Automating Windows Update Checks and Installations with PowerShell

🪟 Remotely Patch Windows Clients with PowerShell

Whether you use Group Policy, your RMM, or a third-party patching solution like Action1, it’s often helpful to have the ability to push Windows Updates on-demand. This includes updates in the Optional category, which frequently contain firmware updates, driver improvements, and other valuable enhancements for devices.

In collaboration with ChatGPT, I’ve created a script that does exactly that—allowing you to remotely trigger updates when you need them, without waiting for the next scheduled patch cycle.

🔄 Windows Update Check + Install | PS Script

Below is the PowerShell script that checks for available Windows Updates, downloads them, and installs them — including optional updates like drivers and firmware. This is especially useful for on-demand patching, remote management, or integrating with automation tools like RMM platforms or Group Policy scripts.

Make sure to run it with administrative privileges for full functionality.

# Create update session and searcher
$Session = New-Object -ComObject Microsoft.Update.Session
$Searcher = $Session.CreateUpdateSearcher()

# Search for updates that are not installed
$Result = $Searcher.Search("IsInstalled=0")

Write-Output "Found $($Result.Updates.Count) available updates."

if ($Result.Updates.Count -gt 0) {
    # List the updates found
    foreach ($update in $Result.Updates) {
        Write-Output $update.Title
    }

    # Create a collection of updates to download/install
    $UpdatesToInstall = New-Object -ComObject Microsoft.Update.UpdateColl

    foreach ($update in $Result.Updates) {
        $UpdatesToInstall.Add($update) | Out-Null
    }

    # Create downloader and download updates
    $Downloader = $Session.CreateUpdateDownloader()
    $Downloader.Updates = $UpdatesToInstall

    Write-Output "Downloading updates..."
    $DownloadResult = $Downloader.Download()

    if ($DownloadResult.ResultCode -eq 2) { # 2 means succeeded
        Write-Output "Download succeeded."

        # Create installer and install updates
        $Installer = $Session.CreateUpdateInstaller()
        $Installer.Updates = $UpdatesToInstall

        Write-Output "Installing updates..."
        $InstallResult = $Installer.Install()

        Write-Output "Installation Result: $($InstallResult.ResultCode)"
        Write-Output "Reboot required: $($InstallResult.RebootRequired)"
    }
    else {
        Write-Output "Download failed with result code: $($DownloadResult.ResultCode)"
    }
}
else {
    Write-Output "No updates to install."
}

📊 Script Output and Results

Here is an example of the results after running on a machine.

Found 3 available updates.
2024-08 Update for Windows 10 Version 22H2 for x64-based Systems (KB5042320)
2025-04 Security Update for Windows 10 Version 22H2 for x64-based Systems (KB5057589)
HP Inc. - Firmware - 1.8.11.0
Downloading updates...
Download succeeded.
Installing updates...
Installation Result: 4
Reboot required: True

⚙️ Script Summary

Breakdown:

• Create Update Session & Searcher: Initializes a Windows Update session and searches for updates that are not yet installed.
• List Available Updates: Displays titles of all found updates.
• Download Updates: Downloads all found updates in a batch.
• Install Updates: Installs the downloaded updates and reports the result.
• Reboot Check: Indicates if a system reboot is required after installation.

I created a ConnectWise Extra Data Value for this results output in-case I need them.

🎲 Testing the Script & Handling Random Outcomes

I deployed this script to over 400 endpoints one day, first desktops then laptops. Only two tickets manifested, a laptop with a PCIe WLAN card on the frits had a driver update that produced a BSOD, and one user called about their BitLocker Recovery Key being needed after a BIOS update.

💥 Handling BSODs Caused by Driver Failures

When a Windows machine fails to boot due to a BSOD—and Safe Mode won’t load—you can often fix the issue using the Command Prompt via the Recovery Menu (Windows RE) environment.

The folder C:\Windows\System32\drivers contains the driver files (.SYS extensions) that Windows loads during boot. Since the OS is offline in this environment, you can run simple batch commands to delete the problematic driver—provided you know which one it is. That’s why my script outputs the update results before installation.

Additionally, C:\Windows\System32\DriverStore\FileRepository holds backup copies of original driver packages. If a driver is missing, Windows will pull the necessary files from this folder and convert them into .SYS files for installation. To prevent the BSOD from recurring, you’ll need to delete the faulty driver here as well.

