How to Get the Windows Update History in Batch Script
Maintaining a clear log of when updates were installed and whether they succeeded or failed is essential for long-term system health. While the "Windows Update History" GUI provides a nice visual list, it is difficult to query for automation or reporting. By using a Batch script to extract the update history, you can generate logs for auditing, identify recurring installation failures, and track system changes over time.
This guide explores how to retrieve this data using wmic, the Windows event log, and a specialized PowerShell bridge for the most accurate results.
Why Extract Update History via Script?
- Auditing: Creating a permanent record of all patches applied to a system for security compliance.
- Troubleshooting: Identifying if a failed update is attempting to re-install itself every day, causing performance issues.
- Reporting: Aggregating the update status of multiple machines into a central spreadsheet.
- Verification: Providing proof that a specific security KB was successfully applied.
The "History" includes everything, successful installs, failed attempts, and uninstalled patches. Commands like wmic qfe only show what is currently on the system.
Method 1: Using WMIC for Installed History
The fastest way to see the history of successful patches is using the wmic qfe command. This queries the Quick Fix Engineering database.
@echo off
echo [PROCESS] Retrieving history of installed patches...
:: List by installation date
wmic qfe get HotFixID,Description,InstalledOn /format:table
pause
Method 2: Using PowerShell for a Comprehensive History
To see failures and pendings (the true "History"), you need to talk to the Windows Update Agent API. Since Batch cannot do this directly, we call a PowerShell script from our Batch file.
@echo off
echo ============================================================
echo Full Windows Update History Report
echo ============================================================
:: PowerShell one-liner to get the complete update history
powershell -Command ^
"$UpdateSession = New-Object -ComObject 'Microsoft.Update.Session'; " ^
"$UpdateSearcher = $UpdateSession.CreateUpdateSearcher(); " ^
"$TotalHistory = $UpdateSearcher.GetTotalHistoryCount(); " ^
"$UpdateSearcher.QueryHistory(0, $TotalHistory) | Select-Object Title, Date, ResultCode | ForEach-Object { " ^
" $Result = switch($_.ResultCode) { 0 {'Not Started'} 1 {'In Progress'} 2 {'Success'} 3 {'Partial Success'} 4 {'Failed'} 5 {'Aborted'} default {'Unknown'} }; " ^
" Write-Host ('[{0}] {1} - {2}' -f $_.Date, $Result, $_.Title) " ^
"}"
echo ============================================================
pause
Understanding Result Codes
- 0: Not Started
- 1: In Progress
- 2: Success
- 3: Succeeded With Errors (partial success, some components may not have installed)
- 4: Failed (This is what you should look for when troubleshooting!)
- 5: Aborted by the user or system.
Method 3: Querying the Event Log
Windows also logs update history in the System Event Log under the source "WindowsUpdateClient."
@echo off
echo [PROCESS] Searching System Event Log for update events...
:: Use wevtutil to find the 5 most recent update installations
wevtutil qe System /q:"*[System[Provider[@Name='Microsoft-Windows-WindowsUpdateClient'] and (EventID=19)]]" /f:text /c:5 /rd:true
pause
Event ID 19 indicates a successful installation.
Common Pitfalls and How to Avoid Them
Sifting through "Superseded" Updates
Your history might show the same KB multiple times if it failed several times before succeeding.
Wrong Way:
:: Assuming the first occurrence is reality
wmic qfe | find "KB123"
Correct Way: Always sort your history by date so you can see if a "Failed" entry on Monday was replaced by a "Success" on Tuesday.
Empty History After Cleanups
If you run a "Disk Cleanup" or clear the SoftwareDistribution folder, your update History might be wiped, even though the updates themselves remain installed.
Advise your users that a blank history doesn't always mean the computer is unpatched; it might just mean the history log has been cleared. Use Method 1 (wmic qfe) to see what is currently active on the system.
Best Practices for History Auditing
- Export to File: For professional reporting, always redirect the output to a text file:
call update_history_script.bat > UpdateLog_%COMPUTERNAME%.txt
- Filter for Failures: Create a specific script to alerts you only when "ResultCode 4" (Failed) appears in the last 24 hours.
- Check Service Status: If the history is not updating, ensure the "Event Log" and "Windows Update" services are running.
If you see a history full of failures, the most common fix is to clear the Update Cache. See the guide on "How to Clear Windows Update Cache" for the specific steps to resolve this.
Conclusion
Retrieving Windows update history via Batch script is a powerful way to audit system health and diagnose stubborn installation issues. By combining the speed of wmic with the detailed data provided by the Windows Update Agent API (via PowerShell), you can create comprehensive reports that go far beyond what the standard GUI offers. This automated approach ensures that you always have an accurate and searchable record of system changes, empowering you to maintain a stable, secure, and well-documented Windows environment.