In connection with another article about Deploying Windows Updates via the Command Line, I have come to notice that it is not the end-all we thought it once was. With the Roll-Up Updates for Windows 7, 8.1, and 10, I have found a better way to deploy updates.
As per before, this is all done under the assumption you are NOT running a WSUS Server. For the organization I’m employed at, this is the case. Updates used to be offered with the Pro level of PDQ Deploy, but it has changed to the Enterprise licensing in order to accomplish the same thing. Below is what I found to work for my environment, including the scripts I found to make it work.
Jan 16, 2019 The fix for this is to install a Cumulative Update (CU) past September 2016 as it was fixed in the September CU. It will then re-establish communication with the WSUS server. Unfortunately, if the system is already Windows 10 1607 RTM, you have no choice but to use a 3rd party tool like PDQ Deploy or install the CU Manually on the machine. PDQ Deploy is a software deployment tool built to help you automate your patch management. You can go from updating your 3rd party software, to deploying. I would use WSUS on the network for Microsoft part, rest you can patch with other tools as you have mentioned such as PDQ. WSUS cost you nothing, is there and works once correctly configured and managed.
You will want to download the appropriate versions of the monthly updates for your Operating Systems. A quick Google search will land you where you need when new updates come out; see below for more information. Save the files to a common folder that your users can READ from.
Create the Scripts
Pdq Deploy Agent
stopWindowsUpdateServer.ps1:
startWindowsUpdateService.ps1:
Save these files in an easily accessible location that your users can READ from.
Deploy with PDQ Deploy
If you have Admin Arsenal’s PDQ Deploy, you can create a deployment package, as per the settings below:
- Stop Windows Update Script (as saved above)
- Created as a Powershell script
- Options->Error Mode->Continue
- Install Step (for each update)
- Choose the .MSU update file for your Windows Version (i.e. Windows 7 32-bit)
- Ensure the success codes include
0,1641,3010,2359302
- Conditions->OS Version and Architecture->_Match for the update you’re deploying_
- Options->Error Mode->Stop deployment with error
- You do NOT need to copy the entire folder with each of these Install steps
- Repeat step two for each Windows Version and Architecture you have updates for
- Start Windows Update Script (as saved above)
- As per step 1 above, except choosing the START script
Keeping your updates up to date
Pdq Software Deploy
Next up, you need to keep these updates… well, up to date! You can either refer to this page (as I will continually update it), or you can do some searching yourself to keep up to date. Below is how I found the updates to apply:
Pdq Deploy Packages
- Google search for “Windows { 7 | 8.1 | 10 } {Month} {Year} Roll up”. Look for the KB number.
- Go to the Windows Update Catalog, and search for that KB number.
- Click the Download button to the right for the version you need. Save the file in the same folder as the older ones; I rename the updates to a name format, such as “Win7_x64_KB123456”, to keep the names short.
- Update the middle steps of your deployment to use the new filenames.
- Test the deployment with a test computer to ensure it deploys properly without errors.
- Deploy as needed to the rest of your environment.