Install Missing OS Updates Deployed by SCCM

If you have SCCM in your environment, at some point you have probably had to install patches outside of a designated maintenance window. Now if you are doing 1 machine then sure, open software center, click the checkbox(s) and click install. But if you need to do more than one then this process has already taken to long. Now for the sake of an argument, yes you could make a collection, deploy the patches and do all of this with SCCM. But what is the fun in that, lets figure out how to do it via PowerShell.

I use this all the time to install patches on machines that for what ever reason, didn’t install patches during its maintenance window. I hope you find this as useful as I do.

<#
.Synopsis
Install Missing patches on machines
.DESCRIPTION
Install Missing patches on machines.
.EXAMPLE
Install-MissingSCCMPatches -Computers Server1
.EXAMPLE
Install-MissingSCCMPatches -Computers Server1,Server2,DC3
.EXAMPLE
Install-MissingSCCMPatches -Computers (Get-Content c:\temp\servers.txt)
#>
function Install-MissingSCCMPatches
{
[CmdletBinding()]
Param
(
# Param1 help description
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
[string[]]$Computers
)
 
Begin{Write-Verbose "Installing missing SCCM Patches"}
 
Process{
Invoke-Command -ComputerName $Computers -ScriptBlock {
$MissingUpdates = Get-WmiObject -Class CCM_SoftwareUpdate -Filter ComplianceState=0 -Namespace root\CCM\ClientSDK
 
# Find the missing patches on the machines (ComplianceState=0)
# Then takes the PowerShell object and turn it into an array of WMI objects
$MissingUpdatesArray = @($MissingUpdates | ForEach-Object {if($_.ComplianceState -eq 0){[WMI]$_.__PATH}})
 
# Install all the missing patches that we found
 
$Install = Invoke-WmiMethod -Class CCM_SoftwareUpdatesManager -Name InstallUpdates -ArgumentList ($MissingUpdatesArray) -Namespace root\ccm\clientsdk
}
}
End{}
}