Enterprise-grade, bulletproof system update utility for MSPs and IT professionals.
SystemUpdatePro is a fully automated, self-healing PowerShell script that handles OEM driver/BIOS updates (Dell, Lenovo, HP), Windows Updates, and application updates via Winget---all without user interaction.
| Manufacturer | Tool Used | Auto-Install |
|---|---|---|
| Dell / Alienware | Dell Command Update CLI | via Winget |
| Lenovo | LSUClient PowerShell Module | via PSGallery |
| HP | HP Image Assistant | Auto-download |
| Other | Windows Update + Winget only | N/A |
- Winget Auto-Install: Automatically installs Winget on Windows 10 with all dependencies (VCLibs, UI.Xaml)
- Windows Update Repair: Resets WU components, re-registers 30+ DLLs, clears cache
- Service Recovery: Detects and repairs broken OEM services
- Retry Logic: Exponential backoff with configurable retry attempts
- Lock File: Prevents concurrent execution with stale lock detection
- Disk Space Check: Blocks execution if insufficient space available
- Battery Protection: Blocks BIOS updates when on battery power
- BitLocker Awareness: Handles BitLocker suspension for BIOS updates (Dell auto-suspends; Lenovo/HP skip BIOS when encrypted)
- Pending Reboot Detection: Checks 5 different sources for pending reboots
- DryRun Mode: Preview all available updates without installing anything
- Driver Backup: Export current drivers before installing updates for rollback capability
- Event Log: Writes to Windows Application log for RMM/SIEM visibility
- Exit Codes: Granular exit codes for automation pipelines
- WSUS Bypass: Option to bypass WSUS and connect directly to Microsoft
- Post-Reboot Continuation: Scheduled task to resume updates after reboot
- Log Rotation: Automatic cleanup of old log files
- HTML Reports: Professional dark-themed HTML summary report after each run
- Webhook Notifications: Send completion status to Slack, Teams, or any generic webhook
- Update History: JSON-based history tracking of all update runs with formatted display
- OS: Windows 10, Windows 11, or Windows Server 2016+
- PowerShell: 5.1 or higher
- Privileges: Administrator
- Network: Internet access required
# Download the script
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/SysAdminDoc/SystemUpdatePro/main/SystemUpdatePro.ps1" -OutFile "SystemUpdatePro.ps1"
# Run it
.\SystemUpdatePro.ps1git clone https://github.com/SysAdminDoc/SystemUpdatePro.git
cd SystemUpdatePro
.\SystemUpdatePro.ps1# Full update: OEM drivers + Windows Updates + Winget upgrades
.\SystemUpdatePro.ps1
# Include BIOS updates with auto-reboot
.\SystemUpdatePro.ps1 -IncludeBIOS -Reboot
# Windows Updates only
.\SystemUpdatePro.ps1 -SkipOEM -SkipWinget
# OEM updates only
.\SystemUpdatePro.ps1 -SkipWindows -SkipWinget# See what updates are available without installing anything
.\SystemUpdatePro.ps1 -DryRun
# Dry run with BIOS check included
.\SystemUpdatePro.ps1 -DryRun -IncludeBIOS# Backup drivers before updating
.\SystemUpdatePro.ps1 -BackupDrivers
# Backup drivers + include BIOS updates
.\SystemUpdatePro.ps1 -BackupDrivers -IncludeBIOS -Reboot# Notify Slack on completion
.\SystemUpdatePro.ps1 -WebhookUrl "https://hooks.slack.com/services/T00/B00/xxx"
# Notify Microsoft Teams
.\SystemUpdatePro.ps1 -WebhookUrl "https://outlook.office.com/webhook/..."
