We help IT Professionals succeed at work.

Need to install .msu windows update via GP or via patch remotly

Last Modified: 2019-02-03
I have a few windows updates that have to go on some of our windows 7 computers in our domain. Some are missing these patches related to RDP. Since there is a about 20 of them and the users don't have local admin rights to install , I like to do it via group policy if possible. I also don't mid doing via patch file as a log in scrip, but need to know how. The files that I have for the Windows patches are all  .msu files and was not sure if I could do that with group policy. There are total of 4 .msu files.  We don't use windows update server in our network. We have 2016 domain controllers and mostly wins 7 computers that need this. We have windows 10 computers but don't need the patches.  thank you
Watch Question

RobertSystem Admin

You could create a script (batch or vb) and have it run as a startup script.
you can use security filtering to limit what machines receive the update.

to run via command line use the format
 wusa.exe "path to msu" /quiet /norestart


If i do a file via commend , don’t they need local admin rights for it to run ?
Thank you
David Johnson, CDSimple Geek from the '70s
Distinguished Expert 2019

put your script in the computer startup scripts location not the user scripts location and it will run as system
yo_beeDirector of Information Technology

You can also use Task Scheduler to run the recommended above WUSA.exe with the highest privileges. This can be pushed via Group Policy Preference. You can have it run immediately or schedule a trigger time.



I created a test file and saved it as .bat  with the below commends in it  . There are actually 3 .msu files / patches that I have to install. How does it know which one to install first or would it run into issues since its trying to install all at the same time. ?  Also, what if it tries on a computer that  has that update already or if it's a windows 10. because we dont know which ones are missing it.

wusa.exe \\serverdata1\wIT\1KB2574818 /quiet /norestart
wusa.exe \\serverdata1\wIT\2KB2592689 /quiet /norestart
wusa.exe \\serverdata1\wIT\3KB2857640 /quiet /norestart
yo_beeDirector of Information Technology

You should think about implement a WSUS server. This would help give you stats as well as control of the updates that you want to push.

Get access with a 7-day free trial.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.