Starting Windows Updates from the CLI

Starting Windows Updates from the CLI

Recently, I was given a generic user network login to use. But, I was performing computer security tasks and needed to have administrative access in order to check various settings. As a result of my needs, the network administrator gave me access to an “administrator command prompt”. Since I was not a local administrator on the desktop, I need to open CLI (command line interface) each time I wanted to do anything with administrative privileges. For instance, I wanted to check for Windows patch compliance, and was stumped by three items:

  1. Opening the Windows Update GUI did not allow me to change settings or to run update scans. Everything was greyed out.
  2. Opening the Computer Service GUI did not allow me start the Windows Update service, which was stopped.
  3. Opening the Computer Services GUI did not allow me to enable the Windows Update service, which was disabled.

If you ever run into locked down configurations which don’t let you patch, I thought you might appreciate knowing how to fix the settings and patch if you have access to run the command line with administrative privileges. The steps are:

  1. Start the command line:
    • Right-click the Command Prompt menu item | Select Run-As
  2. Enable the Windows service:
    • Run sc config wuauserv start= auto
  3. Start the Windows service:
    • Run net start wuauserv
  4. Start the Windows Update GUI:
    • Run wuapp.exe startmenu
  5. Run the patch scan:
    • Press the “Check for Updates” button
    • Wait for the results

Notice that in step five above, you will have access to all the options within the Windows Update GUI because you initiated the interface with administrative access. This should solve the issue documented in (A) above. Step two solves the issue of (B) and step three solves the issue with (C). So, with all three issues solved, the machine should now accept patching.