# Generic webhook (any JSON-accepting endpoint)
.\SystemUpdatePro.ps1 -WebhookUrl "https://your-api.example.com/webhook"# Show last 10 update runs
.\SystemUpdatePro.ps1 -ShowHistory
# Show last 25 update runs
.\SystemUpdatePro.ps1 -ShowHistory -HistoryCount 25# Full provisioning workflow with post-reboot continuation
.\SystemUpdatePro.ps1 -IncludeBIOS -Reboot -ContinueAfterReboot -CleanupAfter
# Repair broken Windows Update then run updates
.\SystemUpdatePro.ps1 -RepairWindowsUpdate -BypassWSUS
# Force run despite warnings (low disk, pending reboot, battery)
.\SystemUpdatePro.ps1 -Force -IncludeBIOS
# Custom configuration
.\SystemUpdatePro.ps1 -MaxRetries 5 -MaxUpdatePasses 5 -MinDiskSpaceGB 20 -LogRetentionDays 60
# Kitchen sink: backup drivers, dry run with webhook
.\SystemUpdatePro.ps1 -DryRun -BackupDrivers -WebhookUrl "https://hooks.slack.com/services/..."| Parameter | Type | Default | Description |
|---|---|---|---|
-SkipOEM |
Switch | False | Skip OEM-specific driver/firmware updates |
-SkipWindows |
Switch | False | Skip Windows Update |
-SkipWinget |
Switch | False | Skip Winget upgrade all |
-IncludeBIOS |
Switch | False | Include BIOS updates (requires AC power) |
-BypassWSUS |
Switch | False | Bypass WSUS, connect directly to Microsoft |
-RepairWindowsUpdate |
Switch | False | Repair Windows Update components before updating |
-CleanupAfter |
Switch | False | Run DISM component cleanup after updates |
-ContinueAfterReboot |
Switch | False | Create scheduled task to continue after reboot |
-DryRun |
Switch | False | Preview updates without installing |
-BackupDrivers |
Switch | False | Export current drivers before updating |
-ShowHistory |
Switch | False | Display previous update run history |
-WebhookUrl |
String | (none) | Webhook URL for completion notification |
-HistoryCount |
Int | 10 | Number of history entries to show |
-MaxRetries |
Int | 3 | Maximum retry attempts for failed operations |
-MaxUpdatePasses |
Int | 3 | Maximum Windows Update passes |
-MinDiskSpaceGB |
Int | 10 | Minimum free disk space required (GB) |
-LogPath |
String | C:\ProgramData\SystemUpdatePro\Logs | Log directory |
-LogRetentionDays |
Int | 30 | Days to keep old logs |
-Reboot |
Switch | False | Allow automatic reboot if required |
-Force |
Switch | False | Continue despite warnings |
| Code | Description |
|---|---|
| 0 | Success, no reboot needed |
| 1 | Success, reboot required |
| 2 | Partial success (some updates failed) |
| 3 | Critical failure |
| 4 | Insufficient disk space |
| 5 | Pending reboot blocked execution |
| 6 | Already running (lock file exists) |
| 7 | Battery power (BIOS update blocked) |
SystemUpdatePro writes to the Windows Application event log under source "SystemUpdatePro":
| Event ID | Meaning |
|---|---|
| 1000 | Success, no reboot needed |
| 1001 | Success, reboot required |
| 1002 | Partial success |
| 1003 | Critical failure |
| 1004 | Insufficient disk space |
| 1005 | Pending reboot blocked |
| 1006 | Already running |
| 1007 | Battery power blocked |
Get-EventLog -LogName Application -Source "SystemUpdatePro" -Newest 10| Path | Purpose |
|---|---|
C:\ProgramData\SystemUpdatePro\Logs\ |
Log files and HTML reports |
C:\ProgramData\SystemUpdatePro\update.lock |
Lock file (prevents concurrent runs) |
C:\ProgramData\SystemUpdatePro\state.json |
State file (for post-reboot continuation) |
C:\ProgramData\SystemUpdatePro\update_history.json |
Update history log (last 100 runs) |
C:\ProgramData\SystemUpdatePro\DriverBackups\ |
Driver backup snapshots (last 3 kept) |
C:\ProgramData\SystemUpdatePro\HPIA\ |
HP Image Assistant installation |
After each run, SystemUpdatePro generates a professional HTML report with:
- System information (manufacturer, model, OS, BIOS version)
- Color-coded status indicators (green/yellow/red)
- OEM, Windows, and Winget update details
- Errors and warnings log
- Runtime statistics
Reports are saved to the log directory and automatically open in your browser (unless running as SYSTEM or non-interactively).
When using -WebhookUrl, the following JSON payload is sent:
{
"hostname": "PCNAME",
"status": "success|partial|failed",
"oem_updates": 3,
"windows_updates": 5,
"winget_updates": 12,
"errors": [],
"runtime_seconds": 180
}Slack and Teams webhooks are auto-detected by URL pattern and formatted appropriately.