I once had to guide a user in another State remotely to do this. I used ConnectWise’s View which allows me to send an SMS text/link to their phone, and their phone’s cameras are visible to me in a window on my PC. I guided the user on how to delete the faulty AMD graphics driver via Windows RE and his machine was booting and usable again.

🖧 Intel NIC (Ethernet/LAN) Drivers

Common Driver Names (Device Manager):

• Intel(R) Ethernet Connection I219-V
• Intel(R) Ethernet Connection I210-T1
• Intel(R) 82579LM Gigabit Network Connection
• Intel(R) I211 Gigabit Network Connection
• Intel(R) I225-LM/I225-V 2.5GbE Controller
• Intel(R) Ethernet Controller X540-AT2 (10GbE)
• Intel(R) Ethernet Network Adapter E810 Series

Common Driver Files (Windows):

• e1d65x64.sys – Intel I219/I210/I211 drivers
• e1c65x64.sys – Older I217/I218 devices
• e2f68x64.sys – 10GbE NICs (e.g., X540/X550)
• e1r65x64.sys – Intel 82579LM/V
• e1qexpress.sys – Older Intel PRO/1000 devices

📶 Intel WLAN (Wireless) Drivers

Common Driver Names (Device Manager):

• Intel(R) Dual Band Wireless-AC 7260 / 7265 / 3160
• Intel(R) Wireless-AC 8260 / 8265
• Intel(R) Wi-Fi 6 AX200 / AX201 / AX210
• Intel(R) Wireless-N 7260 / 2230
• Intel(R) BE200 / BE202 (Wi-Fi 7)

Common Driver Files (Windows):

• Netwsw00.sys – Intel Wireless-N, Wireless-AC
• Netwsw02.sys – Newer Wireless-AC and Wi-Fi 6
• Netwtw04.sys – Intel Wi-Fi 6/6E drivers (AX200, AX201)
• Netwtw06.sys – Wi-Fi 6E/7 devices (AX210, BE200)
• Netwlv64.sys – Older wireless devices (e.g., 5100/5300 series)
• Netwns64.sys – Centrino Wireless-N drivers

🔍 How to Find Installed Intel Driver Files

Use PowerShell or CMD to find associated .sys files:

Get-WmiObject Win32_PnPSignedDriver | Where-Object { $_.DeviceName -like "*Intel*" -and $_.DriverProviderName -eq "Intel" } | Select DeviceName, DriverVersion, DriverDate, InfName

🧠 PowerShell to Get Intel Driver INF Folder Paths

Here’s an updated PowerShell snippet that adds the full INF folder path:

Get-WmiObject Win32_PnPSignedDriver |
Where-Object { $_.DeviceName -like "*Intel*" -and $_.DriverProviderName -eq "Intel" } |
Select-Object DeviceName, DriverVersion, DriverDate, InfName,
@{Name='InfFolderPath';Expression={Join-Path "C:\Windows\System32\DriverStore\FileRepository" ($_.InfName -replace '\.inf$', '*')}}

🔍 What This Does:

• InfName gives something like e1d65x64.inf
• The script replaces .inf with * to wildcard-match the folder name (since the folder name includes a hash like e1d65x64.inf_amd64_1234abcd)
• Join-Path builds the full path to where the INF lives under DriverStore\FileRepository

✅ Conclusion

Automating Windows Updates with PowerShell gives you greater control, flexibility, and efficiency—especially when managing remote systems or handling patch exceptions. Whether you’re dealing with critical updates, optional firmware patches, or just need an on-demand solution outside of your standard tools, this script bridges the gap. Feel free to customize it to fit your environment, and take the guesswork out of keeping systems up to date.

🌿 Final Thoughts

Keeping systems updated is critical—but it doesn’t have to be complicated. With a bit of PowerShell and some automation, you can take control of Windows Updates on your terms. Whether you’re supporting a few endpoints or an entire fleet, this approach gives you the agility to push important updates exactly when they’re needed. Tweak it, test it, and make it yours.

WinReflection

My name is Dex, author at WinReflection.

I am a Christian, conservative, truth-seeker, and problem-solver who is not afraid to be vocal about important or controversial issues—silence leads to death. There’s more to life than the worldly status quo, and that’s why many are sad and depressed—they’re suffocating. Truth and purpose can bring fresh air into one’s life, and that’s my mission. My sidebar content should not trigger you, the proof is all there.

📖 John 3:16: For God so loved the world that he gave his one and only Son, that whoever believes in him shall not perish but have eternal life.