Windows Update using PowerShell

Introduction

They say that dementia is being diagnosed in younger people. Trust me I can believe that statement, because I’ve spent the past couple of weeks banging my head against a brick wall just because people have been told by others to disable User Account Control (UAC) and modified their update settings.

The reality is that a few people who should know better, trust me they should know a lot better, has taken a telephone call from Microsoft engineers who have advised them that they have a serious security issue with their computer and need to run a program that will be sent to them via e-mail. But in order to run the program they need to disable User Account Control (UAC). Once they have given their e-mail address, they are told that the program has been sent to them. Whilst they are still talking to the Microsoft engineer, who has called them by the way, they mentioned that the e-mail had not arrived. They were advised to check their spam folder, and move the e-mail into their inbox and save the attachment before running the program.

Once they have run the program the caller says that the security issue has been resolved and after completing a quick telephone survey the caller has rung off, and they are left alone to happily use their compromised system.

One lady asked for help when she noticed that her computer would not connect to the internet, she thought “that the Microsoft engineer who called had possibly caused that issue, because she could surf the web before”

At least two of the computers I’ve worked upon, in the past couple of weeks, belong to system administrators, or senior IT managers who should know better.

Am I really surprised by this?

The easy answer is NO, because I know a very senior Infrastructural System Security Manager who once clicked upon a message that arrived through his corporate messenger system saying that the person – who he had never met or previously communicated with, had a picture of his Mother. Then wondered why his system became infected. Honestly I did not laugh loud enough; but I was also stunned both at the logic behind his stupidity and blind logic, that the message arrived through his corporate messenger and he knew that his computer system was so secure it could not be hacked.

I am stunned though by the number of people, who many would consider to be very educated and should know better, who will blindly accept the explanation that a Microsoft engineer will call them personally in order to resolve a very severe security issue.

I have to admit that the person who said they had lost money out of their bank account did report the situation to the police, and suffered the embarrassment of having to admit that they were stupid. Needless to say that I swapped out the hard drive and rebuilt the system. Whilst somewhat nasty, that person will – hopefully – never repeat that mistake again.

The result is that I’ve spent a while working on several other systems. A brief check-up found that the anti-virus software had been disabled, and a check-up concerning downloaded updates showed that the systems had not clip_image001been updated since patch-Tuesday in August.

If you happen to receive a telephone call from a Microsoft Professional who is offering to resolve a very serious security issue, please do what my other half does & tell them that you are running a Raspberry Pi, or PC-BSD.

PowerShell is a powerful tool

Clicking away at the command line gave a few answers, but PowerShell (PS) provided the answer to the problem.

I first used PS back in 2006, as it was introduced during the beta testing of Windows Vista. I hold my hands in the air and admit that I am the world’s worst scripter; & there are many who will testify to this statement. Whilst I am happy working with the command line, I felt uncomfortable using PS and shied away from using it.

What I failed to realise was that PowerShell offered a very powerful management interface to the user. It was only last year that I realised my mistake, and where I would stumble around PowerShell, using it as a convenient variant of the command line this time PowerShell provided the solution very quickly and I have started to appreciate that it was a powerful tool. Today I’m a lot more appreciative, and use it more often.

Windows Update using PowerShell

Okay, as I’ve already mentioned I am not a scripter so please forgive the long windedness of this post as I try and explain what I did. If you are still reading this I believe that you have a little knowledge concerning PowerShell – although that is not essential.

Rightio, it’s time to fill that flagon with a caffeine infused beverage …

Back in 2014 I was looking for another answer and stumbled across a post written by Michal Gaida who wrote a group of versatile scripts that have been bundled into the Windows Update Module for PowerShell that was posted upon the ‘Scripting Guys’ website (https://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc).

Download PSWindowsUpdate.zip

Download the ‘PSWindowsUpdate.zip’, once the file has downloaded right-click the .zip file and select ‘Extract Here’

  • %USERPROFILE%\Downloads\PSWindowsUpdate

Once the file has been extracted you need to launch PowerShell with ‘Administrator’ privileges. Once PowerShell has launched you need to modify the execution policy

  • Set-ExecutionPolicy Unrestricted

Or

  • Set-ExecutionPolicy RemoteSigned

Click ‘Yes’ or ‘Yes to All’

Now that you have extracted the file, you need to copy the folder to the modules folder. Yes there are a few ways that this can be achieved, either using Windows Explorer, the command line or because we already have PowerShell open we will use PowerShell.

