1

I am looking for a way to check whether windows OS and security updates are up to date or not. If not then I would like to fetch this information. Apart from this, If there is any update available then I would like to fetch this information too.

I read several blogs and StackOverflow questions and got the following answers:

  1. Using wmic qfe list but this gives information about the already installed update without status (I need to read status such as fail, aborted or success).
  2. Using the following Powershell script (this gives information about whether an update is available or not):
$u = New-Object -ComObject Microsoft.Update.Session
$u.ClientApplicationID = 'MSDN Sample Script'
$s = $u.CreateUpdateSearcher()
$r = $s.Search('IsInstalled=0')
$r.updates|select -ExpandProperty Title

Is there any way to check "Whether windows OS and security updates are up to date or not? If not then get status (failure, aborted etc.). If any update is available then I would like to fetch information about the available update".

How can I achieve this using Javascript or Node.js?

tukan
  • 17,050
  • 1
  • 20
  • 48
Saurabh Chauhan
  • 3,161
  • 2
  • 19
  • 46

1 Answers1

1

To my knowledge there is no function to find out if a system is completely updated (only via windows update) for non-enterprise stations. If you would have complete list of updates needed then you could check against the list.

For update management you have to have Windows 10 Enterprise and System Center configured, then you can check if the stations have the required updates installed. With that you could check it.

To get list of installed patches with status you have to do it the following way:

$Session = New-Object -ComObject "Microsoft.Update.Session"
$Searcher = $Session.CreateUpdateSearcher()
$historyCount = $Searcher.GetTotalHistoryCount()
$Searcher.QueryHistory(0, $historyCount) | Select-Object Title, Date,
     @{name='ResultCode'; expression={switch($_.ResultCode){ 0 {'Not Started'}; 1 {'In Progress'}; 
          2 {'Success'}; 3 {'Success with Errors'}; 4 {'Failed'}; 5 {'Aborted'}
     }}}

You save it as powershell script e.g. check_updates.ps1.

To run it from javascript you have to spawn the process (running from the dir where the script is saved):

var spawn = require("child_process").spawn;
spawn("powershell.exe",[".\check_updates.ps1"]);

What you have to watch out with such spawning is security. Don't forget to assign correct rights.

For Node.js check this answer: Execute Powershell script from Node.js.

For Node.js you have to write it differently, something along these lines (similar to above posted link):

var spawn = require('child_process').spawn,
    updates = spawn("powershell.exe",["C:\\path\\test\\check_updates.ps1"]);

updates.stdout.on('data', function (data) {
  console.log('stdout: ' + data.toString());
});

updates.stderr.on('data', function (data) {
  console.log('stderr: ' + data.toString());
});

updates.on('exit', function (code) {
  console.log('child process exited with code ' + code.toString());
});

updates.stdin.end();

Note: Sometimes failed update can be included in a cumulative updates so it can be tricky to find if it was installed.

tukan
  • 17,050
  • 1
  • 20
  • 48
  • Thanks for the answer. I tried but it didn't print anything in console. Does it mean no update is available? I also tried on the system where updates are available but nothing printed in the console. Am I missing something? – Saurabh Chauhan May 04 '20 at 10:06
  • @SaurabhChauhan did you try it directly within powershell (how did you execute it?) ? I try to test the script if I post it, so did I do in your case. I got a list of updates on my computer. I just did a double check if I do not have typos and it runs perfectly. Do you have any updates installed? (The list of updates should be longer than just running `wmic qfe list`) – tukan May 04 '20 at 10:10
  • It is interesting when I executed the PowerShell script using Admin mode then it has printed a list of updates as output. However, when I executed the above node.js script (mentioned in your answer) using Node.js cmd (with Admin mode) then it doesn't print anything in console. – Saurabh Chauhan May 04 '20 at 11:16
  • @SaurabhChauhan the script above is JavaScript only. I'm no expert in Node.js (that is why I have provied a link) my eyes that is probably some rights limitation. Maybe it can't find the `powershell.exe` hard to say. – tukan May 04 '20 at 11:22
  • @SaurabhChauhan maybe there is an issue with the stdout redirect. Did you try the JavaScript one? – tukan May 04 '20 at 11:28
  • Yes, I saved the your script and tried to execute it using `node filename.js` but it doesn't print anything. – Saurabh Chauhan May 04 '20 at 11:38
  • @SaurabhChauhan the issue is that I have create a javascript stub, not a NodeJs valid function. I'm no expert in nodejs, but I'll try to add one. – tukan May 04 '20 at 18:11
  • Tested on node.js vs 12.16.3. – tukan May 04 '20 at 18:20
  • Can you please guide me: How can I add this line to your code `Search('IsInstalled=0')`? This line checks for the current update so I would like to add this information too. Thank you! – Saurabh Chauhan May 05 '20 at 13:32
  • @SaurabhChauhan `IsInstalled=0` is used during an update process to check if the update was already applied before performing actual update. The script above is checking the history of already applied patches. You can't simply combine these two. You would have to compare results from one with the other somehow. – tukan May 05 '20 at 15:46
  • Thank you! It looks like I need two powershell scripts two combine result and then perform check. – Saurabh Chauhan May 05 '20 at 16:08