8

For Microsoft Server OS's, is there a location in the registry or possibly WMI that stores the number of pending Important Updates?

My inventory software supports wmi and registry keys. Trying to see if there is a way to report that number so that I know remotely if there are updates either ready to be downloaded/installed. Searching for this gives a lot of out of scope information since ther are generic terms.

While I do use WSUS this information would be preferential to have centralized in my LanSweeper inventory system. Neglected to mention that I use WSUS yes. For WSUS to have this information I would gather that is it locally on my machine as well.

Matt
  • 690
  • 6
  • 26
  • 2
    What's wrong with WSUS? You *do*, at least use WSUS, don't you? – HopelessN00b Dec 09 '14 at 16:30
  • 1
    WSUS has had this functionality for almost a decade now, probably the more robust solution. – David V Dec 09 '14 at 16:30
  • @DavidV Added an update to give my situation more context. Thanks. WSUS does have this info just not where I need it. – Matt Dec 09 '14 at 16:35
  • Keep in mind that even if you to extract it from the registry/wmi - it will only tell you about updates windows knows about, so automatic checking for updates will need to be on and have run recently. – Grant Dec 10 '14 at 01:52

2 Answers2

6

I am not sure if it is possible to find the number of pending important updates. But in HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UAS there is a Key called UpdateCount that will give you the total number of pending updates.

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
David V
  • 840
  • 1
  • 8
  • 15
  • Hrm, this key doesn't seem to be present on the Windows 8 and 2012r2 machine I have at my desk. – Zoredache Dec 09 '14 at 17:27
  • I don't have a Windows 8 or r2 machine near me to check, but I have it in Win7, 2008r2, and 2012. – David V Dec 09 '14 at 18:00
  • Sorry forgot we have some 8.1 dev machines, can confirm it exists there as well. – David V Dec 09 '14 at 18:09
  • I need to check some more systems but this would suffice for my needs. If the number is greater than 0 I hope it represents work I have to do on that system. – Matt Dec 10 '14 at 04:32
6

There are 4 registry keys that will let you know if there are pending updates. HopelessN00b was on the right track, though you have to go up one level to see the keys. 

HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update

The keys you want are:

  • UpdatesAvailableForDownloadLogon - Updates pending download(important updates)
  • UpdatesAvailableForInstallLogon - Downloaded updates pending install
  • UpdatesAvailableWithUiLogon - Pending updates that need interaction to install
  • UpdatesAvailableWithUiOrEulaLogon - Similar to above but you also have to accept a EULA

This should do the trick for your inventory software. Another one I tweak remotely is; NextDetectionTime This way if it is not going to check WU for a while or a security patch is out that I want to grab, I edit the date to today and the current time +1 minute.

fukawi2
  • 5,327
  • 3
  • 30
  • 51
Slyce
  • 61
  • 3