How to install Windows Updates from command-line

windows windows-7 windows-update

Solution 1:

Not sure about Windows 7, but with XP/Vista, you could run the following command to detect and download updates:

wuauclt /detectnow /reportnow

If you have issues getting it to work, check out the WSUS Wiki.

Otherwise if you have a specific update that you want, just download from the Microsoft website. If there's some problem preventing you from installing, that's the best way to find out, because the Windows Update logs are godawful to deal with.

Solution 2:

You can use a script to check for, download and install updates synchronously. I often use a modified version of this vbscript for manual patching of Windows Core servers.

Set updateSession = CreateObject("Microsoft.Update.Session")
updateSession.ClientApplicationID = "MSDN Sample Script"

Set updateSearcher = updateSession.CreateUpdateSearcher()

WScript.Echo "Searching for updates..." & vbCRLF

Set searchResult = _
updateSearcher.Search("IsInstalled=0 and Type='Software' and IsHidden=0")

WScript.Echo "List of applicable items on the machine:"

For I = 0 To searchResult.Updates.Count-1
    Set update = searchResult.Updates.Item(I)
    WScript.Echo I + 1 & "> " & update.Title
Next

If searchResult.Updates.Count = 0 Then
    WScript.Echo "There are no applicable updates."
    WScript.Quit
End If

WScript.Echo vbCRLF & "Creating collection of updates to download:"

Set updatesToDownload = CreateObject("Microsoft.Update.UpdateColl")

For I = 0 to searchResult.Updates.Count-1
    Set update = searchResult.Updates.Item(I)
    addThisUpdate = false
    If update.InstallationBehavior.CanRequestUserInput = true Then
        WScript.Echo I + 1 & "> skipping: " & update.Title & _
        " because it requires user input"
    Else
        If update.EulaAccepted = false Then
            WScript.Echo I + 1 & "> note: " & update.Title & _
            " has a license agreement that must be accepted:"
            WScript.Echo update.EulaText
            WScript.Echo "Do you accept this license agreement? (Y/N)"
            strInput = WScript.StdIn.Readline
            WScript.Echo 
            If (strInput = "Y" or strInput = "y") Then
                update.AcceptEula()
                addThisUpdate = true
            Else
                WScript.Echo I + 1 & "> skipping: " & update.Title & _
                " because the license agreement was declined"
            End If
        Else
            addThisUpdate = true
        End If
    End If
    If addThisUpdate = true Then
        WScript.Echo I + 1 & "> adding: " & update.Title 
        updatesToDownload.Add(update)
    End If
Next

If updatesToDownload.Count = 0 Then
    WScript.Echo "All applicable updates were skipped."
    WScript.Quit
End If

WScript.Echo vbCRLF & "Downloading updates..."

Set downloader = updateSession.CreateUpdateDownloader() 
downloader.Updates = updatesToDownload
downloader.Download()

Set updatesToInstall = CreateObject("Microsoft.Update.UpdateColl")

rebootMayBeRequired = false

WScript.Echo vbCRLF & "Successfully downloaded updates:"

For I = 0 To searchResult.Updates.Count-1
    set update = searchResult.Updates.Item(I)
    If update.IsDownloaded = true Then
        WScript.Echo I + 1 & "> " & update.Title 
        updatesToInstall.Add(update) 
        If update.InstallationBehavior.RebootBehavior > 0 Then
            rebootMayBeRequired = true
        End If
    End If
Next

If updatesToInstall.Count = 0 Then
    WScript.Echo "No updates were successfully downloaded."
    WScript.Quit
End If

If rebootMayBeRequired = true Then
    WScript.Echo vbCRLF & "These updates may require a reboot."
End If

WScript.Echo  vbCRLF & "Would you like to install updates now? (Y/N)"
strInput = WScript.StdIn.Readline
WScript.Echo 

If (strInput = "Y" or strInput = "y") Then
    WScript.Echo "Installing updates..."
    Set installer = updateSession.CreateUpdateInstaller()
    installer.Updates = updatesToInstall
    Set installationResult = installer.Install()

    'Output results of install
    WScript.Echo "Installation Result: " & _
    installationResult.ResultCode 
    WScript.Echo "Reboot Required: " & _ 
    installationResult.RebootRequired & vbCRLF 
    WScript.Echo "Listing of updates installed " & _
    "and individual installation results:" 

    For I = 0 to updatesToInstall.Count - 1
        WScript.Echo I + 1 & "> " & _
        updatesToInstall.Item(i).Title & _
        ": " & installationResult.GetUpdateResult(i).ResultCode   
    Next
End If

It seems to work like a charm for that but I've not tested it under Windows 7 of course. There is also a link to another article for targeting a specific update if needed.

There's also a Powershell module that exposes a similar experience.

After a quick look I also found this third party application that also uses the update API, but with some more options (though requiring you to trust third party code).

Solution 3:

Windows Update from Command Line:

www.sysadminsoftware.com/udc.html

The tool (Updates Deployment Commander) can do just what you are asking for. You can also pass parameters to avoid certain patches, target specific updates, reboot N minutes after completing, create reports in CSV, and so on.. It comes with a couple of GUI utilities too.

Solution 4:

If you have to patch Windows operating systems, especailly after fresh installs, take a serious look at Offline Updater.

It uses scripts to download all the patches you suggest (so Win2000, Win XP, Win 2003, Vista, Win2008, Win2012 32 and 64 bit where appropriate), multi language, service packs, .NET frameworks, and Office patches (XP, 2000, 2003, 2007).

Once you have them all downloaded, you just update every patch Tuesday, and get only the changes. Though it does get the catalouges and they are getting longer every day (many megs now per OS/Office rev).

Once you have the files on your local machine downloaded, there is a script to make CD/DVD images of them (it will this automatically for DVD images per OS now if you would like).

What I do is use a 4GB SD memory card, in an SD card reader that honours the write protect tab. I used to use 2GB cards, but I can just barely fit Win XP and most of the Office builds on it now, so I moved on to 4GB cards.

Thus when troubleshooting a machine, I trust inserting this formerly writable device into a untrusted, possibly virus infected machine (since I know nothing about it, I assume it is infected) knowing my device is write protected.

Thus I can patch it up to date as a first step.

If you use the autorun, or launch the executable on the device (key, external HD, CD, DVD, wherever you wrote it) it starts a script that uses the Windows Update service on the local machine to apply all the updates, but instead of going across the wire to download them it just uses the local copy.

Thus it may still take 1+ hours to update a WinXP machine to the latest SP and patches, but there is zero network traffic along the way, and you can do it with the Ethernet cable unplugged entirely.

Amazingly useful tool!

Should not run afoul of Microsoft, like the AutoUpdate guys were, who were pre building a patch CD, that distributed the CD image. This tool updates scripts, and you have to go get all the patches on your licensed Windows workstation.

Related

How to unlock an SSD disk with hdparm?
Adding both CNAME and TXT DNS records for one subdomain
Why do DNS zone files require NS records?
Is it possible to set two MX records for one domain?
Should I bother to block these rather lame attempts at hacking my server?
Is it possible to SSH access a server with a misconfigured subnet?
I cannot connect to my local SQL Server 2008?
Nginx verifying client certs only on a particular location
Who actually "recurses" in a recursive DNS lookup?
How to add user with SFTP/ FTP access to '/var/www/html/website_abc' folder on Amazon EC2 Centos?
How do I configure PostFix to allow other machines to send out email through it?
SSH: DH_GEX group out of range