Discussion:
Detecting updates programmatically
(too old to reply)
Dilip
2008-09-03 17:49:15 UTC
Permalink
I wanted to use the WUApi.dll to programmatically detect the
availability of windows updates. I noticed that a call to
IUpdateSearcher::Search actually goes out and makes a network call to
the windows update server to determine if updates are available.
Since we already have the windows update service (wuauserv) running on
our machines and since it already does the job for us, I was wondering
is it possible for me to talk to wuauserv programmatically and get the
status of available updates?

In short, I don't want to talk to the windows update server directly.
I am okay with whatever status the wuauserv can provide me. Is this
possible?
Casey Motherway
2008-11-12 21:47:00 UTC
Permalink
Can you explain what criteria is used to determine whether an update is
considered "important" by Microsoft. For example on Vista, some of the
updates are checked automatically for install and some are not. The ones
that are checked are labeled "Important", "Recommended", ... in the UI. I am
attempting to determine which Microsoft is recommending that the user install
using WUA. IUpdate::MsrcSeverity seems like it is the logical answer. It
returns "Low", "Moderate", "Important", and "Critical" according to the
documentation. However, I am seeing that in some cases the value is blank.
Yet the update with the blank MsrcSeverity is being reported as "Important"
in the Windows Update UI. So is there something other than MsrcSeverity that
is being used by Windows to determine this?
Post by Dilip
I wanted to use the WUApi.dll to programmatically detect the
availability of windows updates. I noticed that a call to
IUpdateSearcher::Search actually goes out and makes a network call to
the windows update server to determine if updates are available.
Since we already have the windows update service (wuauserv) running on
our machines and since it already does the job for us, I was wondering
is it possible for me to talk to wuauserv programmatically and get the
status of available updates?
I think you may be confused about the basics of how WSUS/WUA works.
First, when you use the WUA API, you *are* talking to wuauserv.
Second, regardless of what you talk to or with, if you want the "status of
available updates", something is going to have to first go ask the WSUS
server what updates are =available=. Then the WUA needs to determine =IF=
any of those available updates are NEEDED by the client system.
The client side knows *nothing* about what updates are available; it must
check every time it executes a detection -- as the "availability" of those
updates can change on a moment's notice if the WSUS Administrator decides to
unapprove an update.
In fact, if the WSUS Administrator approves an update, and the WUA downloads
the content and schedules an installation, and then executes another
detection before the scheduled installation, and the update is no longer
approved, the WUA will actually UNschedule the installation!
--
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Senior Data Architect, APQC, Houston, Texas
Microsoft MVP - Software Distribution (2005-2008)
MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Lawrence Garvin (MVP)
2008-11-12 23:30:17 UTC
Permalink
Post by Casey Motherway
Can you explain what criteria is used to determine whether an update is
considered "important" by Microsoft.
The authors of the update package make that determination.
Post by Casey Motherway
For example on Vista, some of the
updates are checked automatically for install and some are not. The ones
that are checked are labeled "Important", "Recommended", ... in the UI. I am
attempting to determine which Microsoft is recommending that the user install
using WUA. IUpdate::MsrcSeverity seems like it is the logical answer. It
returns "Low", "Moderate", "Important", and "Critical" according to the
documentation. However, I am seeing that in some cases the value is blank.
Yet the update with the blank MsrcSeverity is being reported as "Important"
in the Windows Update UI. So is there something other than MsrcSeverity that
is being used by Windows to determine this?
MSRC Severity only applies to =security= updates, which are associated with
Security Bulletins.

This is but a small part of the updates that can be made available, and
classified.

Both security, and non-security, updates are classified as
Critical/Important etc.


For detailed information on the definitions of the update levels in Vista:
http://www.microsoft.com/windows/downloads/windowsupdate/updatelevels.mspx
--
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Casey Motherway
2008-11-12 23:46:01 UTC
Permalink
Lawrence,

I truly appreciate your prompt response as this is an issue that I need to
iron out by tomorrow.

I had a hunch that MsrcSeverity only applied to security updates. Thank you
for confirming that.

I am still unsure however, how to determine which updates are considered
"optional" programatically. Is there a way to do this with WUA?