# Script Variables: None required
# Run As: System
# Architecture: 64-bit
.\SystemUpdatePro.ps1 -SkipWinget
exit $LASTEXITCODE# Component Type: PowerShell
# Run As: System
$result = .\SystemUpdatePro.ps1 -SkipWinget 2>&1
Write-Host $result
exit $LASTEXITCODE# Script Type: PowerShell
# Execute As: Admin
powershell.exe -ExecutionPolicy Bypass -File "C:\Temp\SystemUpdatePro.ps1" -SkipWingetSteps:
1. PowerShell (Run As: Deploy User)
Command: .\SystemUpdatePro.ps1
Success Codes: 0,1
Error Mode: Continue
Deploy as a scheduled task for automatic updates:
$action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-ExecutionPolicy Bypass -File `"C:\Scripts\SystemUpdatePro.ps1`" -SkipWinget"
$trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Saturday -At 2am
$principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -LogonType ServiceAccount -RunLevel Highest
$settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -StartWhenAvailable -RunOnlyIfNetworkAvailable
Register-ScheduledTask -TaskName "SystemUpdatePro Weekly" -Action $action -Trigger $trigger -Principal $principal -Settings $settings+-------------------------------------------------------------+
| SystemUpdatePro v4.1.0 |
+-------------------------------------------------------------+
| |
| 1. PRE-FLIGHT CHECKS |
| +-- Admin privileges |
| +-- Lock file (prevent concurrent runs) |
| +-- Internet connectivity |
| +-- Disk space verification |
| +-- Pending reboot detection |
| +-- Battery status (for BIOS) |
| +-- Metered connection warning |
| |
| 2. DRIVER BACKUP (if -BackupDrivers) |
| +-- Export-WindowsDriver to backup directory |
| +-- Auto-cleanup old backups (keep 3) |
| |
| 3. WINDOWS UPDATE REPAIR (if -RepairWindowsUpdate) |
| +-- Stop WU services |
| +-- Clear SoftwareDistribution cache |
| +-- Re-register 30+ DLLs |
| +-- Reset Winsock |
| +-- Restart WU services |
| |
| 4. OEM UPDATES (auto-detected) |
| +-- Dell: Install DCU -> Apply updates |
| +-- Lenovo: Install LSUClient -> Apply updates |
| +-- HP: Install HPIA -> Apply updates |
| |
| 5. WINDOWS UPDATES |
| +-- Install PSWindowsUpdate module |
| +-- Multi-pass update (catches dependent updates) |
| +-- Fallback to WUA COM API if needed |
| |
| 6. WINGET UPGRADES |
| +-- Install Winget if missing (Win10 compatible) |
| +-- winget upgrade --all |
| |
| 7. CLEANUP (if -CleanupAfter) |
| +-- DISM /StartComponentCleanup /ResetBase |
| +-- Disk Cleanup (update files, temp files) |
| |
| 8. FINALIZATION |
| +-- Save update history |
| +-- Generate HTML report |
| +-- Send webhook notification (if configured) |
| +-- Write Event Log entry |
| +-- Create continuation task (if -ContinueAfterReboot) |
| +-- Remove lock file |
| +-- Initiate reboot (if -Reboot and required) |
| |
+-------------------------------------------------------------+
The lock file exists from a previous run. Check if another instance is running, or remove the stale lock:
Remove-Item "C:\ProgramData\SystemUpdatePro\update.lock" -ForceThe Dell Client Management Service isn't running. The script will attempt auto-repair, but you can manually fix:
Start-Service DellClientManagementServiceUse the repair option:
.\SystemUpdatePro.ps1 -RepairWindowsUpdate -BypassWSUSBIOS updates require:
- AC power (not battery)
- The
-IncludeBIOSflag - For Lenovo/HP with BitLocker: Manual BitLocker suspension (Dell auto-suspends)
# Main log
Get-Content "C:\ProgramData\SystemUpdatePro\Logs\SystemUpdatePro_*.log" -Tail 100
# Full transcript
Get-Content "C:\ProgramData\SystemUpdatePro\Logs\SystemUpdatePro_Transcript_*.log"
# DCU log (Dell)
Get-Content "C:\ProgramData\SystemUpdatePro\Logs\DCU_*.log"
# View update history
.\SystemUpdatePro.ps1 -ShowHistoryContributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Dell Command Update - Dell driver/BIOS management
- LSUClient - Lenovo System Update PowerShell module
- HP Image Assistant - HP driver/BIOS management
- PSWindowsUpdate - Windows Update PowerShell module