# Windows 10 # Installing Windows 10 ## Before You Start - **Internet Connection:** Ensure you have a stable internet connection. - **USB Drive:** Get a blank USB drive with at least 8GB of storage. This drive will be formatted, so ensure there is nothing on it you want to keep. ## Installation Steps **Step 1:** Download and open the Windows 10 installation media tool from Microsoft's website. **Step 2:** Accept the license terms by selecting *Accept*. ![Accept License Terms](https://res-academy.cache.wpscdn.com/images/seo_posts/20231018/d50aed8bc42a9f14704d8743fa9b4378.png) **Step 3:** Select *Create installation media* and click *Next*. ![Create Installation Media](https://res-academy.cache.wpscdn.com/images/seo_posts/20231018/c488d6adaec378c52275b41c63b4b0f7.png) **Step 4:** Click *Next*. ![Recommended Options](https://res-academy.cache.wpscdn.com/images/seo_posts/20231018/f55262c0b77a8cb8579dfa0530dc0f00.png) **Step 5:** Choose *USB flash drive* and click *Next*. ![Choose USB Flash Drive](https://res-academy.cache.wpscdn.com/images/seo_posts/20231018/36a90deef9cf7f259aa15ab638f7f735.png) **Step 6:** Plug your USB device into the PC. **Step 7:** Select the drive to install Windows and click *Next*. ![Select USB Drive](https://res-academy.cache.wpscdn.com/images/seo_posts/20231018/bd9426b1574517931c57a9261915e945.png) **Step 8:** Wait for Windows 10 to download onto your USB device. Close the setup window once the download is complete. ![Download Windows 10](https://res-academy.cache.wpscdn.com/images/seo_posts/20231018/e2cfa12a1346ea62ca5a878962ca79e3.png) **Step 9:** Plug the USB device into a new PC. **Step 10:** Turn on the new computer and access the BIOS/UEFI (typically using F2, F10, or Del). ![Change Boot Order](https://res-academy.cache.wpscdn.com/images/dc7da3821c3f53dd42fde110cf8feaab_0.63_9040.png) **Step 11:** In BIOS/UEFI, set the USB flash drive as the first boot option. **Step 12:** Save changes and exit. Your PC will reboot from the USB drive. **Step 13:** When the Windows Setup appears, select language, time/currency format, etc., then choose *Next*. ![Setup Windows 10 Installation](https://res-academy.cache.wpscdn.com/images/seo_posts/20231018/a2fc031562da10b94e07d0f1fcf37331.png) **Step 14:** Click *Install Now* and follow the prompts to set up Windows. ![Install Now Windows 10](https://res-academy.cache.wpscdn.com/images/seo_posts/20231018/80fe1d45c0bed95f2872cc81dbcea082.png) # Installing Windows Updates Windows Updates deliver security patches, bug fixes, driver updates, and feature improvements from Microsoft. Keeping systems updated is a fundamental part of maintaining a secure and stable environment. Updates can be installed through the Windows Update GUI, Settings app, Windows Server Update Services (WSUS), or via command line tools including PowerShell and `wuauclt`. ## Background Windows Update has evolved significantly across OS versions. On modern systems (Windows 10/11, Server 2016+), the `PSWindowsUpdate` PowerShell module and the built-in `UsoClient.exe` / `wuauclt.exe` utilities are the primary CLI tools. In enterprise environments, update distribution is typically managed centrally through WSUS, Microsoft Endpoint Configuration Manager (MECM/SCCM), or Windows Autopatch. Understanding which update categories apply to a system helps prioritize deployment: | Update Type | Description | Typical Release Cadence | |---|---|---| | Security Updates | Patches for CVEs and vulnerabilities | Monthly (Patch Tuesday) | | Cumulative Updates | Bundled quality + security fixes | Monthly | | Feature Updates | Major OS version upgrades | Annually (Windows 10/11) | | Driver Updates | Hardware driver updates