Detecting updates programmatically

215 views
Skip to first unread message

Dilip

unread,
Sep 3, 2008, 1:49:15 PM9/3/08
to

I wanted to use the WUApi.dll to programmatically detect the
availability of windows updates. I noticed that a call to
IUpdateSearcher::Search actually goes out and makes a network call to
the windows update server to determine if updates are available.
Since we already have the windows update service (wuauserv) running on
our machines and since it already does the job for us, I was wondering
is it possible for me to talk to wuauserv programmatically and get the
status of available updates?

In short, I don't want to talk to the windows update server directly.
I am okay with whatever status the wuauserv can provide me. Is this
possible?

Motherway@discussions.microsoft.com Casey Motherway

unread,
Nov 12, 2008, 4:47:00 PM11/12/08
to
Can you explain what criteria is used to determine whether an update is
considered "important" by Microsoft. For example on Vista, some of the
updates are checked automatically for install and some are not. The ones
that are checked are labeled "Important", "Recommended", ... in the UI. I am
attempting to determine which Microsoft is recommending that the user install
using WUA. IUpdate::MsrcSeverity seems like it is the logical answer. It
returns "Low", "Moderate", "Important", and "Critical" according to the
documentation. However, I am seeing that in some cases the value is blank.
Yet the update with the blank MsrcSeverity is being reported as "Important"
in the Windows Update UI. So is there something other than MsrcSeverity that
is being used by Windows to determine this?

"Lawrence Garvin" wrote:

> "Dilip" <rdi...@lycos.com> wrote in message
> news:4972c6e5-7d47-4ceb...@k13g2000hse.googlegroups.com...


> >
> > I wanted to use the WUApi.dll to programmatically detect the
> > availability of windows updates. I noticed that a call to
> > IUpdateSearcher::Search actually goes out and makes a network call to
> > the windows update server to determine if updates are available.
> > Since we already have the windows update service (wuauserv) running on
> > our machines and since it already does the job for us, I was wondering
> > is it possible for me to talk to wuauserv programmatically and get the
> > status of available updates?
>

> I think you may be confused about the basics of how WSUS/WUA works.
>
> First, when you use the WUA API, you *are* talking to wuauserv.
>
> Second, regardless of what you talk to or with, if you want the "status of
> available updates", something is going to have to first go ask the WSUS
> server what updates are =available=. Then the WUA needs to determine =IF=
> any of those available updates are NEEDED by the client system.
>
> The client side knows *nothing* about what updates are available; it must
> check every time it executes a detection -- as the "availability" of those
> updates can change on a moment's notice if the WSUS Administrator decides to
> unapprove an update.
>
> In fact, if the WSUS Administrator approves an update, and the WUA downloads
> the content and schedules an installation, and then executes another
> detection before the scheduled installation, and the update is no longer
> approved, the WUA will actually UNschedule the installation!
>
>
>
> --
> Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
> Senior Data Architect, APQC, Houston, Texas
> Microsoft MVP - Software Distribution (2005-2008)
>
> MS WSUS Website: http://www.microsoft.com/wsus
> My Websites: http://www.onsitechsolutions.com;
> http://wsusinfo.onsitechsolutions.com
> My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
>

Lawrence Garvin (MVP)

unread,
Nov 12, 2008, 6:30:17 PM11/12/08
to
"Casey Motherway" <Casey Moth...@discussions.microsoft.com> wrote in
message news:1F97E3B8-EA89-4331...@microsoft.com...

> Can you explain what criteria is used to determine whether an update is
> considered "important" by Microsoft.

The authors of the update package make that determination.

> For example on Vista, some of the
> updates are checked automatically for install and some are not. The ones
> that are checked are labeled "Important", "Recommended", ... in the UI. I
> am
> attempting to determine which Microsoft is recommending that the user
> install
> using WUA. IUpdate::MsrcSeverity seems like it is the logical answer. It
> returns "Low", "Moderate", "Important", and "Critical" according to the
> documentation. However, I am seeing that in some cases the value is
> blank.
> Yet the update with the blank MsrcSeverity is being reported as
> "Important"
> in the Windows Update UI. So is there something other than MsrcSeverity
> that
> is being used by Windows to determine this?

MSRC Severity only applies to =security= updates, which are associated with
Security Bulletins.

This is but a small part of the updates that can be made available, and
classified.

Both security, and non-security, updates are classified as
Critical/Important etc.


For detailed information on the definitions of the update levels in Vista:
http://www.microsoft.com/windows/downloads/windowsupdate/updatelevels.mspx

--
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP

Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

Casey Motherway

unread,
Nov 12, 2008, 6:46:01 PM11/12/08
to
Lawrence,

I truly appreciate your prompt response as this is an issue that I need to
iron out by tomorrow.

I had a hunch that MsrcSeverity only applied to security updates. Thank you
for confirming that.

I am still unsure however, how to determine which updates are considered
"optional" programatically. Is there a way to do this with WUA?

Thank you,
Casey

Lawrence Garvin (MVP)

unread,
Nov 12, 2008, 8:57:05 PM11/12/08
to
"Casey Motherway" <CaseyMo...@discussions.microsoft.com> wrote in
message news:60A39B84-9A7B-410C...@microsoft.com...

> I am still unsure however, how to determine which updates are considered
> "optional" programatically. Is there a way to do this with WUA?

Unfortunately there is not. While the MSRC Severity is coded in the metadata
for security updates, the issue of Optional vs (non)Optional is really
insignificant to the WSUS environment -- either you're going to approve the
update or you're not -- and that data is not coded in the metadata.

The issue of Important vs Recommended vs Optional is really only significant
to the Vista "Automatic Updates" scenario, where the Vista user wishes to
exercise some control over the volume (or type) of updates automatically
installed. In a WSUS scenario, that decision is made by the WSUS
Administrator, presumably by some more specific criteria (like =Needed= or
=Not Wanted=), rather than the classification applied by Microsoft Update.

Possibly a more appropriate way to achieve what I think you're trying to
achieve is to based the decision based on the update Classification (e.g.
Critical Updates, Security Updates, Update Rollups, Service Packs,
Definition Updates, etc.). Anything that would be classified as Optional
Updates will *not* be in one of these enumerated classifications. In WSUS,
almost without exception, "Optional Updates" would be distributed in the
generic "Updates" classification; although, not all content in the "Updates"
classification is necessarily optional content.

Casey Motherway

unread,
Nov 12, 2008, 10:48:00 PM11/12/08
to
This is exactly the info I have been looking for. Thank you Lawrence you
have been very helpful.

dru...@gmail.com

unread,
May 12, 2017, 6:53:09 PM5/12/17
to
Hi Casey,

I'm trying to achieve similar pro grammatically. Making a determination, if update is important or optional. Eager to know, what you ended up using to make the determination in your case.

Appreciate your response.

~Drumyl
Reply all
Reply to author
Forward
0 new messages