Пишем скрипт установки отдельных обновлений с WSUS сервера, без использования WUA.

Так я восстанавливал работоспособность Windows Update Agent, на машинах которые перестали отправлять отчеты и устанавливать обновления, но при этом синхронизировались с сервером WSUS.


Так можно установить обновления из .CAB файлов:

pkgmgr /ip /m:<path><file name>.cab /quiet


start /wait pkgmgr /ip /m:<path><file name>.cab /quiet


C:\Windows\System32\DISM.exe /Online /Add-Package /PackagePath:<path><file name>.cab /Quiet /NoRestart

Для поиска url конкретных обновлений можно воспользоваться следующим скриптом:

Скрипт скачивания обновлений с WSUS сервера (должна быть установлена консоль WSUS):

    This script downloads the files for an update from WSUS.
    WSUS holds all of it's update files in local folder structure which is not intended
    for manual file retreival.  This scripttakes advantage of the WSUS server to locate
    and download the files for one or more updates.  This script will only download the
    latest revision of any update.
    The script must be run on a computer with the Windows Server Update Services manager installed.
    The script must be run in a context of a user who is part of the WSUS Reporters group.
    File Name  :
    Authors    :
        LandOfTheLostPass (www.reddit.com/u/LandOfTheLostPass)
    Version History:
        2016-09-30 - Inital script creation
    [optional]Output Type: String
    WSUS Server name to get report from.  Defaults to the locally machine's WSUS server
    if it has been configured via policy.
    WSUS Server port to connect to.  Defaults to port 443
    Filter which will be used to search for updates, assumes wilcards on each side
    Path where the updates will be downloaded to, subfolders automatically created per update
    Switch to turn off SSL for the WSUS server connection
.PARAMETER DisplayTitlesOnly
    Outputs the titles of updates returned by Filter rather than downloading the files

    [ValidateScript({Test-Connection -Quiet -Count 2 -ComputerName $_})]
    $ServerName = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey(
    $ServerPort = 443,
    [Parameter(position=0, mandatory=$true)]
    [Parameter(position=1, mandatory=$false)]
    [ValidateScript({ Test-Path $_})]
    [string]$Path = $env:TEMP,

[Reflection.Assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | Out-Null

Write-Verbose "Connecting to WSUS Server $ServerName`:$ServerPort"
try {
    $IServer = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($ServerName, -not $NoSSL, $ServerPort)
} catch {
    #A login error is non-terminating, so we need to make it terminating
    throw $_

Write-Verbose "Searching for updates"
$updateList = $IServer.SearchUpdates($Filter)
$downloader = New-Object System.Net.WebClient
if($updateList.count -gt 0) {
    #Updates can have miltiple revisions, get only the latest
    $updateList = $updateList | ?{ $_.IsLatestRevision }
    if($DisplayTitlesOnly) {
        Write-Output $updateList.Title
    } else {
        Write-Verbose "Found $($updateList.count) updates, getting file info"
        foreach($update in $updateList) {
            $updatePath = Join-Path $Path $update.Title
            New-Item -Path $updatePath -ItemType Directory | Out-Null
            Write-Verbose "Getting file info for update $($update.Title)"
            $fileList = $update.GetInstallableItems().files
            Write-Verbose "Found $($fileList.count) files, starting downloads"
            foreach($file in $fileList) {
                Write-Verbose "Downloading $($file.Name) to $updatePath"
                Write-Verbose $file.FileUri
                $downloader.DownloadFile($file.FileUri, (Join-Path $updatePath $file.Name))
} else {
    Write-Warning "Search returned no results"

Скрипт скачивания обновлений с WSUS сервера и их установка:

Автор: Павел Сатин <pslater.ru@gmail.com>
Description: Скачивание и установка необходимых обновлений для восстановления работоспособности WUA

$wsus_server = ""
$wsus_port = "8530"
$localPath = "C:\Windows\Temp"

