Command-Line Guide: Installing Windows Updates via PowerShell and DISM in Windows 7


3 views

Many Windows 7 users encounter issues with the graphical Windows Update interface - it sometimes fails to display available updates or gets stuck during the scanning process. When crucial security updates aren't selected by default and the details pane remains empty, you're left with an unpatched system.

For systems with PowerShell 5.1 or later (which can be installed on Windows 7), use this powerful sequence:


# First, install the PSWindowsUpdate module
Install-Module -Name PSWindowsUpdate -Force

# Import the module
Import-Module PSWindowsUpdate

# List available updates
Get-WindowsUpdate

# Install all available updates with automatic rebooting
Install-WindowsUpdate -AcceptAll -AutoReboot

For systems without PowerShell capabilities, Deployment Image Servicing and Management (DISM) offers solid functionality:


# Scan for available updates
DISM /Online /Get-Packages | findstr "Package_for"

# Install a specific update package
DISM /Online /Add-Package /PackagePath:"C:\updates\Windows6.1-KB123456-x64.msu"

# Alternatively, download and install from Windows Update
DISM /Online /Cleanup-Image /ScanHealth
DISM /Online /Cleanup-Image /RestoreHealth /Source:wim:E:\sources\install.wim:1 /LimitAccess

For completely offline systems or when Windows Update servers are unavailable:

  1. Download WSUS Offline Update tool
  2. Run: UpdateGenerator.exe to create update packages
  3. Execute: UpdateInstaller.exe /autoreboot on target machine

Create a scheduled task for regular update checks:


schtasks /create /tn "WindowsUpdate" /tr "powershell -command \"Import-Module PSWindowsUpdate; Get-WindowsUpdate -Install -AcceptAll -AutoReboot\"" /sc weekly /d SUN /st 03:00
  • Reset Windows Update components: net stop wuauserv followed by net start wuauserv
  • Clear update cache: Delete contents of C:\Windows\SoftwareDistribution\Download
  • Check CBS.log for errors: findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt

Many Windows 7 administrators encounter situations where the graphical Windows Update interface fails to properly display available updates. This creates a chicken-and-egg problem where you can't install updates because the GUI won't show them, but you need those updates to fix the GUI issues.

The Windows Update Agent (WUA) API provides programmatic access to update functionality. Here's a basic PowerShell script to detect and install updates:


$UpdateSession = New-Object -ComObject Microsoft.Update.Session
$UpdateSearcher = $UpdateSession.CreateUpdateSearcher()
$SearchResult = $UpdateSearcher.Search("IsInstalled=0")
$UpdatesToInstall = New-Object -ComObject Microsoft.Update.UpdateColl

foreach ($Update in $SearchResult.Updates) {
    $UpdatesToInstall.Add($Update) | Out-Null
}

if ($UpdatesToInstall.Count -gt 0) {
    $Installer = $UpdateSession.CreateUpdateInstaller()
    $Installer.Updates = $UpdatesToInstall
    $InstallationResult = $Installer.Install()
    
    if ($InstallationResult.ResultCode -eq 2) {
        Write-Host "Updates installed successfully"
    } else {
        Write-Host "Installation failed with error code: $($InstallationResult.ResultCode)"
    }
} else {
    Write-Host "No updates to install"
}

For systems that won't boot or have severe corruption, DISM (Deployment Image Servicing and Management) can install updates offline:


dism /online /get-packages
dism /online /add-package /packagepath:"C:\updates\update.msu"

For enterprise environments, WSUS provides command-line control through the wuauclt.exe utility:


wuauclt.exe /detectnow
wuauclt.exe /updatenow

When scripting updates, always implement proper error handling. This enhanced version includes logging:


try {
    $ErrorActionPreference = "Stop"
    $LogFile = "C:\logs\update_$(Get-Date -Format 'yyyyMMdd').log"
    
    $UpdateSession = New-Object -ComObject Microsoft.Update.Session
    $UpdateSearcher = $UpdateSession.CreateUpdateSearcher()
    
    Start-Transcript -Path $LogFile -Append
    $SearchResult = $UpdateSearcher.Search("IsInstalled=0")
    
    if ($SearchResult.Updates.Count -eq 0) {
        Write-Output "No updates found at $(Get-Date)"
        return
    }
    
    $Installer = $UpdateSession.CreateUpdateInstaller()
    $Installer.Updates = $SearchResult.Updates
    $InstallResult = $Installer.Install()
    
    if ($InstallResult.ResultCode -eq 2) {
        Write-Output "Successfully installed $($SearchResult.Updates.Count) updates"
    } else {
        Write-Output "Installation failed: $($InstallResult.ResultCode)"
    }
} catch {
    Write-Output "Error encountered: $_"
} finally {
    Stop-Transcript
}