via WU | As needed | | Definition Updates | Defender antimalware signatures | Daily / multiple times daily | | Optional Updates | Non-critical quality improvements | As needed | > **Note:** Patch Tuesday falls on the second Tuesday of each month. Emergency out-of-band updates may be released at any time for critical vulnerabilities. ## Usage ### Checking for and Installing Updates via Settings (GUI) Navigate to **Settings → Windows Update** and click **Check for updates**. ![Windows Update settings page showing available updates](SCREENSHOT-PLACEHOLDER) *Screenshot: Windows Update page in Settings showing pending updates, their status, and the "Check for updates" button* ### Installing Updates via PowerShell (PSWindowsUpdate Module) The `PSWindowsUpdate` module is the most capable CLI option for managing updates on individual machines. **Install the module (run as Administrator):** ```powershell Install-Module -Name PSWindowsUpdate -Force -Scope AllUsers ``` **Import and list available updates:** ```powershell Import-Module PSWindowsUpdate Get-WindowsUpdate ``` **Install all available updates:** ```powershell Install-WindowsUpdate -AcceptAll -AutoReboot ``` **Install only security updates, without auto-reboot:** ```powershell Install-WindowsUpdate -Category "Security Updates" -AcceptAll -IgnoreReboot ``` **Install a specific update by KB article number:** ```powershell Install-WindowsUpdate -KBArticleID KB5034441 -AcceptAll ``` **Hide an update to prevent it from installing:** ```powershell Hide-WindowsUpdate -KBArticleID KB5034441 ``` > **Tip:** Use `-Verbose` with any `PSWindowsUpdate` command to see detailed progress output. Useful when scripting or troubleshooting stuck installs. ### Using UsoClient.exe (Windows 10/11 and Server 2016+) `UsoClient.exe` is the Update Session Orchestrator client, replacing much of `wuauclt` functionality on modern Windows. ```powershell # Scan for updates UsoClient.exe StartScan # Download detected updates UsoClient.exe StartDownload # Install downloaded updates UsoClient.exe StartInstall # Trigger a full scan, download, and install in sequence UsoClient.exe ScanInstallWait ``` > **Warning:** `UsoClient.exe` does not return meaningful exit codes and provides no console output. Use `PSWindowsUpdate` or check Event Viewer (`Applications and Services Logs > Microsoft > Windows > WindowsUpdateClient`) to verify results. ### Using wuauclt.exe (Legacy / Windows 7 / Server 2008 R2) ```powershell # Force detection of updates from WSUS or WU wuauclt.exe /detectnow # Trigger installation of detected updates wuauclt.exe /updatenow # Report current update status to WSUS server wuauclt.exe /reportnow ``` > **Note:** `wuauclt.exe` is largely deprecated on Windows 10/11 and Server 2016+. Commands may appear to run but have no effect. Use `UsoClient.exe` or `PSWindowsUpdate` on modern systems. ### Scheduling a Reboot After Updates ```powershell # Schedule restart for 11:00 PM tonight shutdown /r /t 0 /f # or schedule for a specific time using Task Scheduler $trigger = New-ScheduledTaskTrigger -Once -At "23:00" $action = New-ScheduledTaskAction -Execute "shutdown.exe" -Argument "/r /f /t 60" Register-ScheduledTask -TaskName "PostUpdateReboot" -Trigger $trigger -Action $action -RunLevel Highest ``` ## Update Process Flow ```mermaid flowchart TD A([Start]) --> B[Scan for Updates\nUsoClient / PSWindowsUpdate / GUI] B --> C{Updates\nAvailable?} C -- No --> D([System Up to Date]) C -- Yes --> E[Review Update List\nCategories, KBs, Size] E --> F{Approve /\nProceed?} F -- No / Defer --> G[Hide or Defer Update] G --> D F -- Yes --> H[Download Updates] H --> I[Install Updates] I --> J{Reboot\nRequired?