$kb3020369_x86_cab = "http://" + $wsus_server + ":" + $wsus_port + "/Content/CD/140CEF1C4D88922EE14FFF51B33C7668046E6FCD.cab"
$kb3020369_x64_cab = "http://" + $wsus_server + ":" + $wsus_port + "/Content/CF/FED6964A3A01D85E6D3F672322EAF1A4B1E79FCF.cab"

$kb3050265_x86_cab = "http://" + $wsus_server + ":" + $wsus_port + "/Content/4A/A384E041C518C24056076A3D339AD40F2DF42A4A.cab"

#$kb3102810_x86_cab = "http://" + $wsus_server + ":" + $wsus_port + "/Content/3E/C2111E9DB485851DB68F71CB184FC2D251EFA33E.cab"
#$kb3102810_x64_cab = "http://" + $wsus_server + ":" + $wsus_port + "/Content/F5/A6D50440882D381D3AF7474421025B76E134B7F5.cab"

$kb3172605_x86_cab = "http://" + $wsus_server + ":" + $wsus_port + "/Content/29/3C52B0AC05719CC3753ADB4D36261E97572FA029.cab"
$kb3172605_x64_cab = "http://" + $wsus_server + ":" + $wsus_port + "/Content/FB/5EFE2E384C1699F7D31EEA6BA1C9BC444E1C37FB.cab"

$downloader = New-Object System.Net.WebClient

if ([IntPtr]::Size -eq 4) {
    $architecture = "x86"

    $kb3020369_x86_cab_file = (Join-Path $localPath "kb3020369_x86.cab")
    $kb3050265_x86_cab_file = (Join-Path $localPath "kb3050265_x86.cab")
    $kb3172605_x86_cab_file = (Join-Path $localPath "kb3172605_x86.cab")

    $result = $downloader.DownloadFile($kb3020369_x86_cab, $kb3020369_x86_cab_file)
    $result = $downloader.DownloadFile($kb3050265_x86_cab, $kb3050265_x86_cab_file)
    $result = $downloader.DownloadFile($kb3172605_x86_cab, $kb3172605_x86_cab_file)

    $result = Start-Process "c:\Windows\System32\pkgmgr.exe" "/ip /m:$kb3020369_x86_cab_file /quiet /l:$localPath\kb3020369_x86_cab_file.log /norestart" -NoNewWindow -Wait

    $result = Start-Process "c:\Windows\System32\pkgmgr.exe" "/ip /m:$kb3050265_x86_cab_file /quiet /l:$localPath\kb3050265_x86_cab_file.log /norestart" -NoNewWindow -Wait

    $result = Start-Process "c:\Windows\System32\pkgmgr.exe" "/ip /m:$kb3172605_x86_cab_file /quiet /l:$localPath\kb3172605_x86_cab_file.log /norestart" -NoNewWindow -Wait

} else {
    $architecture = "x86_64"

    $kb3020369_x64_cab_file = (Join-Path $localPath "kb3020369_x64.cab")
    $kb3172605_x64_cab_file = (Join-Path $localPath "kb3172605_x64.cab")

    $result = $downloader.DownloadFile($kb3020369_x64_cab, $kb3020369_x64_cab_file)
    $result = $downloader.DownloadFile($kb3172605_x64_cab, $kb3172605_x64_cab_file)

    $result = Start-Process "c:\Windows\System32\pkgmgr.exe" "/ip /m:$kb3020369_x64_cab_file /quiet /l:$localPath\kb3020369_x64_cab_file.log /norestart" -NoNewWindow -Wait

    $result = Start-Process "c:\Windows\System32\pkgmgr.exe" "/ip /m:$kb3172605_x64_cab_file /quiet /l:$localPath\kb3172605_x64_cab_file.log /norestart" -NoNewWindow -Wait


#C:\Windows\System32\DISM.exe /Online /Add-Package /PackagePath:c:\Windows\Temp\kb3172605_x86.cab /Quiet /NoRestart