Trevor Sullivan's Tech Room

Minding the gap between administration and development

PowerShell: Override GPO and Detect Windows Updates

Posted by Trevor Sullivan on 2011/12/14


Introduction

If you’re using a workstation in an enterprise environment, there may be Active Directory Group Policy Object (GPO) settings forcing a certain behavior of the Microsoft Windows Update Agent (aka. Automatic Update Agent). You might be a power user who wants to actually ensure that their workstation is fully patched before the IT department releases patches according to their standard cycle. One option would be to ask your IT department to include you in the pilot group for software updates, but failing that option, you can temporarily override the GPO settings and force an updates detection.


PowerShell Script

First, we have to override the GPO settings so that the Windows Update Agent (WUA) can point to the Microsoft update servers instead of the internal update server. To do that, we delete the following registry key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate.

Remove-Item `
    -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate `
    -Force `
    -Recurse `
    -ErrorAction SilentlyContinue;

Next, we need to stop and restart the Automatic Updates (AU) service (aka. Windows Update Agent service).

Stop-Service -Name wuauserv;
Start-Service -Name wuauserv;

Finally, we use the Windows Update Agent COM (Component Object Model) API (Application Programming Interface) to invoke an update scan, similar to calling "wuauclt.exe /detectnow". Note the COM “Program ID” (ProgID) name, which is provided in the MSDN documentation.

(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow();

That’s it! Once you’ve done this, you should see the Windows Update icon appear momentarily in your notification area (formerly known as the "system tray" / systray). You can also monitor for activity in the %WINDIR%\WindowsUpdate.log file.

Here’s the complete script:

Remove-Item `
    -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate `
    -Force `
    -Recurse `
    -ErrorAction SilentlyContinue;
Stop-Service -Name wuauserv;
Start-Service -Name wuauserv;
(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow();

image

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: