I’ve already posted a script to show Windows Update settings. What if you want to change the settings? In particular, I needed to be able to use MAXfocus Site Automated Tasks to change the NotificationLevel so I could control when downloads and updates happen.
The script requires one numeric parameter for NotificationLevel:
1 – Never check for updates
2 – Check for updates but let me choose whether to download and install them
3 – Download updates but let me choose whether to install them
4 – Install updates automatically
In my case, to enforce a download window of 3:00 to 7:00am, I set the NotificationLevel to 4 at 3:00am, then back to 2 at 7:00am.
The script displays the settings in effect after they have been changed.
Note that the script will not work if you controlling Windows Update through group policy. You’ll need to set the group policy items to Not Configured to allow the script to make changes.
Important The script sets most Windows Update settings to hard-coded values. It even creates a local policy registry key to set NoAutoReboot. If you want to use other values, you’ll need to modify them in the script.
The Script
And here’s the script:
<# .Synopsis Set the Microsoft auto-update settings for the local computer. - Use a parameter to set NotificationLevel (allows disabling/enabling downloads and updates via script). - Set other values to hard-coded defaults. List settings after any changes. Adapted from http://stackoverflow.com/questions/9612609 Copyright (c) 2015 by MCB Systems. All rights reserved. Free for personal or commercial use. May not be sold. No warranties. Use at your own risk. .Notes Name: MCB.WindowsUpdate.SetSettings.ps1 Author: Mark Berry, MCB Systems Created: 03/12/2015 Last Edit: 03/12/2015 Changes: 03/12/2015 - Initial release. 03/13/2015 - Make ScheduledInstallationTime an optional parameter and set default to 4am. Since current usage changes to auto-update just after 3am, setting install time to 4am should allow same-day install. Rename script to reflect that is sets _all_ settings. #> param( [Parameter(Mandatory = $true, Position = 0, ValueFromPipelineByPropertyName = $true)] [Int]$NotificationLevel, [Parameter(Mandatory = $false, Position = 1, ValueFromPipelineByPropertyName = $true)] [Int]$ScheduledInstallationTime=4, [Parameter(Mandatory = $false, Position = 2, ValueFromPipelineByPropertyName = $true)] [String]$LogFile="" ) [Boolean]$ErrFound = $false Write-Host -NoNewLine ("Microsoft AutoUpdate settings on " + $env:COMPUTERNAME + " after update by this script:") try { # Set other values using the Microsoft.Update.AutoUpdate COM object $objAutoUpdateSettings = (New-Object -ComObject "Microsoft.Update.AutoUpdate").Settings $objAutoUpdateSettings.NotificationLevel = $NotificationLevel $objAutoUpdateSettings.ScheduledInstallationDay = 0 $objAutoUpdateSettings.ScheduledInstallationTime = $ScheduledInstallationTime $objAutoUpdateSettings.IncludeRecommendedUpdates = $true $objAutoUpdateSettings.NonAdministratorsElevated = $true $objAutoUpdateSettings.FeaturedUpdatesEnabled = $true $objAutoUpdateSettings.save() $objSysInfo = New-Object -ComObject "Microsoft.Update.SystemInfo" $objAutoUpdateSettings "Reboot required : " + $objSysInfo.RebootRequired # NoAutoReboot can apparently only be set by policy, so set and report that here. # Reference: https://technet.microsoft.com/en-us/library/cc720464%28v=ws.10%29.aspx. New-Item -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU -Force | Out-Null New-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU -Name NoAutoRebootWithLoggedOnUsers -Value 1 -PropertyType DWORD -Force | Out-Null Write-Host -NoNewLine ("NoAutoRebootWithLoggedOnUsers : ") try { # If Get-ItemProperty fails, value is not in registry. Do not fail entire script. # "-ErrorAction Stop" forces it to catch even a non-terminating error. $output = Get-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU -Name NoAutoRebootWithLoggedOnUsers -ErrorAction Stop switch ($output.NoAutoRebootWithLoggedOnUsers) { 0 {"False (set in registry)"} 1 {"True (set in registry)"} } } catch { "Unknown (local policy registry value not found)" } # The rest of this is just static info on the meaning of various Settings. "" "NotificationLevel:" "1 - Never check for updates" "2 - Check for updates but let me choose whether to download and install them" "3 - Download updates but let me choose whether to install them" "4 - Install updates automatically" "" "ScheduledInstallationDay" "0 - Every day" "1-7 - Sunday through Saturday" "Note: On Windows 8/2012 and later, ScheduledInstallationDay and" " ScheduledInstallationTime are only reliable if the values" " are set through Group Policy." "" "Script execution succeeded" $ExitCode = 0 } catch { "" $error[0] "" "Script execution failed" $ExitCode = 1001 # Cause script to report failure in GFI dashboard } "" "Local Machine Time: " + (Get-Date -Format G) "Exit Code: " + $ExitCode Exit $ExitCode
Pingback: Print Detailed Windows Update Information | MCB Systems
hi,
great script. I’m not too familiar with scripting, but i need this script to disable windows 10 update during business hours 7 am to 7 pm but enable and run it only between 7pm and 7 am. . Can you help me dit your script to work this way?
thanks,
Kenny
Kenny, I haven’t played with Windows 10 updating too much, but I don’t think it allows disabling updates this way. I’ve heard that you can tell it that it is on a “metered connection” to temporarily disable updates, but I haven’t tried that.