WSUS Updates with PowerShell and PDQ

WSUS Updates with PowerShell and PDQ

As System Administrators we are all tasked with scheduled Windows patching maintenance, and if you've ever had to rely on Microsoft update manager or

Remove Windows Bloatware
Packet Capture with PowerShell
RoboCopy Excel List of Directories

As System Administrators we are all tasked with scheduled Windows patching maintenance, and if you’ve ever had to rely on Microsoft update manager or some other third party applications you know the pain of ensuring that “ALL” updates get applied correctly, especially on the “FIRST” round! So I came up with a PowerShell solution that incorporates PDQ Deploy and PDQ Inventory to easy push to numerous systems in parallel. It can be run without PDQ, however I simply use it as a great method of deploying to large numbers of systems in parallel.

So how many of you are PAYING annual licensing fees to use Wuinstall? ( This solution can be used to do everything that they are doing and charging you for! Why waste the money??

* Requires PowerShell 5 and PSWindowsUpdate module.

The Code:

# Install required modules
Install-PackageProvider -Name NuGet -MinimumVersion -Force
Install-Module pswindowsupdate -force
Import-Module PSWindowsUpdate -force
# End installing required modules
# SMTP Email Configuration Settings
$from = ""
$to = "", ""
$smtp = "your smtp servername"
$sub = "$($env:COMPUTERNAME): Windows Updates Installed and Rebooted"
$sub1 = "$($env:COMPUTERNAME): No Updates Needed"
$body = "Server Windows Update Report"
$body1 = "No new updates found."
# This is needed if the smtp server requires authentication
$secpasswd = ConvertTo-SecureString "smtp password here" -asplaintext -force
# Define the email attachment report
$attachement = "c:\$(get-date -f yyyy-MM-dd)-WindowsUpdate.log"
$mycreds = New-Object System.Management.Automation.PSCredential ("smtp username", $secpasswd)
# Start WSUS updates
$updates = Get-wulist -verbose
$updatenumber = ($updates.kb).count
if ($updates -ne $null) {
Install-WindowsUpdate -AcceptAll -Install -AutoReboot | Out-File "c:\$(get-date -f yyyy-MM-dd)-WindowsUpdate.log" -force
# Now let's send the email report
Send-MailMessage -To $to -From $from -Subject $sub -Body $body -Attachments $attachement -Credential $mycreds -SmtpServer $smtp -DeliveryNotificationOption Never -BodyAsHtml -UseSsl
Send-MailMessage -To $to -From $from -Subject $sub1 -Body $body1 -Credential $mycreds -SmtpServer $smtp -DeliveryNotificationOption Never -BodyAsHtml -UseSsl 

You can set to no reboot after install by changing the -AutoReboot to -IgnoreReboot in this line:

Install-WindowsUpdate -AcceptAll -Install -AutoReboot | Out-File "c:\$(get-date -f yyyy-MM-dd)-WindowsUpdate.log" -force

I segregate my systems into a group in PDQ Inventory called “Install and Reboot”, this way in my PDQ package I can specify two steps, one for “No Reboot” and a second step for “Auto Reboot”.

You can see in the step above that I first check if PowerShell 5 is installed, if not then it will be installed. Which of the next two steps run are dependent on members of the “Install and Reboot” group.


  • comment-avatar

    Another thing I do is I have a step that creates a restore point before I apply updates, it’s saved my butt a few times:

    Enable-ComputerRestore -drive “c:\”
    Checkpoint-Computer -Description “Before Updates” -RestorePointType “MODIFY_SETTINGS”

  • comment-avatar
    Derek W 1 year

    This script is not working for me. Did something change with the latest version of Windows 10? All I get is the following message and then nothing happens:

    VERBOSE: <> (11/6/2019 1:13:25 PM): Connecting to Windows Update server. Please wait…

    When I run the commands directly on the computer I get an empty $updates list, even though if I go to the GUI I can see updates ready to be installed.

  • comment-avatar

    Have you verified that the PSWindowsUpdate module is installed?