How to Get the Last Windows Update Installation Date in Batch Script
Knowing exactly when the last Windows update was installed is critical for system auditing, troubleshooting performance drops, and ensuring compliance with security policies. If a system starts behaving strangely, the first question a senior engineer asks is, "What changed recently?" Being able to extract the date of the most recent patch via a Batch script allows you to automate these health checks and build alerts if a system hasn't been updated in a significant amount of time.
This guide covers how to retrieve this information using wmic, PowerShell, and the Windows Registry.
Why Track Update Dates?
- Identify Regression: Determine if a recent update correlates with a new bug in your application.
- Audit Compliance: Verify that a security patch was applied within the required timeframe.
- Predict Maintenance: Monitor how long a system has been running without the latest cumulative updates.
In Windows Management Instrumentation (WMI), the installation date of a patch is stored in the InstalledOn property of the Win32_QuickFixEngineering class.
Method 1: Using WMIC to List Recent Updates
The wmic command provides a quick way to query the update database and display installation dates.
wmic.exe has been deprecated since Windows 10 21H1 and is removed in some Windows 11 builds. If wmic is unavailable on your system, use Method 2 instead.
@echo off
echo [PROCESS] Retrieving installation dates...
rem List all updates and their installation dates
wmic qfe get HotFixID,InstalledOn /format:table
pause
Method 2: Finding the Single Most Recent Update (Recommended)
Because Batch is not natively good at comparing dates (especially across different regions), the most reliable way to find the "last" update is to use a PowerShell one-liner called from your Batch script.
@echo off
setlocal
echo ============================================================
echo Latest Windows Update Information
echo ============================================================
set "LATEST_UPDATE="
rem Use PowerShell to find the single latest update with a valid date
for /f "delims=" %%i in ('powershell -noprofile -command ^
"Get-HotFix | Where-Object { $_.InstalledOn -ne $null } | Sort-Object InstalledOn -Descending | Select-Object -First 1 | ForEach-Object { $_.HotFixID + ' installed on ' + $_.InstalledOn.ToString('yyyy-MM-dd') }"') do (
set "LATEST_UPDATE=%%i"
)
if defined LATEST_UPDATE (
echo [SUCCESS] The last update found was:
echo %LATEST_UPDATE%
) else (
echo [WARNING] Could not determine the last update date.
echo [INFO] No hotfixes with valid installation dates were found.
)
echo ============================================================
endlocal
pause
Method 3: Checking via the Registry
Windows stores the date and time of the last successful update check and installation in the registry. The exact key location varies by Windows version.
The Auto Update\Results\Install registry path used in older guides was deprecated in many Windows 10 and 11 builds. The script below checks multiple known locations.
@echo off
setlocal
echo [PROCESS] Checking Registry for last update timestamp...
set "FOUND=0"
rem Try the legacy path (Windows 7 / early Windows 10)
set "REG_PATH=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install"
reg query "%REG_PATH%" /v "LastSuccessTime" >nul 2>&1
if %errorlevel% equ 0 (
echo [Legacy path found]
reg query "%REG_PATH%" /v "LastSuccessTime"
set "FOUND=1"
)
rem Try the modern path via PowerShell WMI query
if %FOUND% equ 0 (
echo [INFO] Legacy registry key not found. Querying via PowerShell...
powershell -noprofile -command ^
"$session = New-Object -ComObject Microsoft.Update.Session;" ^
"$searcher = $session.CreateUpdateSearcher();" ^
"$count = $searcher.GetTotalHistoryCount();" ^
"if ($count -gt 0) {" ^
" $latest = $searcher.QueryHistory(0,1) | Select-Object -First 1;" ^
" Write-Host ('Last update: ' + $latest.Title);" ^
" Write-Host ('Installed on: ' + $latest.Date.ToString('yyyy-MM-dd HH:mm:ss'));" ^
"} else {" ^
" Write-Host 'No update history found.';" ^
"}"
)
endlocal
pause
Common Pitfalls and How to Avoid Them
Date Formatting Conflicts
On an American system, dates appear as MM/DD/YYYY. On a European system, they are DD/MM/YYYY. Trying to parse these strings manually in Batch often leads to incorrect comparisons.
Wrong Way:
:: Trying to find the "highest" date using string comparison
if "10/01/2023" LSS "09/30/2023" ...
:: String comparison treats "10" > "09", giving wrong chronological results.
Correct Way:
Always use a PowerShell bridge (as shown in Method 2) for date sorting. PowerShell treats dates as DateTime objects, handles regional formats automatically, and sorts them chronologically.
Superseded Updates
The list of updates may grow very long. Over time, newer updates replace older ones.
The "Last Update Date" might refer to a small security patch rather than a major "Feature Update." To check for major OS version changes, use systeminfo | findstr /B /C:"OS Version" instead.
Best Practices for Automation
- Log File Creation: If you are auditing a network, save the latest update date to a central server:
if defined LATEST_UPDATE (echo %COMPUTERNAME%, %LATEST_UPDATE% >> "\\Server\Logs\UpdateAudit.csv")
- Combine with Uptime: It's helpful to see both the last update date and the current system uptime to decide if a reboot is pending.
- Check for Failures: Don't just look for success; also look for failed installation attempts in the Event Viewer to identify struggling systems.
While querying WMI for update history can be done as a standard user, accessing certain registry keys or running advanced PowerShell commands for auditing generally requires Administrator privileges for full accuracy.
Conclusion
Getting the last Windows update installation date via a Batch script is a vital component of professional system management. While wmic provides a quick overview, using a PowerShell-Batch hybrid allows for sophisticated sorting and precise reporting. By integrating these checks into your standard maintenance routines, you can ensure that your systems are not only up-to-date but also documented, allowing for faster troubleshooting and more reliable security compliance. Always prioritize robust date-parsing methods to ensure your scripts work consistently across different regional settings and Windows versions.