I am working on a script to do Windows Updates on a remote machine. I am using the runspace and powershell objects. I can query and recieve the list of updates, but as I go to download and install them I can an error which indicates that these methods cannot be run from remote computers. Should the object creation and everything be happening on the remote computer? I thought this was the whole idea of the remoting. Am I doing something wrong?

I tend to agree with what you're saying about how the remoting should work.  Can you provide more details/examples of what you're trying/seeing?

function Get-WIAStatusValue($value)
{
   switch -exact ($value)
   {
      0   {"NotStarted"}
      1   {"InProgress"}
      2   {"Succeeded"}
      3   {"SucceededWithErrors"}
      4   {"Failed"}
      5   {"Aborted"}
   } 
}

$needsReboot = $false
$UpdateSession = New-Object -ComObject Microsoft.Update.Session
$UpdateSearcher = $UpdateSession.CreateUpdateSearcher()

Write-Host " - Searching for Updates"
$SearchResult = $UpdateSearcher.Search("IsAssigned=1 and IsHidden=0 and IsInstalled=0")

Write-Host " - Found [$($SearchResult.Updates.count)] Updates to Download and install"
Write-Host

foreach($Update in $SearchResult.Updates)
{
   # Add Update to Collection
   $UpdatesCollection = New-Object -ComObject Microsoft.Update.UpdateColl
   if ( $Update.EulaAccepted -eq 0 ) { $Update.AcceptEula() }
   $UpdatesCollection.Add($Update) | out-null

   # Download
   Write-Host " + Downloading Update $($Update.Title)"
   $UpdatesDownloader = $UpdateSession.CreateUpdateDownloader()
   $UpdatesDownloader.Updates = $UpdatesCollection
   $DownloadResult = $UpdatesDownloader.Download()
   $Message = "   - Download {0}" -f (Get-WIAStatusValue $DownloadResult.ResultCode)
   Write-Host $message   

   # Install
   Write-Host "   - Installing Update"
   $UpdatesInstaller = $UpdateSession.CreateUpdateInstaller()
   $UpdatesInstaller.Updates = $UpdatesCollection
   $InstallResult = $UpdatesInstaller.Install()
   $Message = "   - Install {0}" -f (Get-WIAStatusValue $DownloadResult.ResultCode)
   Write-Host $message
   Write-Host
   
   $needsReboot = $installResult.rebootRequired   
}

if($needsReboot)
{
    restart-computer
}

Remember I did not write this script but I got it from the internet, but it does work beautifully when you are local

I put the code and the output above.

I know I am connecting to the box and connecting well. I can get info about that computer, and the updates search returns the updates list for that could only be for that computer. But as you can see the createUpdateDownloader and createUpdateInstaller both give an error that according to MSDN is because I am running them from a remote computer

Oye!  The first thing I'm going to suggest is sticking with PowerShell scripting versus diving into C# to check this out first.  What kind of setup?  Is the "client" and "server" part of the same AD domain?

Well it works the same either way, sorry for mixing the C# into it. But it is how I am using it. The code is run on the server X on Domain A, and it is executing it on Client Y, not on the domain. However, X calls into Y with a local admins credentials and does not have issues doing anything else we have done through this mechanism.

Just tried another way and had the script on the Client, and had the server just tell the client to execute its local copy of the script and I got the same responses.....

Sorry, I can't try it out right now...

Hi,

Have you tried PsExec tool? If not, please try to use it to execute remote script to test. You can run "psexec \\remotecomputer powershell wu.ps1"

http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

If there is any error, please let us know the detailed error message.

Thanks.

I tried it just to see what respnse I got, and psexec just hung with no respose once I got it actually connecting and getting the script. So no luck there, also PSExec wouldn't be a good solution. PowerShell remoting should do what PsExec does right? I want the benefits of PowerShell Remoting. I should not need code or scripts physically on the remote vm's that is the whole reason to move to remoting.

Just curious, but what OS are you using... I use PoSh for Sharepoint, and according to the scripting guy, remoting and SharePoint do not work so well, unless you have win7 and svr 2008...

http://blogs.technet.com/heyscriptingguy/archive/2010/02/17/hey-scripting-guy-february-17-2010a.aspx

Maybe if you are using 2003, you may have the same type of issue.

Thanks for the useful script mate, looking forward in executing this on all of my Windows Server 2003 OU :-)

Thanks for the script mate !

looking forward for running this script on all of my Win2003 OU.

Cheers !

This script works great but I would like to make a suggestion.

