How to Force Windows Update to Re-detect Available Updates in Batch Script

Sometimes Windows Update gets stuck showing "You're up to date" when updates are actually available, or it keeps offering the same failed update repeatedly. Forcing a re-detection clears the cached scan results and makes the Windows Update agent perform a fresh check against Microsoft's update servers. This is a common troubleshooting step after clearing the SoftwareDistribution folder, changing WSUS settings, or when a machine has been offline for an extended period.

In this guide, we will explore how to force Windows Update to re-detect available updates from a Batch Script using service restarts, the Windows Update Agent API, and registry-based triggers.

Understanding the Re-detection Process

When you force a re-detection, Windows performs these steps:

1. The Windows Update service (wuauserv) clears its cached scan results.
2. The agent contacts the configured update source (Microsoft Update or WSUS).
3. A fresh scan compares installed updates against available updates.
4. New or previously missed updates appear in Settings or WSUS console.

Method 1: Service Restart with Detection Trigger

The simplest approach stops the update service, clears the cached authorization data, and restarts it:

@echo off
setlocal

echo =============================================
echo   FORCE WINDOWS UPDATE RE-DETECTION
echo =============================================
echo.

:: Check for admin privileges
net session >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] This script must be run as Administrator.
    pause
    exit /b 1
)

:: Stop the Windows Update service
echo [1/4] Stopping Windows Update service...
net stop wuauserv >nul 2>&1

:: Verify service stopped
sc query wuauserv | find "STOPPED" >nul 2>&1
if %errorlevel% neq 0 (
    echo [WARNING] Service may not have stopped cleanly.
    timeout /t 5 /nobreak >nul
)

:: Clear the cached authorization cookies
echo [2/4] Clearing cached scan data...
if exist "%systemroot%\SoftwareDistribution\ScanFile" (
    del /f /q "%systemroot%\SoftwareDistribution\ScanFile" >nul 2>&1
)
if exist "%ALLUSERSPROFILE%\Microsoft\Network\Downloader\qmgr*.dat" (
    del /f /q "%ALLUSERSPROFILE%\Microsoft\Network\Downloader\qmgr*.dat" >nul 2>&1
)

:: Restart the service
echo [3/4] Starting Windows Update service...
net start wuauserv >nul 2>&1

:: Trigger detection
echo [4/4] Triggering update detection...
wuauclt /detectnow >nul 2>&1

echo.
echo [DONE] Windows Update will re-scan for available updates.
echo Check Settings ^> Windows Update in a few minutes.
pause

Method 2: Using wuauclt Commands

The wuauclt.exe utility provides direct control over the Windows Update client:

@echo off

echo Forcing Windows Update re-detection...
echo.

:: Force detection (legacy, works on Windows 7/8/Server 2012)
wuauclt /detectnow

:: Force download of detected updates
wuauclt /updatenow

:: Reset authorization (clears WSUS cookie, forces re-registration)
wuauclt /resetauthorization /detectnow

echo [DONE] Detection commands sent.
echo Updates should appear within 5-15 minutes.
pause

Command	Description
wuauclt /detectnow	Trigger an immediate scan for updates
wuauclt /updatenow	Begin downloading and installing detected updates
wuauclt /resetauthorization	Clear WSUS authorization cookie and re-register
wuauclt /reportnow	Send status report to WSUS server immediately

warning

On Windows 10 version 1709 and later, wuauclt /detectnow may have limited effect. Microsoft recommends using the UsoClient utility or PowerShell's Windows Update module instead. The script below covers both approaches.

Method 3: Using UsoClient (Windows 10/11)

The UsoClient.exe is the modern replacement for wuauclt on Windows 10 and 11:

@echo off

echo =============================================
echo   WINDOWS 10/11 UPDATE RE-DETECTION
echo =============================================
echo.

:: Check for admin privileges
net session >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] Run as Administrator.
    pause
    exit /b 1
)

:: Start scan
echo [1/2] Starting update scan...
UsoClient StartScan

:: Optionally start download
echo [2/2] Starting download of available updates...
UsoClient StartDownload

echo.
echo [DONE] Update scan initiated.
echo Check Settings ^> Windows Update for results.
pause

UsoClient Command	Description
StartScan	Scan for updates
StartDownload	Download available updates
StartInstall	Install downloaded updates
ScanInstallWait	Scan, download, and install (combined)
RefreshSettings	Reload update policy settings
RestartDevice	Restart after update installation

Method 4: Full Reset and Re-detection

When a simple re-scan is not enough, perform a complete Windows Update component reset:

@echo off
setlocal

echo =============================================
echo   FULL UPDATE RESET AND RE-DETECTION
echo =============================================
echo.

net session >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] Run as Administrator.
    pause
    exit /b 1
)

:: Step 1: Stop all update-related services
echo [1/6] Stopping services...
net stop wuauserv >nul 2>&1
net stop bits >nul 2>&1
net stop cryptsvc >nul 2>&1