Type the command

  • Copy-Item –Path “C:\Users\yourprofile\Downloads\PSWindowsUpdate” –Destination “C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSWindowsUpdate” –Recurse –Force

This command is equivalent to either of the following commands entered at the command prompt (using Administrative privileges)

  • XCopy %UserProfile%\Downloads\PSWindowsUpdate\*.* %WinDir%\System32\WindowsPowerShell\v1.0\Modules\*.* /h/i/c/k/e/r/y

Or

  • RoboCopy %UserProfile%\Downloads\PSWindowsUpdate\ %WinDir%\System32\WindowsPowerShell\v1.0\Modules\ /CopyAll /E /R:0

Unblocking the extracted file

Unblock2Now that you have copied the folder, and its contents, to the Modules folder you need to Unblock the folder. Although you have modified the execution policy you are still likely to receive ‘security warnings’ when you attempt to execute the commands. This is because PowerShell uses Internet Explorer’s zone settings, and the file that you have downloaded, extracted and copied, is marked as being delivered from the Internet Zone.

Again there are a couple of ways of ‘Unblocking’ the folder, and its contents,

The way to achieve this through PowerShell is

  • Get-ChildItem C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSWindowsUpdate -recurse | unblock-file

Note

  • The command Get-ChildItem can be abbreviated to ‘GCI’ or ‘gci’
  • The ‘-Recurse’ switch unblocks parent and child folders. If this argument is omitted the child folders, and their contents, will be ignored and only those files held within the parent directory will be unblocked

If you are using the command line “Takeown /f:” C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSWindowsUpdate\*.*” /R

Note

/R is Recurse, and instructs the Takeown command to operate on files within the specified parent and child directories

You can also use Windows Explorer and navigate to the “C:\Windows\System32\WindowsPowerShell\v1.0\Modules” folder, right-click the “PSWindowsUpdate” folder selecting Properties, and then click ‘Unblock’ then OK.

Importing the module

Now that the files have been copied, and unblocked, you need to import the shared module in order to run the command. This is achieved by

  • Import-Module C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSWindowsUpdate

The command Import-Module can be abbreviated using ‘ipmo’ instead of Import-Module.

Running Windows Update using PowerShell

Now that you have imported PSWindowsUpdate you need to know which commands are available to you. In order to achieve this you need to use the command

  • Get-Command –Module PSWindows*

Or

  • GCM –Module PSWindows*

Firstly you need to know what updates are available, this can be achieved by running

  • Get-WUList –MicrosoftUpdate

clip_image004

Then to download and install the available updates you need to run one of the following commands

  • Get-WUInstall
  • Get-WUInstall –AcceptAll –Verbose Software
  • Get-WUInstall –AcceptAll –Verbose Driver
  • Get-WUInstall –AcceptAll –AutoReboot -Verbose

clip_image005

clip_image006

clip_image007

clip_image008

Advertisements

Windows Defender Update and Scan using PowerShell

Throughout this post I have written the text that you need to type in bold and Purple.

If you receive an error whilst running PowerShell explaining that you cannot execute the command due to restrictions, type “Set-ExecutionPolicy Unrestricted” and then press “Y” or “A” in answer to the question. This command removes qny restrictions that will have been set.

I received a frantic telephone call from a friend during the weekend. They were calling for help because their Windows Defender could not be updated using had been turned off, and when they managed to turn it back-on they could not update the signatures, nor could they scan their computer.

Alright, they are not the first person that this has happened to, and I doubt that they will be the last either.

A few years back I helped someone else who had a similar issue, and used PowerShell to resolve the issue.