Add $VerbosePreference = "Continue" to the top and then change all Write-Host with Write-Progress.  It has the same effect except instead of saying that it is downloading an update it is giving you a progress bar as well.  Updated script below. 

$VerbosePreference = "Continue"
$DebugPreference = "Stop"

function Get-WIAStatusValue($value)
{
   switch -exact ($value)
   {
      0   {"NotStarted"}
      1   {"InProgress"}
      2   {"Succeeded"}
      3   {"SucceededWithErrors"}
      4   {"Failed"}
      5   {"Aborted"}
   }
}

$needsReboot = $false
$UpdateSession = New-Object -ComObject Microsoft.Update.Session
$UpdateSearcher = $UpdateSession.CreateUpdateSearcher()

Write-Progress " - Searching for Updates"
$SearchResult = $UpdateSearcher.Search("IsAssigned=1 and IsHidden=0 and IsInstalled=0")

Write-Verbose " - Found [$($SearchResult.Updates.count)] Updates to Download and install"


foreach($Update in $SearchResult.Updates)
{
   # Add Update to Collection
   $UpdatesCollection = New-Object -ComObject Microsoft.Update.UpdateColl
   if ( $Update.EulaAccepted -eq 0 ) { $Update.AcceptEula() }
   $UpdatesCollection.Add($Update) | out-null

   # Download
   Write-Progress " + Downloading Update $($Update.Title)"
   $UpdatesDownloader = $UpdateSession.CreateUpdateDownloader()
   $UpdatesDownloader.Updates = $UpdatesCollection
   $DownloadResult = $UpdatesDownloader.Download()
   $Message = "   - Download {0}" -f (Get-WIAStatusValue $DownloadResult.ResultCode)
   Write-Verbose $message   

   # Install
   Write-Progress "   - Installing Update"
   $UpdatesInstaller = $UpdateSession.CreateUpdateInstaller()
   $UpdatesInstaller.Updates = $UpdatesCollection
   $InstallResult = $UpdatesInstaller.Install()
   $Message = "   - Install {0}" -f (Get-WIAStatusValue $DownloadResult.ResultCode)
   Write-Verbose $message

   
   $needsReboot = $installResult.rebootRequired   
}

if($needsReboot)
{
    Write-Debug "Restarting Computer please close all open apps"
    restart-computer
}

Carlos,

I am glad you liked the script, the reasons I used write-host and not show a progress bar is this script was intended to run on remote machines (QA Machines) in the middle of the night with no users logged in. It is meant as part of an automation framework and progress bars would only break the system.

did you ever figure out why remoting didn't work? does it have to do with needing admin rights on the remote client to install updates?

Hi,

this is a security Feature, Windows Update with Powershell Remoting do not work.

But here is a work a round:

- save your Update Script on a Network Share
- create remote on each System a Update Task with the Task sheduler

SCHTASKS /Create /S $Computer /RU "{User}" /RP "{PASSWORT}" /RL HIGHEST /SC ONCE /ST 05:30 /TR 'powershell.exe -noProfile -ExecutionPolicy Bypass -File "\\{SHARE}\{Path}\{Script}"  /TN "{TaskName}"

This Task can you now start remote

SCHTASKS /Run /S $Computer /TN "{TaskName}"

You can use for >SCHTASKS< in Powershell 3.0 the TaskScheduler CMDLETS for create the Tasks.

Beste regards
brima
 

did you ever figure out why remoting didn't work? does it have to do with needing admin rights on the remote client to install updates?

PowerShell remoting doesn't work because it is still detected as a remote COM object creation, which is by design for security reasons. If you view the $host.name properties while using PowerShell remoting, comes back with ServerRemoteHost. A couple of options include using PSexec.exe (do not supply credentials as it goes across the network as cleartext) or creating a scheduled job like brima has shown. More information about these COM objects and the ones that are and are not "remote capable" are at the link below.

http://msdn.microsoft.com/en-us/library/aa387288(v=vs.85).aspx

This whole concept is beyond odd.  I'm a domain admin, I'm properly authenticated, I've gone to the effort to enable powershell remoting in the first place - and I'm not allowed to run updates.  How is this any different than a Linux admin using ssh to connect and run 'apt-get' or 'yum' or whatever is appropriate to the distro?

I'm connected as an admin, I can already do all kinds of damage so I'm not sure how this 'security feature' is implementing any real security.  Makes me wonder if this isn't come thinly veiled attempt to block this kind of usage and 'encourage' us to purchase whatever part of System Center will do this for me.

Annoying...