Categories
Powershell SCCM Systems Administration Uncategorized

How to Opt-In and Detect to Microsoft Update for other Microsoft products using Powershell

Update 2021-10-07: Updated broken links.

Update 2018-03-25: Updated the script to make it more easily runnable from the command line (thanks Grant for the suggestion). I’ve also made the script available from on my Gitlab repo. To run the script from the command line, download it from the Gitlab repo, and then execute like this:

# CMD Prompt
powershell.exe -ExecutionPolicy Bypass -File C:\Configure-UpdateMSProducts.ps1 -RunType InstallService
# PowerShell Prompt
C:\Configure-UpdateMSProducts.ps1 -RunType InstallService

Update 2017-04-05: Thanks to some help from rog in the comments, I discovered there is a way to do this using group policy! 😀 To set this using group policy, go to Computer Configuration\Administrative Templates\Windows Components\Windows Update\ and configure the Configure Automatic Updates setting. In this setting there is a checkbox to set the Install updates for other Microsoft products setting. I will note, however, that this setting is not available in the local group policy editor for Windows 7, so I’m not sure if this setting would correctly apply to a Windows 7 machine. It’s definitely available on a Windows 10 1607 machine, though. Thanks for the help on this one, rog!

With Windows 10 out, we have been investigating how we can better deploy and manage Windows computers. Previously have deployed our images using an SCCM server, and then managed updates using WSUS integrated with SCCM, but Windows 10 brings a new update method, Windows Update for Business.

However, have you ever seen a checkbox with this label in your updates settings: Give me updates for other Microsoft products when I update Windows. How do you set this?

My first thought was to set this from group policy. Since this is how you set the Windows Update for Business settings, this would be the correct way to set the update method for other Microsoft products, right? So I have a look through the Windows Update, but can’t find the setting. I also do a little searching online, but all I can find is This Question on Microsoft’s forum. Here, JuliusPIV is asking the exact question I have.

So what’s the solution JuliusPIV found? This Microsoft page, Opt-In to Microsoft Update where Microsoft describes how to set enable it. Fixed, right?

There are two issues with this solution:

  1. It uses VBScript. I hate VB
  2. It doesn’t have any way to turn the setting back off again, or detect whether it is on or off

So I worked out how to do it in Powershell, and added a few extra options.

Solution:

Here’s how to turn it on

$ServiceManager = New-Object -ComObject "Microsoft.Update.ServiceManager"
$ServiceManager.ClientApplicationID = "My App"
$NewService = $ServiceManager.AddService2("7971f918-a847-4430-9279-4a52d1efe18d",7,"")

Here’s how to turn it off

$ServiceManager = New-Object -ComObject "Microsoft.Update.ServiceManager"
$ServiceManager.RemoveService("7971f918-a847-4430-9279-4a52d1efe18d")

Here’s a snippet of Powershell that will do whatever you want:

param(
    [String][ValidateSet('Detect','InstallService','RemoveService')]$RunType = "InstallService"
)

# Prepare a Windows Update service manager
$ServiceManager = New-Object -ComObject "Microsoft.Update.ServiceManager"

$ServiceID = "7971f918-a847-4430-9279-4a52d1efe18d"

# 
switch ($RunType)
{
    "Detect"
    {
        $found = $false
        foreach($service in $ServiceManager.Services)
        {
            if($service.ServiceID -eq $ServiceID)
            {
                $found = $true
            }
        }

        if($found)
        {
            "Found Service"
        }
    }
    "InstallService"
    {
        $ServiceManager.ClientApplicationID = "My App"
        try
        {
            $NewService = $ServiceManager.AddService2($ServiceID,7,"")
        }
        catch
        {
            Write-Warning "Failed to register service"
            Write-Warning $_.Exception.Message
            Exit 1
        }
        if($NewService.IsPendingRegistrationWithAU)
        {
            Write-Verbose "Needs to reboot"
            Exit 3010
        }
        else
        {
            Exit 0
        }
    }
    "RemoveService"
    {
        try
        {
            $ServiceManager.RemoveService($ServiceID)
        }
        catch
        {
            if($_.Exception.ErrorCode -eq -2145091564)
            {
                Write-Verbose "The service doesn't exist, so exit successfully"
                Exit 0
            }
            else
            {
                Write-Warning "Failed to remove service"
                Write-Warning $_.Exception.Message
                Exit 1
            }
        }
    }
    default
    {
        Write-Warning "No RunType set. Exiting"
        Exit 1
    }
}

15 replies on “How to Opt-In and Detect to Microsoft Update for other Microsoft products using Powershell”

Not sure if this was added with the 1607 anniversary update, but there is an “Install updates for other Microsoft products” checkbox in Group Policy option under “Configure Automatic Updates” now at Computer Configuration>Administrative Templates>Windows Components>Windows Update

Hi rog, thanks for the feedback. I think this must have been added recently. I’ve had a look on my group policy editor and I can’t see that setting.