} J -- No --> K[Verify Installation\nGet-WUHistory / WinVer] J -- Yes --> L[Schedule or Perform Reboot] L --> K K --> M([Done]) ``` ## Configuration ### Configuring Windows Update via Group Policy Group Policy is the standard method for controlling update behavior in domain environments. Key GPO paths: ``` Computer Configuration └── Administrative Templates └── Windows Components └── Windows Update └── Manage end user experience └── Manage updates offered from Windows Server Update Services ``` | GPO Setting | Description | |---|---| | Configure Automatic Updates | Sets update behavior (notify, download, install) | | Specify intranet Microsoft update service location | Points clients to a WSUS server | | No auto-restart with logged-on users | Prevents forced reboots when users are active | | Configure auto-restart required notification alerts | Manages restart notification behavior | | Turn off access to all Windows Update features | Disables the WU client entirely (use with WSUS) | ### Configuring Windows Update via Registry For workgroup machines or scripted deployments without GPO: ```powershell # Point a machine to a WSUS server $WSUSServer = "http://wsus.domain.local:8530" $WUPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" $AUPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" New-Item -Path $WUPath -Force | Out-Null New-Item -Path $AUPath -Force | Out-Null Set-ItemProperty -Path $WUPath -Name "WUServer" -Value $WSUSServer Set-ItemProperty -Path $WUPath -Name "WUStatusServer" -Value $WSUSServer Set-ItemProperty -Path $AUPath -Name "UseWUServer" -Value 1 -Type DWord Set-ItemProperty -Path $AUPath -Name "AUOptions" -Value 4 -Type DWord # 4 = Auto download and schedule install ``` > **Warning:** Incorrect WSUS registry settings can prevent a machine from receiving any updates. Always verify connectivity to the WSUS URL before applying at scale. ### Deferring Feature and Quality Updates (Windows 10/11 Pro+) ```powershell # Defer quality updates by 14 days Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" ` -Name "DeferQualityUpdates" -Value 1 -Type DWord Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" ` -Name "DeferQualityUpdatesPeriodInDays" -Value 14 -Type DWord # Defer feature updates by 60 days Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" ` -Name "DeferFeatureUpdates" -Value 1 -Type DWord Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" ` -Name "DeferFeatureUpdatesPeriodInDays" -Value 60 -Type DWord ``` ## Common Use Cases ### Patching Multiple Remote Machines via PSWindowsUpdate ```powershell # Install all updates on a list of remote servers (WinRM must be enabled) $servers = @("SRV01", "SRV02", "SRV03") Invoke-WUJob -ComputerName $servers ` -Script { Import-Module PSWindowsUpdate; Install-WindowsUpdate -AcceptAll -AutoReboot | Out-File "C:\WU_$(hostname)_$(Get-Date -f yyyyMMdd).log" } ` -Confirm:$false ` -RunNow ``` > **Note:** `Invoke-WUJob` uses Task Scheduler on the remote machine to run the update job under the SYSTEM account, bypassing double-hop credential issues common with `Invoke-Command`. ### Viewing Update History ```powershell # View last 20 installed updates Get-WUHistory -Last 20 | Select-Object Date, Title, Result | Format-Table -AutoSize ``` ![PowerShell output showing Get-WUHistory results](SCREENSHOT-PLACEHOLDER) *Screenshot: Terminal output of `Get-WUHistory` listing recently installed KB articles, dates, and result status* ### Checking for a Specific KB Installation ```powershell # Check if KB5034441 is installed Get-HotFix -Id KB5034441 # Alternatively using PSWindowsUpdate history Get-WUHistory | Where-Object { $_.KB -eq "KB5034441" } ``` ### Uninstalling a Problematic