How can I find out how many updates are waiting to be installed on a remote server

Here is the script I wrote. It will tell you:

• How many patches are waiting to be installed
• If the patches will require a reboot
• If the server is currently waiting on a reboot to enable the patches

Example usage: C:\> cscript ServerPendingUpdates.vbs myserver01 myserver02

Connecting to myserver01 to check software update status...
myserver01 has 2 updates pending installation
myserver01 WILL need to be rebooted to complete the installation of these updates.
myserver01 is waiting for a REBOOT to complete a previous installation.

<snip>

Script:

'#
'# ServerPendingUpdates.vbs
'#
'# Usage: cscript ServerPendingUpdates.vbs {servername} {servername} {servername} {servername}
'#    If no {servername} specified then 'localhost' assumed
'#
'# To do: Error handling
'#
Option Explicit
Dim strServer        : strServer         =  GetArgValue(0,"localhost")


'#
'# Loop through the input parameters for each server
'#
Dim i
For i = 0 To WScript.Arguments.Count - 1
    CheckServerUpdateStatus GetArgValue(i,"localhost") 'strServer
Next

WScript.Quit(0)

Function CheckServerUpdateStatus( ByVal strServer )

    WScript.Echo vbCRLF & "Connecting to " & strServer & " to check software update status..."

    Dim blnRebootRequired    : blnRebootRequired     = False
    Dim blnRebootPending    : blnRebootPending     = False
    Dim objSession        : Set objSession    = CreateObject("Microsoft.Update.Session", strServer)
    Dim objUpdateSearcher     : Set objUpdateSearcher    = objSession.CreateUpdateSearcher
    Dim objSearchResult    : Set objSearchResult     = objUpdateSearcher.Search(" IsAssigned=1 and IsHidden=0 and Type='Software'")

    '#
    '#
    '#
    Dim i, objUpdate
    Dim intPendingInstalls    : intPendingInstalls     = 0

    For i = 0 To objSearchResult.Updates.Count-1
        Set objUpdate = objSearchResult.Updates.Item(I) 

        If objUpdate.IsInstalled Then
            If objUpdate.RebootRequired Then
                blnRebootPending     = True
            End If
        Else
            intPendingInstalls    = intPendingInstalls + 1
            'If objUpdate.RebootRequired Then    '### This property is FALSE before installation and only set to TRUE after installation to indicate that this patch forced a reboot.
            If objUpdate.InstallationBehavior.RebootBehavior <> 0 Then
                '# http://msdn.microsoft.com/en-us/library/aa386064%28v=VS.85%29.aspx
                '# InstallationBehavior.RebootBehavior = 0    Never reboot
                '# InstallationBehavior.RebootBehavior = 1    Must reboot
                '# InstallationBehavior.RebootBehavior = 2    Can request reboot
                blnRebootRequired     = True
            End If

        End If
    Next

    WScript.Echo strServer & " has " & intPendingInstalls & " updates pending installation"

    If blnRebootRequired Then
        WScript.Echo strServer & " WILL need to be rebooted to complete the installation of these updates."
    Else
        WScript.Echo strServer & " WILL NOT require a reboot to install these updates."
    End If


    '#
    '#
    '#
    If blnRebootPending Then
        WScript.Echo strServer & " is waiting for a REBOOT to complete a previous installation."
    End If 
End Function



'#
'#
'#
Function GetArgValue( intArgItem, strDefault )
    If WScript.Arguments.Count > intArgItem Then
        GetArgValue = WScript.Arguments.Item(intArgItem)
    Else
        GetArgValue = strDefault
    End If
End Function

you can use wuinstall. It has a /search switch to see if there are updates pending. You can execute remotely with psexec.

Another option is to parse the %windir%\windowsupdate.log and look for stuff like this: # WARNING: Install call completed, reboot required = Yes, error = 0x00000000

I use the UpdateHf.vbs script authored by Rob Dunn & contributors. Because it runs locally on the host it is reporting on, I have it installed on all my machines. I created an MSI package and pushed it via GPO.

To trigger the reporting, I have a collection of powershell scripts that create scheduled tasks on an OU worth of servers, where each machine is scheduled to run UpdateHF.vbs locally and email me the results. I then use sorting rules to colorcode the resulting emails based on searching for distinctive text in the report.

UpdateHF.vbs is basically a wrapper around Microsoft's published Automatic Updates API, so with some digging I bet you could figure out which bit of script handles the "Reboot Pending" check, if all you wanted was a boolean reboot-status flag.

Here's the core of my system: Powershell fills in the variables on a call to schtasks.exe. (Note that if the password has complex characters, you need to escape them with a backtick.)

schtasks.exe /create /F /S $TargetHost /tn Patch /sc once /st $TargetTime /sd $StartDate /ru User /rp Password /tr "$WinPath\system32\cscript.exe $WinPath\UpdateHF.vbs $UpdateArgs"

As an admin of the remote box, open an MMC and then add the Event Viewer Snapin. Select "Another Computer" (versus the default of "Local Computer" and input the target computer name. Then filter by event type to see only the ones you want! It's called "Windows Update Agent" and the description will begin with

"Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on [date]..."

In 2012 R2 server go to control Panel, click on Windows Updates. On the left panel of the page click on "Check for updates" link, you will get to see the list of pending updates (yet to be installed on the server). Click on any of the link you will get to see the entire (both optional and mandatory) list with the brief description for each of them.

Please note for this Auto install for updates must be turned ON.