Firstly you need to launch PowerShell

  • · Click on Search (Win 7), “Win+C” (Win 8x) or Cortana (Win 10) and type “PowerShell
  • · Now right-click Windows PowerShell and select “Run as Administrator”

cortana

Alternatively in Win 8x & Win 10 press the “Win Key + R” and type (with quotations) “%userprofile%\appdata\roaming\microsoft\windows\start menu\programs\windows powershell”. Then right-click Windows PowerShell and select “Run as Administrator”

Now that you have opened Windows PowerShell, the fun begins

Firstly, we need to know when your Windows Defender signature was last updated

Type “get-mpcomputerstatus | select *updated, *version” – This command will give you information concerning the last time your virus signature was updated. You can repeat this command, by pressing the up-arrow until it is shown, once the virus signature has been updated (below) to confirm that the signature has been updated.

get-mpcomputerstatus_updated_version

To update your virus signature type “Update-MpSignature

Signature_Update

Once your signature has been updated you are now able to initiate an anti-virus scan using Windows Defender through the PowerShell command-line.

The command “Start-MpScan” also allows you to state what type of scan you wish to initiate, as well as the scan path; which can be the system hard drive (C:\), a folder or even a remote UNC path

  • · FullScan
  • · QuickScan
  • · CustomScan

Type “Start-MpScan –ScanType FullScan” .. or “Start-MpScan –ScanType QuickScan

scan

That’s it folks, I can’t really make it any more complicated than that. It’s sweet and simple.

Just for information

A while back Microsoft launched “Windows Defender Offline”, which can be downloaded from Windows Defender Offline – Instructions & Download. This website also contains instructions upon how to use the package.

Extract the .wim image in Windows 10, Windows 8x & Windows 7

Converting the .esd to .wim is fairly straight forward, using the inbuilt Microsoft Deployment Image Servicing and Management (DISM) Command-Line.

There are more than a few uses for the DISM command, and I’ll cover more command options, as I get to use the command more often. This post is intended to provide the indication of extracting a .wim file from the .esd file provided within Win8x & Win10. The DISM command can also be used in Win7. I recently used the DISM command to extract the .wim file so that I could repair a corrupt installation on a friends computer. So this post is based upon a lesson learnt, after resorting to the books, following a head banging session 😦 in total frustration. I hope it helps you

Many Thanks .. Arfs

There are those who know me quite well, and will agree that I do not like downloading software just because it may be needed; and I certainly do not like paying for software that achieves the same function as the inbuilt command-line functionalities. But each to their own. Some people just don’t want to learn.

OKay, back to the .esd & .wim issue.

A little history

Prior to 2006 the operating system that we wanted was purchased as an individual disc. Then in 2006 Windows Vista introduced the ‘Windows Image Format’ (.wim). This meant that all future incarnations of Windows would be provided on a single DVD, or .iso file, and the installation would be dictated by the license key entered.

The .wim file introduced the provision for a true ‘hardware agnostic’ build that significantly improved the initial build time, from 45 minutes for Win XP Pro to 15 minutes for Win Vista Ultimate. The .wim file was also bootable.

Windows 8 introduced the Electronic Software Delivery file (.esd) which allowed for an inline upgrade. Now many e-commerce websites are using .esd files to deliver their software.

There are some websites out there who will tell you that in order to manage, and manipulate, the .esd file that is found within the ‘..\sources\’ directory, but you don’t need to download any software, (e.g. WinReducer Wim Converter – others are available); just use the command-line tools.

For this posting I’m going to use a Win 8.1×64 .iso image that has been ‘mounted’ as a virtual image within Windows File Explorer as F:\ (You just need to change F:\ to the drive that you have mounted) and the inbuilt Microsoft Deployment Image Servicing and Management (DISM) Command-Line utility (https://msdn.microsoft.com/en-us/library/jj980032(v=winembedded.81).aspx).

Once the drive has been mounted navigate to ‘f:\sources\install.esd’


Now open the command prompt with admin privileges (command prompt (admin))

 

 

  • WinKey + X, or Right-click the Windows Symbol – which will open the ‘Context Menu’
 


 

  • Left-click ‘Command Prompt (Admin)‘ & agree to UAC – ‘Yes’
  • Type the command “C:\>dism /export-image /sourceimagefile:”F:\sources\install.esd” /sourceindex:1 /destinationimagefile:”D:\Wim_Extract\Install.wim” /compress:recovery” – or /compress:maximum .. Without the quotations
 

 

  • The resulting .wim file

The following article has been posted on the TenForums website, and explains how to repair a corrupted Windows 10 image using the DISM command within PowerShell .. http://www.tenforums.com/tutorials/7808-dism-repair-windows-10-image.html .. I have read the article, and will give the link rather than republish the information, and give credit to the author ‘Brink’