Patch Management Group

Expand all | Collapse all

PSWindowsUpdate Help - Trying to Spot Check Windows 10 Updates Without Installing Them

Jump to Best Answer
  • 1.  PSWindowsUpdate Help - Trying to Spot Check Windows 10 Updates Without Installing Them

    Posted 01-29-2019 01:12 PM

    We use Symantec to install windows 10 updates, but I like to have a 2nd opinion to confirm I'm installing updates Microsoft says I need.  Patch has been great for us, but from time to time there is a rules issue, etc.

    For 2 test win10 clients, Altiris/Symantec says I need to update to security update kb4480116, win10 Flash update, and Silverlight.

    It seems many use the Powershell WindowsUpdate module, so I wanted to give that a try (I'm testing locally running the powershell command on the device).

    To install it, I ran

    Install-PackageProvider -Name NuGet -Force
    
    Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
    
    Install-Module -Name PSWindowsUpdate -Force
    
    

    When I run Get-WindowsUpdate -MicrosoftUpdate, it only lists the silverlight update. I am perplexed why it wouldn't list 4480116. I am on targeted semi annual channel which should be approved for that update, I think.

    If I run nessus against the same client, it reports back kb4480116 but not flash or silverlight.

    What is everyone using to confirm Patch is installing all necessary (and not unneccessary) windows 10 patches get installed?  Am I the only paranoid person left?



  • 2.  RE: PSWindowsUpdate Help - Trying to Spot Check Windows 10 Updates Without Installing Them
    Best Answer

    Posted 01-30-2019 09:46 AM

    Nevermind, I figured this out.  If you use "defer quality updates" in advanced windows update settings, it won't offer you those updates even via powershell as applicable.  I set that to 0 on my test machine and now the powershell module is working as expected.