Update ```powershell # Uninstall via wusa.exe wusa.exe /uninstall /kb:5034441 /quiet /norestart # Or via DISM for cumulative updates on Server Core dism.exe /Online /Remove-Package /PackageName:Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1234.1.7 ``` > **Warning:** Uninstalling cumulative updates on modern Windows can leave the system in an inconsistent patch state. Only do this to remediate a known bad update, and re-apply the latest good cumulative update as soon as possible. ### Clearing the Windows Update Cache Useful when updates are stuck downloading or installing: ```powershell # Stop update services Stop-Service -Name wuauserv, bits, cryptsvc, msiserver -Force # Clear the SoftwareDistribution cache Remove-Item -Path "C:\Windows\SoftwareDistribution\Download\*" -Recurse -Force Remove-Item -Path "C:\Windows\System32\catroot2\*" -Recurse -Force -ErrorAction SilentlyContinue # Restart services Start-Service -Name cryptsvc, bits, wuauserv, msiserver ``` ### Automating Monthly Patching with a Script ```powershell # PatchServer.ps1 — basic monthly patching script param ( [switch]$Reboot ) Import-Module PSWindowsUpdate -ErrorAction Stop $LogFile = "C:\Logs\WindowsUpdate_$(Get-Date -Format 'yyyyMMdd_HHmmss').log" New-Item -ItemType Directory -Path "C:\Logs" -Force | Out-Null Write-Output "Starting Windows Update scan: $(Get-Date)" | Tee-Object -FilePath $LogFile $updates = Get-WindowsUpdate -AcceptAll if ($updates.Count -eq 0) { Write-Output "No updates available." | Tee-Object -FilePath $LogFile -Append exit 0 } Install-WindowsUpdate -AcceptAll -IgnoreReboot | Tee-Object -FilePath $LogFile -Append if ($Reboot) { Write-Output "Rebooting in 60 seconds..." | Tee-Object -FilePath $LogFile -Append shutdown /r /t 60 /c "Scheduled post-patching reboot" } ``` Run it: ```powershell .\PatchServer.ps1 -Reboot ``` ## Troubleshooting | Symptom | Likely Cause | Resolution | |---|---|---| | Updates stuck at 0% download | Corrupt SoftwareDistribution cache | Clear cache (see above), restart services | | `0x80070422` error | Windows Update service disabled | `Set-Service wuauserv -StartupType Automatic; Start-Service wuauserv` | | `0x8024402c` error | DNS / proxy preventing WU connectivity | Check proxy settings, DNS, and firewall egress to `*.update.microsoft.com` | | WSUS clients not checking in | Incorrect registry keys or WUServer unreachable | Verify WSUS URL, run `wuauclt /detectnow`, check `WindowsUpdateClient` event log | | PSWindowsUpdate not found | Module not installed | `Install-Module PSWindowsUpdate -Force` | | Update fails post-install | Conflicting or incomplete cumulative update | Run `sfc /scannow` and `DISM /Online /Cleanup-Image /RestoreHealth` then retry | ```powershell # Run System File Checker sfc /scannow # Run DISM component store repair DISM.exe /Online /Cleanup-Image /CheckHealth DISM.exe /Online /Cleanup-Image /ScanHealth DISM.exe /Online /Cleanup-Image /RestoreHealth ``` ## References - [Microsoft Docs — Windows Update overview](https://learn.microsoft.com/en-us/windows/deployment/update/windows-update-overview) - [PSWindowsUpdate module — PowerShell Gallery](https://www.powershellgallery.com/packages/PSWindowsUpdate) - [WSUS deployment guide — Microsoft Learn](https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/deploy-windows-server-update-services) - [Windows Update error codes — Microsoft Learn](https://learn.microsoft.com/en-us/windows/deployment/update/windows-update-error-reference) - [UsoClient.exe documentation — Microsoft Learn](https://learn.microsoft.com/en-us/windows/deployment/update/how-windows-update-works) - [Patch Tuesday schedule — MSRC](https://msrc.microsoft.com/update-guide/)