How to use PowerShell to scan for Windows 10 security updates

Want to review Windows 10 security updates and patches before installing them? Run this PowerShell command.

With Windows 10, you can no longer do a quick-and-dirty scan for updates from the GUI without triggering the detection and installation of those updates. The same holds true for Server 2016 or Server 2019. The ability to scan for, but not install updates is a useful auditing technique to ensure your patching tools are reporting properly. It also lets you see what updates are pending for Microsoft’s regularly scheduled patches.

You can use a remote management or patch management tool that offers this option to scan but not install updates. If you do not have one, here’s a way to do it using the PowerShell module PSWindowsUpdate.

To use this PowerShell command, you first need to set up the environment to run PowerShell scripts. In an elevated PowerShell, run the following commands:

Set-ExecutionPolicy RemoteSigned

Note this sets the policy to allow for scripts to be run. You will be prompted to say “yes” to accept the policy. To ensure that you have the policy set, type get-executionpolicy -list. If you are running preview builds of Windows 10 you might need to use the -force flag to set the policy. Use either Set-ExecutionPolicy Remote Signed -Force to set the policy for the local machine or Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force to set the policy for the current user.

Next, install NuGet, an open-source package manager designed for the Microsoft Development Platform:

Install-PackageProvider NuGet

To use the Windows update module, the NuGet package manager must be installed:

Install-Module PSWindowsUpdate

You might be warned that you are installing items from an untrusted repository. Click “Y” or “Yes” to install the PowerShell Windows Update module. You will see the module being installed.

To continue reading this article register now

How to choose a SIEM solution: 11 key features and considerations