Patch Lady – scanning for updates

[Susan BradleyAskWoody MVP]

https://www.csoonline.com/article/3321140/windows-security/how-to-use-powershell-to-scan-for-windows-10-security-updates.html I know many of you alrea
[See the full post at: Patch Lady – scanning for updates]

Susan Bradley Patch Lady

5 users thanked author for this post.

Elly, abbodi86, jescott418, ch100, woody

[techweenieAskWoody Lounger]

Can someone paste the script here?  I don’t want to sign up for one stupid article.

[ch100AskWoody MVP]

techweenie wrote:

Can someone paste the script here?  I don’t want to sign up for one stupid article.

There is no such thing like free money or free beer.
What is your contribution to get trained for free?

[dph853AskWoody Lounger]

The only pertinent info displayed after the registration break in the article is the single command to initiate the search for updates within powershell.

Since it’s Susan’s article, I’ll leave it up to her to post the command here if she wants to.

[anonymous]

Agree it is too bad you have to give out your information to yet another organization in order to read the Article.

Remember, if you dont have to pay for the product …. You are the product!

[anonymous]

Thank you

[techweenieAskWoody Lounger]

For what it’s worth, I’ve been using “UsoClient.exe startscan” from command prompt.  I don’t recall if it starts installing anything, but it definitely scans.  I believe it respects your GPO settings.  Another method from powershell is “(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()” without the quotes.

[SteveTreeAskWoody Lounger]

techweenie wrote:

stupid article.

Just wondering whether you noticed that author’s name!

Group A (but Telemetry disabled Tasks and Registry)
Win 7 64 Pro desktop
Win 10 32 Home portable

3 users thanked author for this post.

BobbyB, ch100, woody

[anonymous]

In my opinion it is a better way to use the build-in abilities so that you don’t need to install something. Here is a very short version of a script I use (it’s a version without error handling and company only stuff).

$SearchResult = $(New-Object -ComObject Microsoft.Update.Searcher).Search(“IsInstalled=0”).Updates

$Downloader = $(New-Object -ComObject Microsoft.Update.Session).CreateUpdateDownloader()
$Downloader.Updates = $SearchResult
$Downloader.Download()

$Installer = New-Object -ComObject Microsoft.Update.Installer
$InstallCollection = New-Object -ComObject Microsoft.Update.UpdateColl
$SearchResult | ForEach-Object -Process { $InstallCollection.Add($_) | Out-Null }
$Installer.Updates = $InstallCollection
$Installer.Install()

2 users thanked author for this post.

abbodi86, ch100

[woodyDa Boss]

Great to see your byline on CSO!

[dph853AskWoody Lounger]

Thank you Susan for the info. Followed the steps and got results. Will play around some more with your solution and see how it handles updates hidden with wushowhide and various delay settings within windows settings.

So far seems to be the best solution apart from going back to v1709 and staying there forever. 🙂

Update:

The PS command ignores updates hidden by wushowhide and displays them  in the screen output anyways. You will still need to hide any updates that you specifically do not wish to install via windows update. There are no available updates that are newer  than 30 days so I can’t yet test to see if the PS command observes the days to ignore rule in settings – I suspect it doesn’t.

• This reply was modified 1 month ago by  dph853.

1 user thanked author for this post.

rc primak

[rc primakAskWoody MVP]

I was going to ask how this method interacts with wushowhide, the Updates History and other parts of Windows Update. In this thread I’m piecing together some answers.

-- rc primak

[abbodi86AskWoody MVP]

Windows 10 has built-in WMI provider to scan and install updates since ver 1607
but they keep changing its properties and methods, and sadly it’s basic and limited

in latest ver 1809, one can scan for updates like this in powershell:
$ctr = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
$ci = New-CimInstance -Namespace root/Microsoft/Windows/WindowsUpdate -ClassName MSFT_WUOperations -ClientOnly
$result = $ci | Invoke-CimMethod -MethodName ScanForUpdates -Arguments @{SearchCriteria=$ctr}
$result.Updates

this will return list of available updates with their UpdateID for each, which is helpfull to install specific update alone
e.g.
$result = $ci | Invoke-CimMethod -MethodName ScanForUpdates -Arguments @{SearchCriteria="UpdateID='2b270fd4-8f8b-4d4f-ba85-17dace669c55'"}
Invoke-CimMethod -InputObject $ci -MethodName InstallUpdates -Arguments @{Updates=$result.Updates}

you can also choose to only download the update for now
Invoke-CimMethod -InputObject $ci -MethodName InstallUpdates -Arguments @{Updates=$result.Updates;DownloadOnly=$true}

unfortunately, the scan this way isn’t reflected in Settings page
and the installed updates will not be listed in Update History

• This reply was modified 4 weeks, 1 day ago by  abbodi86.

2 users thanked author for this post.

BobbyB, ch100

[glnzAskWoody Lounger]

Was unable to sign up for CSO.
My Firefox has NoScript and other security. What must I allow to sign up?

[rc primakAskWoody MVP]

During the sign-up, the site is using trackers.  You must turn off all ad blockers, all script blockers and all third-party tracker blockers. For many of us, this is too much of a privacy intrusion to tolerate. This is why I also don’t go to restricted areas of InfoWorld anymore.  Too bad this resource and several others Susan references frequently can’t be posted at less intrusive sites. But everybody has to make a living.

-- rc primak

[anonymous]

rc primak (and Susan) – thanks.

Shame that this CSO website is too difficult to use.

[Author]

Posts