Showing results for 
Show  only  | Search instead for 
Did you mean: 
Engaged Sweeper

Has anyone successfully been able to push out winget commands either via batch file or powershell to remote machines?  This could save a lot of time when pushing out and upgrading apps.

Engaged Sweeper II

Yea, I wrote a script just for using winget so that I don't have to install the app's in the image that way my image is smaller and I get the most up to date apps each time a systems imaged. Initially I used a scheduled task that ran on first login to deploy the script which works just fine for installing. If you're just looking to update installed apps you can use winget upgrade. You just need to update the name, ID, and type in the script below which you can find by running winget search "appname". I added calc as an example of how to install an msstore app as well in case the app youre trying to install isnt on the winget repo.


winget upgrade --all --silent --include-unknown
# Define the apps to install
$apps = @(
    @{Name = "Google Chrome"; Id = "Google.Chrome"; Type = "winget"},
    @{Name = "Mozilla Firefox"; Id = "Mozilla.Firefox"; Type = "winget"},
    @{Name = "Microsoft 365 (Office)"; Id = "Microsoft.365Desktop"; Type = "winget"},
    @{Name = "Microsoft Teams"; Id = "MicrosoftTeams"; Type = "winget"},
    @{Name = "Notepad++"; Id = "Notepad++.Notepad++"; Type = "winget"},
    @{Name = "PowerToys"; Id = "Microsoft.PowerToys"; Type = "winget"},
    @{Name = "Greenshot"; Id = "Greenshot.Greenshot"; Type = "winget"}
    @{Name = "Windows Calc"; Id = "9WZDNCRFHVN5"; Type = "msstore"}

# Install the apps silently for all users
foreach ($app in $apps) {
    if ($app.Type -eq "winget") {
        Write-Host "Installing $($app.Name) from winget..."
        winget install $app.Id -e -s winget --silent --accept-package-agreements --accept-source-agreements --force
    } elseif ($app.Type -eq "msstore") {
        Write-Host "Installing $($app.Name) from Microsoft Store..."
        Add-AppxPackage -Register "C:\Program Files\WindowsApps\Microsoft.$($app.Id)_*" -DisableDevelopmentMode

# Verify the apps were installed
foreach ($app in $apps) {
    if ($app.Type -eq "winget" -and (Get-Command $app.Id -ErrorAction SilentlyContinue)) {
        Write-Host "$($app.Name) was installed successfully from winget."
    } elseif ($app.Type -eq "msstore" -and (Get-AppxPackage "Microsoft.$($app.Id)" -ErrorAction SilentlyContinue)) {
        Write-Host "$($app.Name) was installed successfully from Microsoft Store."
    } else {
        Write-Warning "$($app.Name) was not installed."



Engaged Sweeper

I was more looking for a way to send out a command via deployment to update older software and install software. As our clients do not have local admin rights we are unable to install via their credentials and it doesn't work via our scanning credentials or the service account.  I have 3000 machines onsite, so I was hoping this would be a solution to keep them updated.

Engaged Sweeper II

You can do that. Better yet you can use AD to create a scheduled task that runs as System to install and update however frequently you'd like.


powershell.exe -executionpolicy bypass -file "\\Network Share\Saved Script.ps1"


 You can create a deployment to run the powershell script from a network location and either run it using your credentials or use AD to create a scheduled task and run it as System.

Once you use the Installer script in my first post to install the apps via winget you just need to schedule a task to run however frequently youd like the PC's to update using the command below which will run the update command as System.


winget upgrade --all --silent --include-unknown



I should also state that there are better ways of accomplishing this and running programs as System is generally reserved for the OS as there is no password or account for System. This should really be done using a Backup Operators account which is what it was designed for. If using System in this way only admins should have write access to these scripts and they should be stored someplace only admins have access to on your network share as this could potentially be modified and used to deploy something malicious.