Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

WSUS Import Updates New PowerShell Import Method

  • August 17, 2023
  • 14 min read
Cloud and Virtualization Architect. Brandon has over 20 years of experience across multiple sectors. He is responsible for the creative and technical content direction at virtualizationhowto.com
Cloud and Virtualization Architect. Brandon has over 20 years of experience across multiple sectors. He is responsible for the creative and technical content direction at virtualizationhowto.com

Windows Server Update Services (WSUS) has long been the preferred way to manage and control the Windows update workflow in a Microsoft Active Directory Domain Services (AD DS) environment. It lets organizations decide which updates are downloaded and applied to clients and servers. Microsoft recently announced they are deprecating importing WSUS updates through the WSUS console. Administrators need to take note of this change. Let’s look at the traditional import process and what’s changing.

The Crucial Role of Windows Updates

Windows updates play a pivotal role in securing and enhancing the functionality of your operating system. They deliver essential security updates that safeguard systems against vulnerabilities and cyber threats.

In addition, they introduce new features and improvements, helping with the user experience and system stability. Keeping systems updated is fundamental to guarantee optimal performance and security.

What is Windows Server Update Services (WSUS)?

WSUS assists administrators in managing and distributing software updates released via the Microsoft Update Catalog website. A centralized WSUS server allows administrators to select and distribute these updates to client and server computers within an organization. This method of centralization helps reduce network load, conserve bandwidth, and gives administrators control over the update process.

Windows Server Update Services is a free Windows Server role you enable from Server Manager.

Adding the Windows Server Update Services role in Windows Server 2022Adding the Windows Server Update Services role in Windows Server 2022

You can also choose to synchronize your WSUS server with an upstream WSUS server or import Windows updates directly from Microsoft update catalog, giving you the flexibility of the source of the update.

What is the Microsoft Update Catalog?

The Microsoft Update Catalog has long been the defacto resource for searching for and downloading Windows Updates. This website is a repository for all Microsoft updates, including Windows updates and security updates. The Microsoft Catalog site is frequently used by administrators when they are attempting WSUS update import. As a note, it is still used in the new PowerShell import method, just in a different way.

How to Manually Import Updates into WSUS (Old way)

Let’s look at how to import into WSUS. Administrators might need to import updates into the WSUS server in some scenarios manually. These situations usually arise when a zero-day patch is released, or when certain software not included in automatic updates requires attention.

This process involves using the WSUS console to access the Microsoft Update Catalog site, identify the necessary update, and import it into the WSUS server. Previously, when you clicked the import button, it would attempt to launch Internet Explorer and install an ActiveX control that only works in Internet Explorer.

You could then add the updates you want to import to your queue and then you would be given the option to import directly into WSUS. Clicking this button fetches the .msu file, which contains the update. Once downloaded, the import command is executed via the WSUS console to introduce the file into your WSUS server.

The old process was often problematic, resulting in many situations where an “unexpected error occurred.”

The import updates button in Windows Server Update ServicesThe import updates button in Windows Server Update Services

WSUS import updates new PowerShell method

Importing updates into WSUS is undergoing significant changes with recent advancements. The old ‘Import Updates’ function, which relied on ActiveX and Internet Explorer, is being replaced by a new PowerShell script.

You can read that official announcement from Microsoft here: Importing updates into WSUS is changing – Microsoft Community Hub.

Internet Explorer is now totally deprecated by Microsoft. Even attempting to launch Internet Explorer after recent updates will attempt to launch Microsoft Edge.

Now when you click on the Import Updates button (in the case of Windows Server 2022 with all the latest updates), you get redirected to a new KB article describing the next steps of the new process.

Below is the site opened when you click the import updates link. It will take you to: WSUS and the Microsoft Update Catalog | Microsoft Learn.

The new KB detailing the new PowerShell import methodThe new KB detailing the new PowerShell import method

Prerequisites for the new PowerShell import method

Microsoft notes the following prerequisites with the new PowerShell import method:

  • You can use any machine equipped with the WSUS administrative console to import updates, irrespective of whether it serves as a WSUS server.
  • For update imports utilizing a WSUS server, the account employed should belong to the WSUS Administrators group or the Local Administrators group.
  • For import procedures performed from a remote computer, an account that holds membership in the WSUS Administrators group and carries local administrative permissions is necessary. Additionally, remote machines must possess network accessibility to reach the WSUS server.

