How to Opt-In and Detect to Microsoft Update for other Microsoft products using Powershell

Update 2018-03-25: Updated the script to make it more easily runnable from the command line (thanks Grant for the suggestion). I’ve also made the script available from on my Gitlab repo. To run the script from the command line, download it from the Gitlab repo, and then execute like this:

# CMD Prompt
powershell.exe -ExecutionPolicy Bypass -File C:\Configure-UpdateMSProducts.ps1 -RunType InstallService
# PowerShell Prompt
C:\Configure-UpdateMSProducts.ps1 -RunType InstallService

Update 2017-04-05: Thanks to some help from rog in the comments, I discovered there is a way to do this using group policy! 😀 To set this using group policy, go to Computer Configuration\Administrative Templates\Windows Components\Windows Update\ and configure the Configure Automatic Updates setting. In this setting there is a checkbox to set the Install updates for other Microsoft products setting. I will note, however, that this setting is not available in the local group policy editor for Windows 7, so I’m not sure if this setting would correctly apply to a Windows 7 machine. It’s definitely available on a Windows 10 1607 machine, though. Thanks for the help on this one, rog!

With Windows 10 out, we have been investigating how we can better deploy and manage Windows computers. Previously have deployed our images using an SCCM server, and then managed updates using WSUS integrated with SCCM, but Windows 10 brings a new update method, Windows Update for Business.

However, have you ever seen a checkbox with this label in your updates settings: Give me updates for other Microsoft products when I update Windows. How do you set this?

My first thought was to set this from group policy. Since this is how you set the Windows Update for Business settings, this would be the correct way to set the update method for other Microsoft products, right? So I have a look through the Windows Update, but can’t find the setting. I also do a little searching online, but all I can find is This Question on Microsoft’s forum. Here, JuliusPIV is asking the exact question I have.

So what’s the solution JuliusPIV found? This Microsoft page, Opt-In to Microsoft Update where Microsoft describes how to set enable it. Fixed, right?

There are two issues with this solution:

  1. It uses VBScript. I hate VB
  2. It doesn’t have any way to turn the setting back off again, or detect whether it is on or off

So I worked out how to do it in Powershell, and added a few extra options.

Solution:

Here’s how to turn it on

$ServiceManager = New-Object -ComObject "Microsoft.Update.ServiceManager"
$ServiceManager.ClientApplicationID = "My App"
$NewService = $ServiceManager.AddService2("7971f918-a847-4430-9279-4a52d1efe18d",7,"")

Here’s how to turn it off

$ServiceManager = New-Object -ComObject "Microsoft.Update.ServiceManager"
$ServiceManager.RemoveService("7971f918-a847-4430-9279-4a52d1efe18d")

Here’s a snippet of Powershell that will do whatever you want:

param(
    [String][ValidateSet('Detect','InstallService','RemoveService')]$RunType = "InstallService"
)

# Prepare a Windows Update service manager
$ServiceManager = New-Object -ComObject "Microsoft.Update.ServiceManager"

$ServiceID = "7971f918-a847-4430-9279-4a52d1efe18d"

# 
switch ($RunType)
{
    "Detect"
    {
        $found = $false
        foreach($service in $ServiceManager.Services)
        {
            if($service.ServiceID -eq $ServiceID)
            {
                $found = $true
            }
        }

        if($found)
        {
            "Found Service"
        }
    }
    "InstallService"
    {
        $ServiceManager.ClientApplicationID = "My App"
        try
        {
            $NewService = $ServiceManager.AddService2($ServiceID,7,"")
        }
        catch
        {
            Write-Warning "Failed to register service"
            Write-Warning $_.Exception.Message
            Exit 1
        }
        if($NewService.IsPendingRegistrationWithAU)
        {
            Write-Verbose "Needs to reboot"
            Exit 3010
        }
        else
        {
            Exit 0
        }
    }
    "RemoveService"
    {
        try
        {
            $ServiceManager.RemoveService($ServiceID)
        }
        catch
        {
            if($_.Exception.ErrorCode -eq -2145091564)
            {
                Write-Verbose "The service doesn't exist, so exit successfully"
                Exit 0
            }
            else
            {
                Write-Warning "Failed to remove service"
                Write-Warning $_.Exception.Message
                Exit 1
            }
        }
    }
    default
    {
        Write-Warning "No RunType set. Exiting"
        Exit 1
    }
}