Thank you,
Casey
Post by Lawrence Garvin (MVP)
Post by Casey Motherway
Can you explain what criteria is used to determine whether an update is
considered "important" by Microsoft.
The authors of the update package make that determination.
Post by Casey Motherway
For example on Vista, some of the
updates are checked automatically for install and some are not. The ones
that are checked are labeled "Important", "Recommended", ... in the UI. I am
attempting to determine which Microsoft is recommending that the user install
using WUA. IUpdate::MsrcSeverity seems like it is the logical answer. It
returns "Low", "Moderate", "Important", and "Critical" according to the
documentation. However, I am seeing that in some cases the value is blank.
Yet the update with the blank MsrcSeverity is being reported as "Important"
in the Windows Update UI. So is there something other than MsrcSeverity that
is being used by Windows to determine this?
MSRC Severity only applies to =security= updates, which are associated with
Security Bulletins.
This is but a small part of the updates that can be made available, and
classified.
Both security, and non-security, updates are classified as
Critical/Important etc.
http://www.microsoft.com/windows/downloads/windowsupdate/updatelevels.mspx
--
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Lawrence Garvin (MVP)
2008-11-13 01:57:05 UTC
Permalink
Post by Casey Motherway
I am still unsure however, how to determine which updates are considered
"optional" programatically. Is there a way to do this with WUA?
Unfortunately there is not. While the MSRC Severity is coded in the metadata
for security updates, the issue of Optional vs (non)Optional is really
insignificant to the WSUS environment -- either you're going to approve the
update or you're not -- and that data is not coded in the metadata.

The issue of Important vs Recommended vs Optional is really only significant
to the Vista "Automatic Updates" scenario, where the Vista user wishes to
exercise some control over the volume (or type) of updates automatically
installed. In a WSUS scenario, that decision is made by the WSUS
Administrator, presumably by some more specific criteria (like =Needed= or
=Not Wanted=), rather than the classification applied by Microsoft Update.

Possibly a more appropriate way to achieve what I think you're trying to
achieve is to based the decision based on the update Classification (e.g.
Critical Updates, Security Updates, Update Rollups, Service Packs,
Definition Updates, etc.). Anything that would be classified as Optional
Updates will *not* be in one of these enumerated classifications. In WSUS,
almost without exception, "Optional Updates" would be distributed in the
generic "Updates" classification; although, not all content in the "Updates"
classification is necessarily optional content.
--
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Casey Motherway
2008-11-13 03:48:00 UTC
Permalink
This is exactly the info I have been looking for. Thank you Lawrence you
have been very helpful.
Post by Lawrence Garvin (MVP)
Post by Casey Motherway
I am still unsure however, how to determine which updates are considered
"optional" programatically. Is there a way to do this with WUA?
Unfortunately there is not. While the MSRC Severity is coded in the metadata
for security updates, the issue of Optional vs (non)Optional is really
insignificant to the WSUS environment -- either you're going to approve the
update or you're not -- and that data is not coded in the metadata.
The issue of Important vs Recommended vs Optional is really only significant
to the Vista "Automatic Updates" scenario, where the Vista user wishes to
exercise some control over the volume (or type) of updates automatically
installed. In a WSUS scenario, that decision is made by the WSUS
Administrator, presumably by some more specific criteria (like =Needed= or
=Not Wanted=), rather than the classification applied by Microsoft Update.
Possibly a more appropriate way to achieve what I think you're trying to
achieve is to based the decision based on the update Classification (e.g.
Critical Updates, Security Updates, Update Rollups, Service Packs,
Definition Updates, etc.). Anything that would be classified as Optional
Updates will *not* be in one of these enumerated classifications. In WSUS,
almost without exception, "Optional Updates" would be distributed in the
generic "Updates" classification; although, not all content in the "Updates"
classification is necessarily optional content.
--
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
d***@gmail.com
2017-05-12 22:53:08 UTC
Permalink
Post by Casey Motherway
This is exactly the info I have been looking for. Thank you Lawrence you
have been very helpful.
Post by Lawrence Garvin (MVP)
Post by Casey Motherway
I am still unsure however, how to determine which updates are considered
"optional" programatically. Is there a way to do this with WUA?
Unfortunately there is not. While the MSRC Severity is coded in the metadata
for security updates, the issue of Optional vs (non)Optional is really
insignificant to the WSUS environment -- either you're going to approve the
update or you're not -- and that data is not coded in the metadata.
The issue of Important vs Recommended vs Optional is really only significant
to the Vista "Automatic Updates" scenario, where the Vista user wishes to
exercise some control over the volume (or type) of updates automatically
installed. In a WSUS scenario, that decision is made by the WSUS
Administrator, presumably by some more specific criteria (like =Needed= or
=Not Wanted=), rather than the classification applied by Microsoft Update.
Possibly a more appropriate way to achieve what I think you're trying to
achieve is to based the decision based on the update Classification (e.g.
Critical Updates, Security Updates, Update Rollups, Service Packs,
Definition Updates, etc.). Anything that would be classified as Optional
Updates will *not* be in one of these enumerated classifications. In WSUS,
almost without exception, "Optional Updates" would be distributed in the
generic "Updates" classification; although, not all content in the "Updates"
classification is necessarily optional content.
--
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Hi Casey,

I'm trying to achieve similar pro grammatically. Making a determination, if update is important or optional. Eager to know, what you ended up using to make the determination in your case.

Appreciate your response.

~Drumyl

Loading...