Using Powershell Script to Manage the Windows 10 Update Policy

Using PowerShell Script to Manage the Windows 10 Update Policy

Introduction

The main objective of this article is to provide step-by-step instructions on how to use PowerShell script to set and modify the Windows update policy using a Windows bundle. The Windows 10 update settings can be easily re-configured using this bundle.

This document includes the following information:

• Prerequisites • Creating the Bundle • Deploying the Bundle • Logging Results

Prerequisites

Prior to deploying the bundle, you need be aware of the following:

• The Windows bundle can be deployed only on Windows 10 devices. • Using the bundle, you can modify the update settings for Windows 10 devices. However, if the same setting is controlled by a group policy, the latter will prevail. • Prior to deploying the bundle, you must enable script execution by running the following command: Set-ExecutionPolicy ). By default, the value set as Restricted.

Creating the Bundle

To create the Windows bundle:

1. In ZENworks Control Center, create a Windows bundle and add the modifyWindowsUpdateConfiguration.ps1, the settings.xml and the Setupconfig.ini files. For the Setupconfig.ini file, ensure that you specify the Destination Directory as %systemdrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\

For information on how to create Windows bundles, see https://www.novell.com/documentation/zenworks-2017-update- 1/zen_cm_software_distribution/data/ba480hx.html

2. In the Bundles page, click the bundle that was created in the previous step and click Actions > Launch. 3. Click the Run Script Action link and in the Edit Action – Script dialog, specify the Action Name, Script File Name, Script Parameters and Path to Script Engine.

4. Click the Advanced tab and select the Run as secure system user (Don’t allow system to interact with desktop) option. For information on Bundle Actions, see https://www.novell.com/documentation/zenworks- 2017-update-1/zen_cm_software_distribution/data/ba4pobn.html

5. After specifying the relevant values, click OK and then Publish the bundle.

Note: While creating the bundle, ensure that the path for the install files is correct and it is the same as that specified in the run script.

Deploying the Bundle

To deploy the bundle, assign the bundle to the specific users or devices and specify the deployment schedule. After the bundle is deployed, the required settings will be modified based on the settings.xml file. For information on how to assign bundles, see https://www.novell.com/documentation/zenworks- 2017-update-1/zen_cm_software_distribution/data/bs8c8lh.html

Logging Results

Results of the script execution can be viewed in the %ZENworks_home%/logs/windowsUpdateConfigurationLog file. In this file you can view the settings that have been successfully set and those which could not be set due to errors. The log file will also include the updated policy settings.

Power-shell Script content

Create “modifyWindowsUpdateConfiguration .ps1” file and copy below code to it.

$settingPath=$args[0] $logfile = $Env:zenworks_home+"\logs\windowsUpdateConfigurationLog.txt" function Write-Log([string]$logMsg) {

[string]$logMessage = [System.String]::Format("[$(Get-Date)] - {0}", $logMsg) Add-Content -Path $logfile -Value $logMessage } Write-Log "Started with the script execution. Current Windows Update Settings will be modified according to the settings provided." $namespaceName = "Root\CIMv2\MDM\DMMap" $className = "MDM_Policy_Config01_Update02" $initialObjectValues = @{ParentID="./Vendor/MSFT/Policy/Config";InstanceID="Update"} $settingsData = [Xml] (Get-Content $settingPath) try { $obj = Get-CimInstance -Namespace $namespaceName -ClassName $className if($obj -eq $null) { Write-Log "Didn't find any running instance. Creating a new instance for MDM_Policy_Config01_Update02." $obj = New-CimInstance -Namespace $namespaceName -ClassName $className -Property $initialObjectValues } } catch [System.Management.Automation.ParameterBindingValidationException] {

Write-Log "Didn't find any running instance. Creating a new instance for MDM_Policy_Config01_Update02." $obj = New-CimInstance -Namespace $namespaceName -ClassName $className -Property $initialObjectValues

} foreach($property in $settingsData.settings.property) { try { If($property.key -eq "ParentID" -Or $property.key -eq "InstanceID") { continue } $obj.($property.key)=$property.value Set-CimInstance -CimInstance $obj } catch { $ErrorMessage = $_.Exception.Message Write-Log $ErrorMessage }

} Write-Log "Updated Config policy to:" Write-Log ( $obj | Format-List | Out-String)

The SetupConfig.ini file Content

Create “Setupconfid.ini” file and copy below content to it.

[SetupConfig] NoReboot ShowOobe=None Telemetry=Enable ReflectDrivers = < path of folder containing INF and SYS files for the encryption drivers >

The settings.xml file

The files is attached. Right click on clip icon and Choose “Save Embedded File to Disk…”