-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathTest-MicrosoftUpdateAccess.ps1
More file actions
113 lines (81 loc) · 3.64 KB
/
Test-MicrosoftUpdateAccess.ps1
File metadata and controls
113 lines (81 loc) · 3.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#Requires -Version 2.0
#Requires -RunAsAdministrator
Function Test-MicrosoftUpdateAccess {
<#
.SYNOPSIS
Test to determine if Install-MicrosoftUpdate witll work
.DESCRIPTION
This cmdlet determines whether Microsoft Updates can be used to install updates or if SCCM restrcits this
.EXAMPLE
PS> Test-MicrosoftUpdateAccess
# This example determinnes whether Install-MicrosoftUpdate cmdlet will work
.NOTES
Last Updated: 9/1/2025
Author: Robert H. Osborne
Contact: rosborne@osbornepro.com
.LINK
https://osbornepro.com
#>
[OutputType([PSCustomObject])]
[CmdletBinding()]
param()
Try {
$InfoPref = $InformationPreference
$InformationPreference = "Continue"
$RegPath = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU'
$UseWsus = $Null
$WsusUrl = $Null
If (Test-Path -Path $RegPath) {
$UseWsus = Get-ItemProperty -Path $RegPath -Name UseWUServer -ErrorAction SilentlyContinue | Select-Object -ExpandProperty UseWUServer -ErrorAction SilentlyContinue
$WsusUrl = Get-ItemProperty -Path $RegPath -Name WUServer -ErrorAction SilentlyContinue | Select-Object -ExpandProperty WUServer -ErrorAction SilentlyContinue
} # End If
Try {
$SvcMgr = New-Object -ComObject Microsoft.Update.ServiceManager
$Services = @()
ForEach ($Svc in $SvcMgr.Services) {
$Services += [PSCustomObject]@{
Name = $Svc.Name
ID = $Svc.ID
Uri = $Svc.Uri
} # End PSCustomObject
} # End ForEach
} Catch {
Throw "Unable to create Microsoft.Update.ServiceManager COM object. $($Error[0].Exception.Message)"
} # End Try Catch
$CanReachMicrosoft = $False
$Reason = 'NA'
If ($UseWsus -eq 1 -and $wsusUrl) {
$Reason = "Group Policy forces WSUS/SCCM server '$WsusUrl'."
} Else {
$HasMicrosoftService = $Services | Where-Object -FilterScript { $_.Name -eq 'Microsoft Update' }
$HasWsusService = $Services | Where-Object -FilterScript { $_.Name -match 'WSUS|SCCM' }
If ($HasMicrosoftService) {
If ($HasWsusService) {
$CanReachMicrosoft = $True
$Reason = "Both Microsoft Update and a WSUS/SCCM service are registered."
} Else {
$CanReachMicrosoft = $True
$Reason = "Only Microsoft Update service is registered."
} # End If Else
} Else {
$Reason = "Microsoft Update service not present in the COM service list."
} # End If Else
} # End If Else
If ($CanReachMicrosoft) {
Write-Information -MessageData "SUCCESS - This computer CAN download updates directly from the Microsoft Update catalog."
Write-Information -MessageData "Reason: $Reason"
} Else {
Write-Information -MessageData "ISSUES - Updates are restricted to the WSUS/SCCM server ONLY."
Write-Information -MessageData "Reason: $Reason"
} # End If Else
[PSCustomObject]@{
CanDownloadFromMicrosoft = $CanReachMicrosoft
Reason = $Reason
WsusEnforced = ($UseWsus -eq 1)
WsusUrl = $WsusUrl
RegisteredServices = $Services
} # End PSCustomObject
} Finally {
$InformationPreference = $InfoPref
} # End Try Finally
} # End Function Test-MicrosoftUpdateAccess