Updating Nano Server using Windows Update or Windows Server Update Service
THIS HAS BEEN SUPERSEDED BY THIS POST: https://blogs.technet.microsoft.com/nanoserver/2016/10/07/updating-nano-server/
==============================================================================================
If you want to use Windows Update (WU) or Windows Server Update Service (WSUS) to update Nano Server, there is a WU WMI provider in TP4 that can be used to scan for and install updates.
To install all applicable updates:
1. Establish a Remote PowerShell session to your Nano Server machine. The following steps use $sess as the session, so replace that if using something else.
2. To receive the full list of applicable updates:
$sess = New-CimInstance -Namespace root/Microsoft/Windows/WindowsUpdate -ClassName MSFT_WUOperationsSession
$scanResults = Invoke-CimMethod -InputObject $sess -MethodName ScanForUpdates -Arguments @{SearchCriteria="IsInstalled=0";OnlineScan=$true}
3- To detect, download and install all applicable updates
$sess = New-CimInstance -Namespace root/Microsoft/Windows/WindowsUpdate -ClassName MSFT_WUOperationsSession
$scanResults = Invoke-CimMethod -InputObject $sess -MethodName ApplyApplicableUpdates
4. Restart-Computer
5. Verify the patch installed
$sess = New-CimInstance -Namespace root/Microsoft/Windows/WindowsUpdate -ClassName MSFT_WUOperationsSession
$scanResults = Invoke-CimMethod -InputObject $sess -MethodName ScanForUpdates -Arguments @{SearchCriteria="IsInstalled=1";OnlineScan=$true}
Note that step 5 lists what is installed but if doesn’t actually state “installed” in the output. If for reporting purposes you want that additional detail, you can instead run:
Get-WindowsPackage –Online
To install a subset of updates:
1. Run steps 1 & 2 above
2. Review the list of updates returned in the scanResults.Updates array and remove any that you do not wish to download and install:
$downloadResults = Invoke-CimMethod -InputObject $sess -MethodName DownloadUpdates -Arguments @{Updates=$scanResults.Updates}
$installResults = Invoke-CimMethod -InputObject $sess -MethodName InstallUpdates -Arguments @{Updates=$scanResults.Updates}
3. Run steps 4 & 5 above
Known Issues
There are currently two known issues:
1. If there are no available applicable updates, running the following command in step 2:
$scanResults = Invoke-CimMethod -InputObject $sess -MethodName ScanForUpdates -Arguments @{SearchCriteria="IsInstalled=0";OnlineScan=$true}
Returns the following error
Invoke-CimMethod : A general error occurred that is not covered by a more specific error code.
At line:1 char:16
+ ... anResults = Invoke-CimMethod -InputObject $sess -MethodName ScanForUp ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_WUOperatio...-5b842a3dd45d")
:CimInstance) [Invoke-CimMethod], CimException
+ FullyQualifiedErrorId : MI RESULT 1,Microsoft.Management.Infrastructure.
CimCmdlets.InvokeCimMethodCommand
2. Using the steps above with Defender installed will prevent any updates from installing. You can either:
a. Uninstall Defender, run WU, and reinstall Defender
-- or --
b. Download the update package on another machine, copy it over, and use Dism to apply the package
WSUS
Using the above steps on a default installation of Nano Server, if the machine has Internet access it will query the Windows Update/Microsoft Update service to find and download updates. If you are using WSUS in your environment you can set the registry keys in Nano Server to have it use your WSUS Server. The necessary WSUS keys are documented in “Windows Update Agent Environment Options Registry Keys” in this article: https://technet.microsoft.com/en-us/library/cc708449(v=ws.10).aspx. At a minimum you need to set WUServer and WUStatusServer, depending on how WSUS is implemented in your environment you may require some of the other values to be set. If you are unsure, you can always check these settings on another Windows Server in your environment.
Once the registry values are set for WSUS, running the above commands will have WU query WSUS for the applicable updates and use WSUS as the source for the download.
Auto Updating
To Auto Update on Nano Server you can convert the above scan an install steps into a local PS script and create a scheduled task to run and reboot the system on your schedule.