PS C:\util> Enter-PSSession -ComputerName tgcs004
[tgcs004]: PS C:\Users\Thomas R Grassi Jr\Documents> install-windowsupdate -ACCEPTALL -autoreboot -verbose
WARNING: Support local instance only, Continue…
VERBOSE: Connecting to Windows Server Update Service server. Please wait…
VERBOSE: Found [4] Updates in pre search criteria
VERBOSE: Found [4] Updates in post search criteria
X Status KB Size Title
2 Accepted KB890830 4 MB Windows Malicious Software Removal Tool x64 - June 2019 (KB890830)
2 Accepted KB4503290 57 MB 2019-06 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems …
2 Accepted KB4503259 55 MB 2019-06 Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2…
2 Accepted KB4503276 456 MB 2019-06 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Syste…
VERBOSE: Accept [4] Updates to Download
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
At C:\windows\system32\windowspowershell\v1.0\Modules\PSWindowsUpdate\1.5.2.2\Get-WUInstall.ps1:807 char:5
The property ‘Updates’ cannot be found on this object. Verify that the property exists and can be set.
At C:\windows\system32\windowspowershell\v1.0\Modules\PSWindowsUpdate\1.5.2.2\Get-WUInstall.ps1:808 char:5
It looks like you should be using Invoke-WUInstall (from the PSWindowsUpdate module) to get the results you want. Install-WindowsUpdate appears to be an alias included with that module, but I’m not sure what function it is specifically aliased to, so you should try Invoke-WUInstall directly as explained in that blog.
PS C:\util> Invoke-WUInstall -ComputerName TGCS005-N1 -Script {ipmo PSWindowsUpdate; Get-WUInstall -AcceptAll | Out-File
C:\PSWindowsUpdate.log } -Confirm:$false –Verbose
Invoke-WUInstall : The term ‘Invoke-WUInstall’ is not recognized as the name of a cmdlet, function, script file, or
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
At line:1 char:1
VERBOSE: TGCS002-2016 (6/15/2019 8:08:00 PM): Connecting to Windows Server Update Service
(http://wsus.our.network.tgcsnet.com:8530) server. Please wait…
VERBOSE: Found [3] Updates in pre search criteria
VERBOSE: Found [3] Updates in post search criteria
VERBOSE: Accepted [3] Updates ready to Download
install-windowsupdate : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
At C:\util\wu.ps1:2 char:1
VERBOSE: TGCS002-2016 (6/15/2019 8:20:43 PM): Connecting to Windows Server Update Service
(http://wsus.our.network.tgcsnet.com:8530) server. Please wait…
VERBOSE: Found [3] Updates in pre search criteria
VERBOSE: Found [3] Updates in post search criteria
VERBOSE: Accepted [3] Updates ready to Download
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
You can use Set-PSWUSettings to use a credential and use the output with Install-WindowsUpdate -PSWUSettings. Otherwise it could be related to double hoping issue. Better if you can read the enable credential delegation. You can refer below documentation.
Oh, right, he’s referring to an older version of PSWindowsUpdate in that blog post (specifically 1.5.2.6). You could try installing the older version of the module to get the Invoke-WUInstall command if you want. But, upon further reading it seems that command is actually a bit of a kludge, so at-your-own-risk.
There are a lot of barriers in place to prevent you from forcing a Windows update remotely, placed there by Microsoft. Theoretically this is for “security reasons”, but that seems a bit hypocritical when M$ has demonstrated the ability to force install updates and reboot user machines without the user’s permission. It’s possible to do what you want, but you shouldn’t expect it to be straightforward, because M$ has specifically taken steps to prevent it. Sysadmins used to rely on wuacult, but M$ has removed that functionality.
I would still recommend USOClient, specifically using ScanInstallWait and then RestartDevice. I can confirm that it works on Windows 10 up to r1803.
kvprasoon is probably correct that the ‘Permission Denied’ error is due to the double-hop problem. Solving this problem for your network may allow you to use Install-WindowsUpdate remotely as you originally wanted to, but I don’t recommend CredSSP because of security concerns. It can be done securely with Kerberos, but you should read that blog thoroughly and understand exactly how that method would apply to your network. With so many different versions of Windows running, if you do it wrong you’ll expose your system to security problems.
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
PS C:\util> Install-WindowsUpdate -ComputerName $Server -PSWUSettings $PSWUSettings -ACCEPTALL -autoreboot -verbose
Get-WindowsUpdate : Cannot convert ‘’ to the type ‘System.Collections.Hashtable’ required by parameter ‘PSWUSettings’.
Specified method is not supported.
At line:1 char:59