Since Windows 10 1709 and Server 2019, Microsoft has been shipping the Windows Update Provider PowerShell module with the OS. Its functions master the basic tasks of patch management. Admins can also use them to remotely initiate the download and installation of updates.

While most Windows features have long supported detailed automation via PowerShell, this option was missing for the update client; it is now available to a limited extent. Compared to the popular PSWindowsUpdate by Michal Gajda, Microsoft's own module is less powerful.

Availability as an advantage

The main advantages of Windows Update Provider are its official support by Microsoft and that all newer versions of the operating system already have it on board. Therefore, when using it for remote management, you can assume that the required functions are already available on the target computer. In contrast, third-party modules must first be installed on every managed PC.

However, it is not possible to copy Microsoft's Windows Update Provider to older versions of Windows, such as Server 2012 R2 or 2016, because the CIM class required by the functions does not exist on those versions.

More control over updates

Command line tools such as usoclient.exe, wuinstall, or PowerShell cmdlets give admins more control over the update process because they can explicitly request the scan, download, install, or restart. This is useful, for example, if you want to secure a freshly installed computer by installing the latest patches. In addition, PowerShell is useful on Server Core because there is no GUI for managing updates.

Overview of the range of functions

If you search for Windows Update modules using

Get-Module -Name *Update*

then the command returns two results. While one of them is WindowsUpdate, the module only contains a function called Get-WindowsUpdateLog.

The commands intended for the management of the update client can be found in WindowsUpdateProvider. They can be listed with:

Get-Command -Module WindowsUpdateProvider

As you can see, these are not cmdlets but only functions.

Functions of the WindowsUpdateProvider module

Functions of the WindowsUpdateProvider module

For example, if you want to display the contents of Start-WUScan with

Get-Content Function:\Start-WUScan

then you can see that this function operates on the basis of the CIM class MSFT_WUOperations. The same applies to Install-WUUpdates.

The functions of the WindowsUpdateProvider module use the methods of the CIM class MSFT WUOperations

The functions of the WindowsUpdateProvider module use the methods of the CIM class MSFT WUOperations

While Get-WULastInstallationDate and Get-WULastScanSuccessDate are used to examine previous updates, and Get-WUAVersion outputs the version of the client, the three remaining functions provide the actual update management.

Checking for updates

As the name suggests, Start-WUScan looks for available updates. You cannot specify a source for updates; rather, the function queries the update server configured on the computer. This is a WSUS server in most cases.

If you don't specify any parameter, all updates that apply to the system will appear in the results. The only way to restrict the list is with SearchCriteria, which you have to pass a search expression:

Start-WUScan -SearchCriteria "Type='Software' AND IsInstalled=0"

The permitted search criteria follow the syntax described in the API documentation, but Microsoft does not offer any specific information on WindowsUpdateProvider as a whole.

As an alternative to the settings app, you can use Start WUScan to check for new updates

As an alternative to the settings app, you can use Start WUScan to check for new updates

For example, it is practical to query remote computers to find out whether a specific update is installed there. Since the ComputerName parameter is not supported, you have to use the Invoke-Command:

$u = Invoke-Command -ComputerName MyPC -ScriptBlock {Start-WUScan -SearchCriteria "UpdateId='<GUID-of-Update>' AND IsInstalled=1"} -Credential admin\contoso

After executing the command, the variable $u will contain all updates which match the search criteria.

Downloading and installing updates

If you want to install pending updates, you have to save the result of Start-WUScan in a variable, as in the example above. You then pass this on to Install-WUUpdates. But first you establish a CIM session on the remote computer:

$cs = New-CimSession -ComputerName MyPC -Credential Credential admin\contoso
Install-WUUpdates -Updates $u -DownloadOnly -CimSession $cs

This example command only downloads the updates.

Find, download, and install updates on a remote PC with the WindowsUpdateProvider functions

Find, download, and install updates on a remote PC with the WindowsUpdateProvider functions

You then initiate the actual installation by executing Install-WUUpdate once more without the DownloadOnly switch:

Install-WUUpdates -Updates $u -CimSession $cs

Querying pending reboot

If the computer must be restarted after installing updates, you cannot initiate it via Install-WUUpdates. However, it is possible to query whether a reboot is pending with another function of this module:


If the command yields the value $true, then you can reboot the PC at the desired time using the Cmdlet Restart-Computer.

After installing the updates, you can query a pending reboot with Get WUIsPendingReboot

After installing the updates, you can query a pending reboot with Get WUIsPendingReboot

Get-WUIsPendingReboot can also be used to query a pending reboot of a remote computer.

Check remotely whether a restart is required

Check remotely whether a restart is required

The function simplifies this task considerably compared to the method that looks for it in the registry.

Subscribe to 4sysops newsletter!


With the WindowsUpdateProvider module, Microsoft has provided the basic functions for managing updates via PowerShell, beginning with Windows 10 1709 and Server 2019. They are particularly suitable for updating computers remotely. However, the integrated module does not come close to the capabilities of PSWindowsUpdate.

  1. Thanks for the article, just a confirmation, this is only for Windows Server 2019 and not for 2016 ?

    • Wolfgang Sommergut 3 years ago

      Paolo, that’s correct!

      Get-Module -Name *Update* -ListAvailable

      will only show the Module WindowsUpdate on Server 2016

      • Thanks Wolfang for your confirmation.

        • Leos Marek (Rank 4) 3 years ago

          Your comments are confusing guys 🙂 The article speaks about Win2019, Paolo asked about Win 2019, Wolfgang replied its only available on Win 2016 and Paolo did say thanks :)))))

  2. Leos Marek (Rank 4) 3 years ago

    I guess this is the same thing that the WIMwitch.ps1 script you wrote a while ago is using?

  3. Rrichard Sterling 3 years ago

    Hello everyone,

    I did a clean install of Windows 10 2004 (the gold code was posted on Visual Studio/MSDN a few weeks ago) and can't find "WindowsUpdateProvider".  Am I doing something wrong or did something change?


    PS C:\> Get-Module -Name *Update*
    PS C:\>
    PS C:\> Get-Command -Module WindowsUpdateProvider
    PS C:\>

    • Wolfgang Sommergut 3 years ago

      Hi Richard, you are right. Just checked Windows 10 2004 for this module. Microsoft has removed it. And it's not even possible to copy it over from a previous version. You will get an "Invalid namespace" CIM exception.

  4. Andrew 3 years ago


    Same issue: Windows 10 Pro 2004, having issue with this module throwing errors.

    Anyone know of a replacement module to use or what the story is?
    (I am also having other odd experiences but unrelated to updates so wont comment on that here).

  5. Stig 3 years ago

    Does the operation "Start-WUScan" update the "Last checked" date and time in the GUI ?

    This has been a problem using cmdline or API to perform a scan.

  6. G 3 years ago

    Sounds to me like the creator of the PSwindowsupdate module is about to get paid!

Leave a reply

Your email address will not be published.


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account