Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.
 

How to Apply Windows Updates to Nano Server

How to Apply Windows Updates to Nano Server
By

In the days of Windows Server with a GUI, applying Windows Updates to a server was as simple as firing up a remote desktop client, connecting to the server and running Windows Update from the console. It was the exact same experience as updating a client. However, this method didn't necessarily scale well. Plus, remoting into a server console forced you to install the GUI on the server, which took up a lot more space and opened up numerous unnecessary security holes.

Credit: ShutterstockCredit: ShutterstockMicrosoft finally went the extra step and removed the GUI in Nano Server. But, how do I apply updates now? The answer is with PowerShell and WMI.

Nano Server added a Windows Update WMI provider in Windows Server 2016 TP4 that allows you to automate downloading and installing of Windows updates all from within PowerShell. Here, find out how to connect to, download and install any necessary Windows updates applicable to your Nano Server.

MORE: Windows 10 How Tos

1. Ensure your client can connect to Nano Server over WinRM.

Your Nano Server is in a workgroup. Add the DNS name or the IP address to your client's trusted hosts list.  You can do this by using Set-Item as shown below.

Set-Item WSMan:localhostClientTrustedHosts -Value <IP Addresss or DNS Name>

2.Establish a remote session over WinRM by providing an administrative local username and password. Here I'm connecting to a Nano Server in Windows Server 2016 TP5.

Enter-PSSession –ComputerName <IP Addresss or DNS Name> –Credential (Get-Credential)

Once this is done, you should now be in a remote session on your Nano Server.

3.Begin to query WMI to manage updates. We'll first need to create a CIM session, which we'll reuse a few times.

$sess = New-CimInstance -Namespace root/Microsoft/Windows/WindowsUpdate -ClassName MSFT_WUOperationsSession

4.Call the CIM methods to do scan, download and install updates. First scan your Nano Server for any missing updates.

$scanResults = Invoke-CimMethod -InputObject $sess -MethodName ScanForUpdates -Arguments @{SearchCriteria="IsInstalled=0";OnlineScan=$true}

This will take a little bit since it's going out to the Windows Update catalog, finding all of the latest applicable updates and checking that list against all of the updates that are already installed on your Nano Server.

You can see that my Nano Server only requires a single update at this time.

Let's now download this update and install it. The following command will download and apply this update any other update that is missing.

Invoke-CimMethod -InputObject $sess -MethodName ApplyApplicableUpdates

When complete, you should see a return code of 0 indicating success.

5.Reboot and restart Nano Server, then run the scan again to see if the update is still says it needs to be installed.

$sess = New-CimInstance -Namespace root/Microsoft/Windows/WindowsUpdate -ClassName MSFT_WUOperationsSession

Invoke-CimMethod -InputObject $sess -MethodName ScanForUpdates -Arguments @{SearchCriteria="IsInstalled=1";OnlineScan=$true}

Note: To see the update was installed I changed the IsInstalled hashtable key IsInstalled=0 to IsInstalled=1. If you somehow forgot to do this and run this method with IsInstalled=0 again you'll receive an error. This is a known issue which will hopefully be fixed soon.

If you'd like to install specific updates, you could separate out downloading and installing updates by using the DownloadUpdates and InstallUpdates methods. First, find all applicable updates as before.

$scanResults = Invoke-CimMethod -InputObject $sess -MethodName ScanForUpdates -Arguments @{SearchCriteria="IsInstalled=0";OnlineScan=$true}

6.Filter out the updates you don't want from there by using a where filter.

$updates = $scanResults.Updates.where({ $_ -ne 'UpdateName' })

Then you can use this update list to download and install them.

Invoke-CimMethod -InputObject $sess -MethodName DownloadUpdates -Arguments @{Updates=$updates}

Invoke-CimMethod -InputObject $sess -MethodName InstallUpdates -Arguments @{Updates=$updates}
Nano Server and Windows Server 2016 is not RTM yet, so expect some minor changes. But using the WMI provider here should be the method to get updates installed on Nano Sever for the foreseeable future.