:: Step 2: Clear the SoftwareDistribution folder
echo [2/6] Clearing SoftwareDistribution...
del /f /s /q "%systemroot%\SoftwareDistribution\*" >nul 2>&1
for /d %%p in ("%systemroot%\SoftwareDistribution\*") do rd /s /q "%%p" >nul 2>&1

:: Step 3: Clear catroot2
echo [3/6] Clearing catroot2...
del /f /s /q "%systemroot%\System32\catroot2\*" >nul 2>&1
for /d %%p in ("%systemroot%\System32\catroot2\*") do rd /s /q "%%p" >nul 2>&1

:: Step 4: Re-register update DLLs
echo [4/6] Re-registering DLLs...
regsvr32 /s wuaueng.dll
regsvr32 /s wuaueng1.dll
regsvr32 /s wucltui.dll
regsvr32 /s wups.dll
regsvr32 /s wups2.dll
regsvr32 /s wuweb.dll
regsvr32 /s atl.dll

:: Step 5: Restart services
echo [5/6] Restarting services...
net start bits >nul 2>&1
net start cryptsvc >nul 2>&1
net start wuauserv >nul 2>&1

:: Step 6: Trigger detection
echo [6/6] Triggering re-detection...
wuauclt /resetauthorization /detectnow >nul 2>&1
UsoClient StartScan >nul 2>&1

echo.
echo =============================================
echo   RESET COMPLETE
echo   Windows Update will re-scan from scratch.
echo   The first scan may take 5-15 minutes.
echo =============================================
pause

info

After a full reset, the first update scan takes significantly longer than usual because Windows must rebuild the entire update metadata database. This is normal and expected.

Method 5: PowerShell-Based Detection from Batch

Use the Windows Update COM object for programmatic detection:

@echo off

echo Triggering update scan via Windows Update API...
echo.

powershell -NoProfile -Command "$searcher = (New-Object -ComObject Microsoft.Update.Session).CreateUpdateSearcher(); Write-Host 'Scanning for updates (this may take several minutes)...'; $results = $searcher.Search('IsInstalled=0'); Write-Host ''; if ($results.Updates.Count -eq 0) { Write-Host '[OK] No pending updates found.' } else { Write-Host ('[FOUND] ' + $results.Updates.Count + ' update(s) available:'); Write-Host ''; foreach ($u in $results.Updates) { Write-Host ('  - ' + $u.Title) } }"

echo.
pause

WSUS-Specific Re-detection

For machines managed by a WSUS server:

@echo off
setlocal

echo =============================================
echo   WSUS CLIENT RE-DETECTION
echo =============================================
echo.

net session >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] Run as Administrator.
    pause
    exit /b 1
)

:: Reset WSUS authorization
echo [1/4] Resetting WSUS authorization...
wuauclt /resetauthorization >nul 2>&1

:: Clear cached WSUS cookies
echo [2/4] Clearing WSUS cookies...
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIdValidation /f >nul 2>&1

:: Restart service
echo [3/4] Restarting Windows Update...
net stop wuauserv >nul 2>&1
net start wuauserv >nul 2>&1

:: Trigger detection and reporting
echo [4/4] Triggering detection and WSUS report...
wuauclt /detectnow
wuauclt /reportnow

echo.
echo [DONE] Client will re-register with WSUS and report status.
echo The machine should appear in the WSUS console within 15 minutes.
pause

Common Mistakes

The Wrong Way: Running detectnow Without Stopping the Service

:: INCOMPLETE - May use stale cached scan results
wuauclt /detectnow
:: Detection runs but uses old cached data

Output Concern: If the cached scan data is corrupted or stale, detectnow may simply re-read the cache and report the same outdated results. Stop the service and clear scan files first for a truly fresh detection.

The Wrong Way: Forgetting UsoClient on Windows 10/11

:: LIMITED - wuauclt has reduced functionality on modern Windows
wuauclt /detectnow
:: May silently do nothing on Windows 10 1709+

On Windows 10 version 1709 and later, Microsoft shifted update control to UsoClient.exe. Always try UsoClient StartScan alongside or instead of wuauclt /detectnow for reliable results on modern systems.

Best Practices

1. Use the right tool for the OS: wuauclt for older Windows, UsoClient for Windows 10/11.
2. Clear cache before re-detecting: Delete stale scan files for a fresh start.
3. Run elevated: All update commands require administrator privileges.
4. Allow time: A fresh scan can take 5-15 minutes. Do not assume failure too quickly.
5. Reset authorization for WSUS issues: wuauclt /resetauthorization forces re-registration with the WSUS server.

Conclusion

Forcing Windows Update to re-detect available updates from a Batch Script involves stopping the update service, clearing cached scan data, and triggering a fresh detection with wuauclt /detectnow (legacy) or UsoClient StartScan (Windows 10/11). For persistent issues, a full component reset that clears the SoftwareDistribution folder, re-registers DLLs, and resets WSUS authorization provides the most thorough fix. By combining these approaches, administrators ensure that Windows Update accurately reports and installs all available patches.