    SCHTASKS /Create /S $Computer /RU "{User}" /RP "{PASSWORT}" /RL HIGHEST /SC ONCE /ST 05:30 /TR 'powershell.exe -noProfile -ExecutionPolicy Bypass -File "\\{SHARE}\{Path}\{Script}"  /TN "{TaskName}"

    This Task can you now start remote

    SCHTASKS /Run /S $Computer /TN "{TaskName}"
    You can use for >SCHTASKS< in Powershell 3.0 the TaskScheduler CMDLETS for create the Tasks.

    Beste regards
    brima
     
    Monday, April 22, 2013 5:34 PM
  • did you ever figure out why remoting didn't work? does it have to do with needing admin rights on the remote client to install updates?

    PowerShell remoting doesn't work because it is still detected as a remote COM object creation, which is by design for security reasons. If you view the $host.name properties while using PowerShell remoting, comes back with ServerRemoteHost. A couple of options include using PSexec.exe (do not supply credentials as it goes across the network as cleartext) or creating a scheduled job like brima has shown. More information about these COM objects and the ones that are and are not "remote capable" are at the link below.

    http://msdn.microsoft.com/en-us/library/aa387288(v=vs.85).aspx


    Boe Prox
    Blog | PoshWSUS | PoshPAIG | PoshChat

    • Proposed as answer by Kazun Monday, April 22, 2013 7:40 PM
    Monday, April 22, 2013 5:42 PM
  • This whole concept is beyond odd.  I'm a domain admin, I'm properly authenticated, I've gone to the effort to enable powershell remoting in the first place - and I'm not allowed to run updates.  How is this any different than a Linux admin using ssh to connect and run 'apt-get' or 'yum' or whatever is appropriate to the distro?

    I'm connected as an admin, I can already do all kinds of damage so I'm not sure how this 'security feature' is implementing any real security.  Makes me wonder if this isn't come thinly veiled attempt to block this kind of usage and 'encourage' us to purchase whatever part of System Center will do this for me.

    Annoying...

    Tuesday, July 9, 2013 9:19 PM
  • Well said.
    Wednesday, April 9, 2014 10:49 AM