PowerShell: Override GPO and Detect Windows Updates
Posted by Trevor Sullivan on 2011/12/14
If you’re using a workstation in an enterprise environment, there may be Active Directory Group Policy Object (GPO) settings forcing a certain behavior of the Microsoft Windows Update Agent (aka. Automatic Update Agent). You might be a power user who wants to actually ensure that their workstation is fully patched before the IT department releases patches according to their standard cycle. One option would be to ask your IT department to include you in the pilot group for software updates, but failing that option, you can temporarily override the GPO settings and force an updates detection.
First, we have to override the GPO settings so that the Windows Update Agent (WUA) can point to the Microsoft update servers instead of the internal update server. To do that, we delete the following registry key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate.
Remove-Item ` -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate ` -Force ` -Recurse ` -ErrorAction SilentlyContinue;
Next, we need to stop and restart the Automatic Updates (AU) service (aka. Windows Update Agent service).
Stop-Service -Name wuauserv; Start-Service -Name wuauserv;
Finally, we use the Windows Update Agent COM (Component Object Model) API (Application Programming Interface) to invoke an update scan, similar to calling "wuauclt.exe /detectnow". Note the COM “Program ID” (ProgID) name, which is provided in the MSDN documentation.
(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow();
That’s it! Once you’ve done this, you should see the Windows Update icon appear momentarily in your notification area (formerly known as the "system tray" / systray). You can also monitor for activity in the %WINDIR%\WindowsUpdate.log file.
Here’s the complete script:
Remove-Item ` -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate ` -Force ` -Recurse ` -ErrorAction SilentlyContinue; Stop-Service -Name wuauserv; Start-Service -Name wuauserv; (New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow();