WinRM & PowerShell to check new Windows Updates

Question

Hello,

I have successfully configured WinRM between two workgroup 2019 servers.

When I try to check the running services from SERVER2 to SERVER1 with the command "Get-Service", all is working fine.

But now, I would like to be able to check if windows updates are available from SERVER2 to SERVER1.

It seems my user doesn't have permissions to use the Windows Update component.

Any help will be much appreciated

PS C:\Users\dopadmin> Invoke-Command -ScriptBlock {$updateSession = New-Object -ComObject Microsoft.Update.Session} -ComputerName SERVER-1 -Credential limiteduser
Creating an instance of the COM component with CLSID {4CB43D7F-7EEE-4906-8698-60DA1C38F2FE} from the IClassFactory
failed due to the following error: 80070005 Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).
    + CategoryInfo          : NotSpecified: (:) [New-Object], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.NewObjectCommand
    + PSComputerName        : SERVER-1
 

Answer 1

Hello there,

The below script might help you out.

$Session = New-Object -ComObject "Microsoft.Update.Session";

$Searcher = $Session.CreateUpdateSearcher();

$historyCount = $Searcher.GetTotalHistoryCount();

$Searcher.QueryHistory(0, $historyCount) | Select-Object Date,@{name="Operation"; expression={switch($.operation){1 {"Installation"}; 2 {"Uninstallation"}; 3 {"Other"}}}}, @{name="Status"; expression={switch($.resultcode){1 {"In Progress"}; 2 {"Succeeded"}; 3 {"Succeeded With Errors"};4 {"Failed"}; 5 {"Aborted"} }}}, Title, Description | Export-Csv -NoType "$Env:userprofile\Desktop\Windows Updates.csv";

You can install the PSWindowsUpdate module on Windows 10/11 and Windows Server 2022/2019/2016 from the online repository (PSGallery) using the command:

Install-Module -Name PSWindowsUpdate -Force

After the installation is complete, you need to check the package:

Get-Package -Name PSWindowsUpdate

Hope this resolves your Query !!

--If the reply is helpful, please Upvote and Accept it as an answer–

Answer 2

I had the same problem when using less-privileged user for PRTG monitoring.

It seems that the interfaces, methods, and properties of Windows Update Agent (WUA) are accessible only to callers who belong to Administrator group, otherwise, the HRESULT E_ACCESSDENIED is returned.
Reference: https://learn.microsoft.com/en-us/windows/win32/wua_sdk/secured-methods-and-properties-in-the-wua-api

So, the only way is to add your limiteduser as local admin on SERVER-1, you should get your result.

The service account that I use is in the Power User, Remote Management Users, Performance Monitor Users, and Distributed COM Users. Additionally, I have granted access to the \Root\CIMV2 namespace. But still, no luck.

I hope this finding helps.

Answer 3

Duplicated. Please ignored.

Answer 4

Duplicated. Please ignored.