Home / server / Questions / 891188
Accepted
Max Muster
Asked: 2018-01-09 03:57:03 +0800 CST

Is it possible to detect the Windows Update status via registry, to see if the system is "fully updated"?

  • 772

I would like to be able to check the computer's update status by querying the registry. I specifically would like some to check if the computer's update status is "fully updated".

I have looked through a lot of entries in the registry but I could not find one that has the update status of the computer.

What options do I have to check the windows update status?

windows

2 Answers

  1. Best Answer

    The closest to the registry that I can find is the Windows Update log file. The only other way is to access it through the COM API.

    I spoke with the manager at Microsoft in charge of Windows Update (Dave Roth) and he said that you should absolutely not try to get the status of Windows Update via the registry. He said that you should use the COM API to get the status by executing the search method and using the returned results for the update status of your computer.

    He also gave me this tip:

    As a simple FYI, for checking what updates are installed calling IUpdateSearcher::Search with IsInstalled=1 will generate an updatecollection object containing all installed updates. You can walk through it to see what is already installed.

    Expanding on his tip you could potentially call that method with IsInstalled=0 to see what updates are not installed. (see the powershell example below).

    Windows Update Log File

    The Windows Update log file is a good way to see the current status of Windows Update. This method would be good if you could only access the file system and did not have access to APIs or other frameworks/platforms and the such.

    You can find it at this path:
    %windir%\Windowsupdate.log

    The Windows Update log file is in this format:
    Date Time PID TID Component Text

    An example line with template data would be this:
    [date][time] [PID][TID][Component][Text]

    Here is a full example:
    2005-06-0118:30:03 992810Agent * WU client version 5.8.0.2468

    Here is an example where the Windows Update Agent searches for available updates and outputs the results:

    2005-06-0212:09:36 9924e8Agent*************
2005-06-0212:09:36 9924e8Agent** START **  Agent: Finding updates [CallerId = WindowsUpdate]
2005-06-0212:09:36 9924e8Agent*********
2005-06-0212:09:36 9924e8Agent  * Added update {AC94DB3B-E1A8-4E92-9FD0-E86F355E6A44}.100 to search result
2005-06-0212:09:37 9924e8Agent  * Found 6 updates and 10 categories in search

    On modern systems, you will need to run the PowerShell commandlet Get-WindowsUpdateLog as the log is now no longer stored in the log, the log is stored in etl files. The command will compile the WindowsUpdate.log file from all of the etl files and make it available (by default) at the Desktop folder of the current user.

    Here is the description of the command:

    The Get-WindowsUpdateLog cmdlet merges and converts Windows Update .etl files into a single readable WindowsUpdate.log file. Windows Update Agent uses Event Tracing for Windows (ETW) to generate diagnostic logs. Windows Update no longer directly produces a WindowsUpdate.log file. Instead, it produces .etl files that are not immediately readable as written.

    This cmdlet requires access to a Microsoft symbol server.

    COM API

    The COM API is a good way to directly access Windows Update without having to parse logs. Applications of this API range from finding available updates on the computer to installing and uninstalling updates.

    You could use the Microsoft.Update.Session class to run an update search and then count the number of updates available to see if there are any updates for the computer.

    PowerShell Example:

    $updateObject = New-Object -ComObject Microsoft.Update.Session
$updateObject.ClientApplicationID = "Serverfault Example Script"
$updateSearcher = $updateObject.CreateUpdateSearcher()
$searchResults = $updateSearcher.Search("IsInstalled=0")
Write-Host $searchResults.Updates.Count

    If the returned result is more than 0 then there are updates for the computer that need to be installed and/or downloaded. You can easily update the powershell script to fit your application.

    Just a heads up, it appears that the search function is not async so it would freeze your application while searching. In that case you will want to make it async.

    Tl;Dr

    If you are building a non script (compiled) type of application (with the exception of PowerShell which has access to COM APIs) then I would recommend to use the COM API. Otherwise log parsing would be your best option.

    Links

    How to read the log file:
    https://support.microsoft.com/en-us/help/902093/how-to-read-the-windowsupdalog-file

    PowerShell log compile cmdlet:
    https://docs.microsoft.com/en-us/powershell/module/windowsupdate/get-windowsupdatelog?view=win10-ps

    Com32 API reference:
    https://msdn.microsoft.com/en-us/library/windows/desktop/aa387099(v=vs.85).aspx

    • 3

  2. Microsoft is now using the value UBR (Unified Build Revision) to identifiy the patch level. The value was first added in Windows 10

    enter image description here

    , but is now backported to Windows 7

    enter image description here

    and Windows 8.1 as well

    enter image description here

    So, query the UBR value from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion and look at the Update History page (for Windows 10 v1709 as example) for the value KB123456 (OS Build 16299.XYZ) on left side:

    enter image description here

    Here you can see that my 1709 is fully patched with last update.

    • 1