Steps for executing the PowerShell script

1. Begin by copying the PowerShell script provided in this article to import updates into WSUS. Save it as ImportUpdatesIntoWSUS.ps1 using a text editor in an easily accessible location, like C:\temp.

Here I have saved it to c:\wsus_import.

Creating the new ImportUpdatesIntoWSUS.ps1 scriptCreating the new ImportUpdatesIntoWSUS.ps1 script

2. Launch a web browser and navigate to the Microsoft Update Catalog at https://catalog.update.microsoft.com.

3. Type the name of the update you want to import into WSUS into the search bar

4. From the search results, choose the appropriate update to import into WSUS, which will open the update details page

5. Utilize the Copy button present on the update details page to duplicate the UpdateID

Copying the UpdateID for a Windows Update to use with the new PowerShell scriptCopying the UpdateID for a Windows Update to use with the new PowerShell script

6. This script can be used to import either one or multiple updates

  • If you wish to import several updates into WSUS, paste the UpdateIDs for each desired update into a text file, listing one UpdateID per line. Save the text file at an easily accessible location, like C:\temp\UpdateIDs.txt.

For importing a single update, simply copy the respective UpdateID.

  • To execute the import, launch a PowerShell console as an administrator and run the script with the appropriate syntax and required parameters:

C:\temp\ImportUpdatesInToWSUS.ps1 [-WsusServer] <String> [-PortNumber] <Int32> [-UseSsl] [-UpdateId] <String> [-UpdateIdFilePath] <string> [<CommonParameters>]

Example 1: To import a single update while logged into a WSUS server using the default port, use the following syntax:

.\ImportUpdatesInToWSUS.ps1 -UpdateId 12345678-90ab-cdef-1234-567890abcdef

Running the new PowerShell script passing in the UpdateIDRunning the new PowerShell script passing in the UpdateID

Example 2: From a remote computer, to import multiple updates into a WSUS server utilizing SSL, use the syntax below:

.\ImportUpdatesInToWSUS.ps1 -WsusServer WSUSServer.contoso.com -PortNumber 8531 -UseSsl -UpdateIdFilePath C:\temp\UpdateIDs.txt

8. Files for the imported updates will be downloaded per your Update files settings. For instance, if you’ve set ‘Download update files to this server only when updates are approved,’ the update files will be downloaded upon approval of the update. For more understanding about options for storing updates, refer to the section ‘Choose a WSUS storage strategy.’

Summary of the process

This PowerShell script takes user input and streamlines the process:

  1. It involves saving and running the script in a PowerShell console
  2. Searching for updates on the Microsoft Update Catalog site
  3. Copying the UpdateID from the opened details page
  4. Running the script with the copied UpdateID
  5. You must create a text file with each UpdateID on a separate line if importing multiple updates
  6. Imported updates aren’t downloaded during the import. Review your ‘Update files settings’ to modify when they are downloaded.

Wrapping up

Microsoft’s WSUS is a key tool in managing updates across a network. Even though importing updates into WSUS is changing, keeping systems updated remains just as important. It is good to see Microsoft proactively creating and posting a PowerShell script that allows bypassing the issues with the old Internet Explorer/Active-X combination and allowing users to input and customize the updates they are looking to import.

You can maintain a secure environment using the new PowerShell-driven import process by understanding the new process and recognizing the importance of regular updates.

Found Brandon’s article helpful? Looking for a reliable, high-performance, and cost-effective shared storage solution for your production cluster?
Dmytro Malynka
Dmytro Malynka StarWind Virtual SAN Product Manager
We’ve got you covered! StarWind Virtual SAN (VSAN) is specifically designed to provide highly-available shared storage for Hyper-V, vSphere, and KVM clusters. With StarWind VSAN, simplicity is key: utilize the local disks of your hypervisor hosts and create shared HA storage for your VMs. Interested in learning more? Book a short StarWind VSAN demo now and see it in action!