In my post introducing PowerShell Direct I showed how you could use PowerShell Direct to create, and use, a PowerShell remoting session over the VM bus instead of using WSMAN.

So, what else can you do with PowerShell Direct?

In truth, just about anything you need to but one thing that comes to mind is patching virtual machines. I expect that for the majority of your machines you’ll be using a patching mechanism such as WSUS, SCCM or a third-party product. This is great when you have full connectivity and your VMs can talk directly to your patching server. But what about non-domain machines or those VMs tucked away in their own little corner of the network that can’t communicate with your patching server. Or even those machines that need a set of patches applying before you can allow them on the network.

You can use PowerShell Direct in two ways to help resolve some of these patching issues.

Copy patch and install

The first way is to copy the required patch files to the new system and install them directly. First step is to download the patch, or patches, you need to apply – don’t forget to unlock them. Then you can create a remoting session to the virtual machine:

Copy patch

You can then copy the patch to the virtual machine

You can check that the file is present on the remote machine

Install patch

And now it’s time to apply the patch:

The easiest way is to enter the remoting session you’ve created to the remote machine – note how the prompt changes.  Use wusa.exe to install the patch. The /quiet switch ensures that there’s no prompts for user interaction.  You can test if the patch was installed by using Get-Hotfix. The new patch will show in the list if it installed correctly.  Leave the interactive session by typing Exit-PSSession.

Using Windows Update or WSUS

Ideally you want to be downloading patches directly to the machine and installing them. Windows Server 2016 and Windows 10 supply CIM classes that enable you to download and install patches from Microsoft’s update site or a WSUS server if you’ve configured the machine to use WSUS.

Discover available patches

First, create a script block that creates an instance of a MSFT_WUOperationsSession  class. You then pipe that into Invoke-CimMethod using the ScanForUpdates method with arguments to scan for updates that aren’t installed.

Use Invoke-Command to run the scriptblock against the remoting session.

In this case two updates are required.

Install patches

Installing them is a similar action to discovery. Create the script block that will use the MSFT_WUOperationsSession class but this time call the ApplyApplicableUpdates method. In this case we’re applying all available updates.

You can then use the scriptblock in your remoting session

A return value of 0 indicates success. Anything else means something has failed.

View installed updates

You can view the installed updates

When we retrieved the list of available updates the description for KB4019472 stated that an update may be required.  You can test by examining the installed updates

Notice that KB4019472 doesn’t show any data for InstalledBy on InstalledOn – this means a reboot is required.

When the machine has finished rebooting you’ll need to re-create the remoting session – it breaks on a reboot. You can then view the installed updates

Now KB4019472 shows who installed it and when. You’ll also notice that KB3213522 has dropped off the list – it’s been superseded by the update you installed.

This technique works for Windows Server 2016 and Windows 10. Unfortunately, there isn’t a comparable technique for earlier versions of Windows Server. There is a COM object you can use to manage updates but it won’t work through a remoting session – you have to logon onto the machine and run the code locally.

PowerShell Direct reminder

There are a few rules you need to remember when you’re using PowerShell Direct:

  • Host is Windows 10 or Server 2016 running Hyper-V
  • Guest is Windows 10 or Server 2016
  • Guest must be on the host – no cross-host access
  • Guest must be running
  • Must log onto host as Hyper-V admin
  • Must supply valid credentials for LOCAL account on guest VM.

At present, you can’t connect to a Linux virtual machine using PowerShell Direct but I fully expect this functionality to arrive in the future given PowerShell 6.0 will be available for many Linux distributions.