Thinking about how to check the status of Windows Update from the command line

Thinking about how to check the status of Windows Update from the command line

 Windows Update has quality updates almost every month, and many of them require a reboot. However, it is troublesome to see Windows Update in settings frequently. So I wondered if I could check the status of Windows Update from the command line. If that is possible, it will also be possible to run it periodically using, for example, a task scheduler. You can also create a script to notify you in a variety of ways.

The Windows Update Agent API allows you to retrieve information about Windows Updates. This is an example of detecting an update waiting for a reboot. The script above finds a preview version pending a reboot in Windows 11 Settings > Windows Update.

Windows Update can be broadly classified into three categories

 Windows Update has been covered several times in this series, but for an overview, please refer to the article below.

How to tame Windows Update and restart it at a convenient time
https://ascii.jp/elem/000/004/045/4045886/

 There are various types of Windows Update, but from the perspective of checking the status, they can be broadly classified into the following three categories.

1. Things that install automatically (reboot not required)
2. Things that require a reboot after the installation is complete
3. Things that require a reboot to complete the installation (installation not complete)

1 is, for example, virus definition updates. In this case, the download and installation proceeds and ends without permission, so there is no need to detect it, and it is difficult to detect it unless the check is repeated at very short intervals.

2 and 3 may be installed automatically or may not be installed unless the user instructs to start them, but in the current Windows 10, the download seems to be done automatically. However, large ones like quality updates require the user to initiate the download.

 In addition, the installation may start automatically depending on the Windows Update settings. Specifically, "Settings" → "Windows Update" → "Advanced options" "If a restart is required to install updates, please restart this device as soon as possible." If you turn on the toggle switch with the long name .

 Windows Update that requires a reboot prompts the user to reboot when even one of the updates is completed, even if there are multiple updates that require a reboot. However, it's possible that other updates haven't finished installing yet. That said, at least when it comes to rebooting, there are notifications in the taskbar notification area and action center.

On the other hand, if the installation is in progress, whether or not there is a reboot request, there is no way to know without looking at the Windows Update page in the settings. I want to detect this time.

Using the Windows Update Agent API

Information about Windows Update can be obtained from the Windows Update Agent API. Since this API is COM, it can be accessed from PowerShell etc. Here, we will try to access this API using Windows PowerShell, which is included as standard in Windows.

Windows Update status from command line Thinking about how to check

● Windows Update Agent API (English)
https://docs.microsoft.com/en-us/windows/win32/api/_wua/

 Many people probably aren't interested in details about programming, so how to get the list of updates currently managed by Windows Update (pre-installed and installed)? show.

List 1

$WindowsUpdateSearch=(New-Object -ComObject Microsoft.Update.Session).CreateUpdateSearcher();
$update=$WindowsUpdateSearch.Search("IsInstalled=0 OR IsInstalled= 1").updates;

On the first line, create a COM object "Microsoft.Update.Session" (this is the Windows Update Agent object) and create an "UpdateSearcher" to search for updates from there. The second line passes the search criteria ("IsInstalled=0 OR IsInstalled=1") to the created UpdateSearcher and creates an Updates object. If no condition is specified, the same result as if "IsInstalled=0" is specified is obtained. If you don't feel like looking at the above URL, you can use this as a charm.

On the second line, we saved the Updates object in a variable called $update, so we will use this $update from now on. Because searching can take up to a minute, searching every time would take too long. However, to get the latest information from Windows Update, you have to run the second line again. That said, Windows Update's default update is about once a day, which means you can repeat it several times a day.

 The Updates object holds Windows Updates displayed in "Settings" → "Update & Security" → "Windows Update" ("Settings" → "Windows Update" for Windows 11). The properties needed to check the state are as follows.

< td>Update installed
Property nameMeaningDocumentation
IsInstalledhttps://docs.microsoft.com/en-us/windows/win32/api/wuapi/nf-wuapi-iupdate-get_isinstalled
IsDownloadedUpdate has been downloadedhttps://docs.microsoft.com/en-us/windows/win32/api/wuapi/nf -wuapi-iupdate-get_isdownloaded
RebootRequiredReboot Requiredhttps://docs.microsoft.com/en -us/windows/win32/api/wuapi/nf-wuapi-iupdate2-get_rebootrequired
IsPresentUpdate is present https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nf-wuapi-iupdate2-get_ispresent

As mentioned above, there are 3 types of updates, and what is detected is whether an update that requires a reboot is in progress, or whether the installation has been completed and is waiting for a reboot. To do this, search for the update in the Windows Update Agent and inspect its properties. First, if an update is in progress, the property will be in the following state.

IsInstalled = false
IsDownloaded =true
RebootRequired = false

 In addition, when I actually tried it, there were some updates that were displayed as not installed even though the installation had already been completed, so I added the following conditions.

IsPresent = false

 To detect this, use PowerShell's Where-Object and execute as shown in the list below.

List 2

$update | Where-Object {$_.isinstalled -eq $false -and $_.isdownloaded -eq $true -and $_.rebootrequired -eq $false -and $ _.isPresent -eq $false} | Select-Object title

* $update is set in List 1

 If there is an update that satisfies this condition, it would be better to check the Windows update page in the settings at least once. In some cases, it may be waiting for installation instructions from the user. Also, even if a reboot has already been requested, if there is an update that satisfies this condition, another update is in progress.

 In addition, when the update is instructed by the user and the installation starts, there are two states. One is "2" above, where "IsInstalled" and "RebootRequired" are true. The other is "3" mentioned above, where "IsInstalled" remains false, but "RebootRequired" becomes true. To detect these two, use the commands listed below.

List 3

$update | Where-Object {$_.rebootrequired -eq $true} | Select-Object title

* $update is set in List 1. there is

 The following table summarizes these conditions.

 The first three in the table are updates that have not been installed yet, but among them are those that have not been done yet (the top row of the table) and those that have already been installed , there is another notification (2nd line), and it is necessary to specify the condition on the 3rd line to distinguish them. On the other hand, the updates that require a reboot (lines 4 and 5) have not been installed because they have not been rebooted.