We use Symantec to install windows 10 updates, but I like to have a 2nd opinion to confirm I'm installing updates Microsoft says I need. Patch has been great for us, but from time to time there is a rules issue, etc.
For 2 test win10 clients, Altiris/Symantec says I need to update to security update kb4480116, win10 Flash update, and Silverlight.
It seems many use the Powershell WindowsUpdate module, so I wanted to give that a try (I'm testing locally running the powershell command on the device).
To install it, I ran
Install-PackageProvider -Name NuGet -Force
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
Install-Module -Name PSWindowsUpdate -Force
When I run Get-WindowsUpdate -MicrosoftUpdate, it only lists the silverlight update. I am perplexed why it wouldn't list 4480116. I am on targeted semi annual channel which should be approved for that update, I think.
If I run nessus against the same client, it reports back kb4480116 but not flash or silverlight.
What is everyone using to confirm Patch is installing all necessary (and not unneccessary) windows 10 patches get installed? Am I the only paranoid person left?
Nevermind, I figured this out. If you use "defer quality updates" in advanced windows update settings, it won't offer you those updates even via powershell as applicable. I set that to 0 on my test machine and now the powershell module is working as expected.