I’m going to update the ADMX files on my domain controllers, and have a look again. I’ll update you once I’ve done this.

Hi rog, thank heaps for this comment. You are 100% correct, this setting is now configurable through group policy. I wasn’t able to see it the other day when I checked, because I was on a Windows 7 machine, looking in the local group policy editor. However, I have confirmed it is available in Windows 10 as you mentioned.

I have updated the article with the group policy method of setting it.

Hi Mark,

I was able to set the setting on a test machine, running 1703 Enterprise, using the local group policy editor. It took about 5 mins before the setting actually switched, after I set it.

Does the setting not apply, or is it not visible? If you can’t see all the settings, I would recommend checking your ADMX templates are up do date. You can download the 1607/Server 2016 templates from here: https://www.microsoft.com/en-us/download/details.aspx?id=53430

Let me know if you still can’t get this working, as I’ve been able to use it in my environment.

I recently download and populated Windows 10 1709 ADMX templates into the central store and enabled “Install updates for other Microsoft products”. Even after doing gpupdate on servers (2016, 2012R2, etc) and gpupdate /force, the option is not applying.

When running RSOP.msc, it shows the setting is applied without issue from the correct GPO, however, Windows update does not show the option selected nor do Microsoft updates show.

Hi, can you please describe how to use this powerscript? I tried pasted ur script in text editor and saved it as msupdate.ps1 on E:

When running in command prompt “powershell.exe -executionpolicy bypass -file E:\msupdate.ps1” it shows nothing or give any choice options.

Thanks.

Hi Grant,

I’ve updated the script to make it easier to run from the command line. I’ve also added a snippet to the beginning of the post on how to run it. See the updated script here on my Gitlab repo: https://gitlab.com/jay.t/windows-powershell-scripts/blob/master/Configure-UpdateMSProducts.ps1

You should now be able to run it using the line:
powershell.exe -ExecutionPolicy Bypass -File C:\Configure-UpdateMSProducts.ps1 -RunType InstallService

I’ve noticed sometimes when executing the script there is some delay in the tick-box being enabled in the settings app. I wonder if the Windows Update client is actually trying to connect to the server before changing the setting.

Regards
Jay

I’ve noticed, that this script

$ServiceManager = New-Object -ComObject “Microsoft.Update.ServiceManager”
$ServiceManager.ClientApplicationID = “My App”
$NewService = $ServiceManager.AddService2(“7971f918-a847-4430-9279-4a52d1efe18d”,7,””)

works only if computer has internet access.

So, if there is no internet access, script doesn’t work.

Yes, that’s correct. I believe it works properly through a proxy, but I haven’t found any way to make it work without some sort of connection to Microsoft servers.

Using this script will not work exactly the same as using the slider in Windows control panel. This script actually removes the complete service. The slider only switches the settings of the Microsoft Update Service properties and the Windows Update Service properties.

Microsoft Update
Service ServiceID 7971f918-a847-4430-9279-4a52d1efe18d
Service IsDefaultAUService True
Service IsRegisteredWithAU True
Service OffersWindowsUpdates True
Service URL https://fe2cr.update.microsoft.com/v6/

Windows Update
Service ServiceID 9482f4b4-e343-43b6-b170-9a65bc822c77
Service IsDefaultAUService False
Service IsRegisteredWithAU False
Service OffersWindowsUpdates True
Service URL https://fe2cr.update.microsoft.com/v6/

To check this with PS (use slider to in Settings to see different results)
### Connect Service Manager
$ServiceManager = New-Object -ComObject “Microsoft.Update.ServiceManager”

### Get info on services
foreach($service in $ServiceManager.Services)
{
Write-host $service.Name
Write-host (” Service ServiceID ” + $service.ServiceID)
Write-host (” Service IsDefaultAUService ” + $service.IsDefaultAUService)
Write-host (” Service IsRegisteredWithAU ” + $service.IsRegisteredWithAU)
Write-host (” Service OffersWindowsUpdates ” + $service.OffersWindowsUpdates)
Write-host (” Service URL ” + $service.ServiceUrl)
}

Hi Jay,

I tried accessing your GitLab project but was met with lack of permission message.

Could you share the information so I can run my testing and see if it works on the latest Win10?

Leave a Reply to Jay Tuckey Cancel reply

Your email address will not be published. Required fields are marked *