You can install hotfixes if necessary, although its a bit of a faff.


You have to use wusa with /extract to unpack the update file (which does 
work over winrm) and then use dism.exe to install the cab.

Example below.

Hope this helps,


- name: check if Windows8.1-KB2999226-x64.msu hotfix has been applied
  raw: Get-Hotfix -Id KB2999226
  register: hotfix_status
  ignore_errors: true

- name: show hotfix status
    var: hotfix_status

# Unfortunately you can't use wusa directly to install windows updates.
# see for details
# you have to unpack the update file and then use dism.exe to install the 

- name: unpack the hotfix if needed
  raw: 'wusa C:\deployment\current\Windows8.1-KB2999226-x64.msu 
  when: "hotfix_status.rc == 1"

- name: use dism to install the cab containing the hotfix
  raw: 'dism.exe /online /add-package 
  when: "hotfix_status.rc == 1"

On Thursday, October 13, 2016 at 4:34:50 PM UTC+1, Matt Davis wrote:
> This functionality isn't currently implemented on win_updates. I've had a 
> few people ask for it, and I might have time to implement it for 2.3, as 
> it's not terribly difficult so long as we stick to "limit the update 
> search/install to these KBs" and not "force install exactly these KBs". 
> Unfortunately I believe KB2842230 is a hotfix, and thus not available on 
> Windows Update- we don't yet have a supported method to install hotfixes 
> under WinRM. wusa.exe is the only supported method, and it fails under 
> WinRM (likely for the same reason that makes the win_updates module so 
> complex). If you have to touch the box anyway, you might do better to just 
> upgrade to Powershell 4 or 5.
> -Matt
> On Wednesday, October 12, 2016 at 11:15:42 AM UTC-7, Brian Jackson wrote:
>> I don't see this functionality in the `win_updates` module, but I wanted 
>> to ask. I have a prerequisite on Windows 7 to install KB2999226 and 
>> KB2842230. I'd prefer to not install every available update to preserve 
>> consistency, portability, reproducibility, etc. Is there an easy way to do 
>> this?
>> P.S. I need those KBs so Ansible itself can install/upgrade Chocolatey 
>> properly. I've installed them manually on a test box to verify they fix my 
>> Ansible/Chocolatey issues.

You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
To view this discussion on the web visit
For more options, visit

Reply via email to