Hi,
Thank you for your question and reaching out.
I understand that you wanted to install updates on multiple PCs at once. Keeping your machines patched is an important part of keeping your network and your data safe. However, it can be a time consuming process when done manually and allowing the machines to automatically reboot when finished it not always an option. This how to will give you the ability to download and install updates on many machines at once while allowing you to postpone reboots until a more convenient time.
This how-to involves the (optional) use of up to three scripts to initiate the download and install of Windows updates. Alternately, the main script (Script 2) could be added as a scheduled task on the individual machines.
Step 1: Download the following scripts
Run command on all computers in an OU (SCRIPT 1) http://community.spiceworks.com/scripts/show/1084-run-command-on-all-computers-in-an-ou
Download and install updates with our without a reboot (SCRIPT 2) http://community.spiceworks.com/scripts/show/1075-download-and-install-updates-with-or-without-reboot
Reboot all computers in an OU or a list of specific machines (SCRIPT 3) http://community.spiceworks.com/scripts/show/1085-reboot-all-computer-in-an-ou-or-a-list-of-specific-machines
Step 2: Download psexec
PsTools http://download.sysinternals.com/Files/PsTools.zip
Step 3: Copy files to appropriate locations
PsExec will need to be somewhere in your path (C:\Windows\System32)
Create a folder called MaintScripts (or whatever you would like) on each remote machine you will want to update and copy Script 2 to it. (Name the script WSUS.ps1 if you don't want to have to modify Script 1)
Step 4: Change the PowerShell ExecutionPolicy setting
You'll need to change the ExecutionPolicy setting on any machine you want to run this on remotely. For the sake of simplicity we're going to set it to Unrestricted, however, if security is a concern you can Google how to digitally sign the scripts.
The following registry key needs to be modified either through group policy, a powershell command run on the machine or manually:
HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIDs\Microsoft.PowerShell Value: ExecutionPolicy Type: REG_SZ Value: Unrestricted
the powershell command is:
set-executionpolicy -executionpolicy unrestricted
Step 5: Run the remote execution script
Edit the value of the strOU variable in Script 1 to point to the OU where the machines to be updated are located.
When you launch Script 1, you will be prompted for your domain credentials (domain\user format) and then the script will attempt to ping each machine before trying to run a command on it.
There are two variables passed to the Download and update script (Script 2): the first is yes or no to download and install, the second is yes or no to reboot. If you haven't modified Script 1, the default is set to download and install without rebooting.
You can monitor the progress of the update script (Script 2) as a window will open up showing the status of each machine.
Step 6: Reboot the computers to finish updating
Script 3 can be run at any convenient time to reboot all the machines that you just updated or just to reboot a container full of machines for any reason. Just modify the strOU variable to point to the OU you want to reboot.
If you only want to reboot a list of specific machines, enter them into the strSpecific variable separated by commas. If the value of strSpecific is anything other than "", strOU will be ignored.
There you have it. I currently use this to install updates on 300 servers spread across 50+ physical locations. Without these scripts, it normally takes two days of manually remoting each machine and telling it to install updates. With the scripts, it takes about a half an hour.
-----------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer--