Forge Home


Manage Windows Updates by KBArticleID or Name exact/partial match


6,461 latest version

5.0 quality score

Version information

  • 0.3.0 (latest)
  • 0.2.2
  • 0.2.1
  • 0.2.0
released Aug 24th 2019
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.7.0 < 7.0.0
  • install_kb

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'noma4i-windows_updates', '0.3.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add noma4i-windows_updates
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install noma4i-windows_updates --version 0.3.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



noma4i/windows_updates — version 0.3.0 Aug 24th 2019


Puppet module to install selected windows updates or mask of updates etc.


You may need to use puppet module install --ignore-dependencies as powershell may present in your modules

How to use

Install specific update by KB number.

  windows_updates::kb {'KB3012199':
    ensure => 'present'


  windows_updates::kb {'Some custom description':
    ensure => 'present',
    kb     => 'KB3012199'

Install specific update by KB number in a maintenance window.

  windows_updates::kb {'KB3012199':
    ensure      => 'present',
    maintwindow => 'patch_window'
  schedule { 'patch_window':
    range   => '01:00 - 03:00',
    weekday => 'Saturday',
    repeat  => 1

Install Updates by name or mask. Will install all updates matching .Net* mask

  windows_updates::list {'.Net Updates':
    ensure    => 'present',
    name_mask => '.Net*'

If you are not sure what updates go with name you set - use dry_run option and point it to output file.

  windows_updates::list {'.Net Updates':
    ensure    => 'present',
    dry_run   => 'C:\\what_will_be_installed.txt'
    name_mask => '.Net*'

In this case your what_will_be_installed.txt will look like:

  ComputerName Status KB          Size Title
  ------------ ------ --          ---- -----
  WIN-H7VQ4... ------ KB2931358 322 KB Security Update for Microsoft .NET Frame...
  WIN-H7VQ4... ------ KB2931366 584 KB Security Update for Microsoft .NET Frame...
  WIN-H7VQ4... ------ KB2961851  15 MB Security Update for Internet Explorer 11...
  WIN-H7VQ4... ------ KB2934520  72 MB Microsoft .NET Framework 4.5.2 for Windo...

Install an update from within a WinRM remote session. Because wusa.exe cannot be used over WinRM directly, and Invoke-WUInstall.ps1 works around this by scheduling a task to actually install the update.

  windows_updates::invoke_remote {'Some cool KB!':
    ensure => 'present',
    kb => 'KB3012199'