How to remotely detect windows has completed patch configuration after reboot

This might sound like kind of a weird answer, but...

There's a PowerShell script for checking to see if there are available updates for Nagios. You could probably use this script or a variant for your purposes, without Nagios.

As for whether they're in progress, check for whether or not Wuauclt and TrustedInstaller are running. Microsoft's advice about updates on Server Core might help here:

Depending on the updates that are installed, you might need to restart the computer, although the system will not notify you of this. To determine if the installation process has completed, use Task Manager to verify that the Wuauclt or Trusted Installer processes are not actively running. You can also use the methods in the “Viewing installed updates” section to check the list of installed updates.

You can probably pull that information with something like Get-Process -Computername YourImage TrustedInstaller.exe. After both the Wuauclt and TrustedInstaller processes have finished, it should be safe to reboot.


Each Windows update patch will write several events in the Setup event log.

  • Event ID 1 - Initiating changes for package KB####
  • Event ID 4 - A reboot is necessary before package KB#### can be changed to installed state
  • Event ID 2 - Package KB#### was successfully changed to the Installed state

One way to determine all patches had been applied would be to loop a check on Event ID 4. Compare the time of that event to the current time. If no event ID 4's had been written for 5 or 10 minutes, then all pataches are probably done, and ready to reboot.

I'm not clear if you want to do the first reboot when patches are done installing (event4), or the second reboot after they are done configuring (event 2). This code does the former. Simply change the filterHashTable to event id 2 for the other reboot before your step 10.

$target = "bart"
$found = $false
while (-not $found) {
    $lastEvent4 = (get-winevent -comp $target -maxEvents 1 -filterHashTable @{ Logname='Setup'; id = '4';}).timeCreated
    if (((get-date) - $lastEvent4).totalMinutes -gt 10) {
        "do reboot"
        restart-computer -comp -$target
        $found = $true
    } else {
        "wait"
        start-sleep 60
    }
}

Tags:

Windows

Winrm

Unattended

Recent Posts