Update
Criteria strings
These are a bit of a shit show:
Each criterion specifies an update property name and value. With some restrictions, multiple criteria can be connected with the AND and OR operators. The = (equal) and != (not-equal) operators are both supported. When you use Windows Update Agent (WUA), the != (not-equal) operator can be used only with the type criterion.
To quickly verify that your incantation meets Microsoft's arbitrary standards, run it against this:
function WUSearch([string]$criteria) {
$session = New-Object -ComObject "Microsoft.Update.Session"
$searcher = $session.CreateUpdateSearcher()
return $searcher.Search($criteria)
}
$result = WUSearch "IsAssigned=1"
Formatting
This is a pretty good base for understanding what your criteria's matching:
$result.Updates | Format-Table -AutoSize -Property `
@{ Label = "KBArticleIDs"; Expression = { $_.KBArticleIDs | % { "KB$($_)" } } }, `
MsrcSeverity, IsAssigned, BrowseOnly, IsMandatory, IsBeta, RebootRequired, IsUninstallable, `
@{ Label = "Categories"; Expression = { $_.Categories | % { "$($_.Type): $($_.Name)" } } }
Note that properties used in your search query won't have values in the results. Helpful.
COM
The Windows Update API is exposed via COM. Key objects:
Microsoft.Update.Sessionserves as a sort of transaction manager for the operation.CreateUpdateSearcher()yields anIUpdateSearcher.
Microsoft.Update.IUpdateSearcherperforms catalog searches.Search(string criteria)searches synchronously, returning anISearchResult.
Microsoft.Update.ISearchResultlets you poke at available updates:ResultCodegives you anOperationResultCodeindicating whether it worked or not.Updatesis an array ofIUpdateobjects.
Enabling Microsoft Update programmatically
As Administrator:
$serviceManager = New-Object -Com Microsoft.Update.ServiceManager
$serviceManager.ClientApplicationID = "acme-corp/enterprisinator9001"
$serviceManager.AddService2("7971f918-a847-4430-9279-4a52d1efe18d", 7, "")