We’re all used to updating our Windows Server operating systems with the Windows Update GUI, but did you know that you can update your server using command prompt and “sconfig”?
The past few years I’ve been managing quite a few Windows Server Core Instances that as we all know, do not have a GUI. In order to update those instances, you need to run Windows Update using the command line, but this method actually also works on normal Windows Server instances with the GUI as well!
Please enjoy this video or read on for why and how!
Why?
Using a GUI is great, however sometimes it’s not needed, and sometimes it even causes problems if it looses the backend connection where it’s pulling the data from. I’ve seen this true on newer Windows operating systems where the Windows Update GUI stops updating and you just sit there thinking the updates are running, when they are actually all complete.
The GUI also creates additional overhead and clutter. If there was an easier alternative to perform this function, wouldn’t it just make sense?
On Windows Server instances that have a GUI, I find it way faster and more responsive to just open an elevated (Administrative) command prompt, and kick off Windows Updates from there.
How
You can use this method on all modern Windows Server versions:
- Windows Server (with a GUI)
- Windows Server Core (without a GUI)
This also works with Windows Server Update Services so you can use this method either connecting to Windows Update (Microsoft Update) or Windows Server Update Services (WSUS).
Now lets get started!
- Open an Administrative (elevated) command prompt
- Run “sconfig” to launch the “Server Configuration” application
- Select option “6” to “Download and Install Windows Updates”
- Choose “A” for all updates, or “R” for recommended updates, and a scan will start
- After the available updates are shown, choose “A” for all updates, “N” for no updates, or “S” for single update selection
After performing the above, the updates will download and install.
I find it so much easier to use this method when updating many/multiple servers instead of the GUI. Once the updates are complete and you’re back at the “Server Configuration” application, you can use option “13” to restart Windows.
Hi, can I ask you what will happen to the pop up window once the update is done installing? Does it close off the window by itself?
I have tried it and my window is at installing updates for quite awhile and nothing is happening to indicate that the update has successfully installed. The only means for me to check is get-hotfix in powershell to check if the new update is listed and I am not sure if I can just close off the install window.
Thank you.
Hi Alex,
If nothing is happening and it says “Installing Updates”, then that means it is still in the process of installing updates. I’d recommend waiting for this to complete.
Once completed it will notify you that the updates have been installed.
Cheers,
Stephen
Hi Stephen,
Thanks for the guide, it is really helpful to me.
After waiting for awhile, I finally see the update complete and prompt me for a restart.
Regards,
Alex
WOW!! I have been an SMS-SCCM Admin for 15 years, and have never seen this command.
Problem I have is this rarely finds any updates. I see them when I look at updates in Admin Center, but never in sconfig.
My experience, at least on Server 2012R2 Core, is that sconfig does not respect selecting a single update. If you tell it to “S” and the provide the number of the update you want to install, it will install multiple updates.
We are using SCCM to manage our updates. I don’t like it and typically just click check Microsoft for updates to bypass our WSUS servers. How can I in Windows Server 2016 Core click the equivalent of Check Microsoft for updates in CLI?
Hi Jason,
Unfortunately I don’t think it’s possible using “sconfig”. “sconfig” will use whatever update mechanism has been configured on the host with GPOs, etc.
There may be other commands to update in the way you’re looking for, but I’m unaware of them.
Cheers,
Stephen
I ran the sconfig query for updates available on a few windows 2019 servers, and half of them did not see the windows update item as GUI one. I need to use GUI windows update because of this bug.
Hi Lam,
Are you using WSUS and are the updates approved? Also, when using “sconfig” did you select “Show all updates”?
Cheers,
Stephen
I too Never get a list of updates using sconfig. Our environment is WSUS with SCCM. Is there something I need to configure in sccm or on the GPO side for sconfig to be accurate? I am still trying to find a non-compliant machine that will show me updates available.
Hi Rod,
Curious, do you have GPOs configured to have your systems checking the WSUS server? In my environment I’m using WSUS, have GPOs configured, and “sconfig” works fine on all my servers.
sconfig sometimes lists different list of updates to install from the result of the GUI windows updates. anybody experienced this? Why? (I tried both “All” and “RECOMMENDED” with sconfig, and the lists are different in both cases).
Which one to trust?
I am talking about windows server 2019.
Hi Sean,
In my environment it directly matches, but I’m using WSUS.
I’m thinking if you weren’t using WSUS, that sconfig may only be looking for Windows products, whereas the GUI may be doing additional updates like drivers or other Microsoft products.
Hi, Stephen, thanks for the reply. Most of the time it does match. But in this case I am dealing with right now, sconfig (when picking ALL UPDATES) it gives me this:
Microsoft (R) Windows Script Host Version 5.812
Copyright (C) Microsoft Corporation. All rights reserved.
Search for for (A)ll updates or (R)ecommended updates only? A
Searching for all applicable updates…
List of applicable items on the machine:
1> Security Update for SQL Server 2019 RTM CU (KB5021124)
2> SQL Server 2019 RTM Cumulative Update (CU) 19 KB5023049
Select an option:
(A)ll updates, (N)o updates or (S)elect a single update?
And BTW, when picking “RECOMMENDED”, it shows item #1 above.
But in GUI, it will show
2023-02 Cumulative Update for Windows Server 2019 (1809) for x64-based Systems (KB5022840)
Security Update for SQL Server 2019 RTM CU (KB5021124)
Windows Malicious Software Removal Tool x64 – v5.110 (KB890830)
2023-02 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 for x64 (KB5022782)
All of the above are showing “Pending install”
And BTW, my windows update setting is “Download Only”. I am not using WSUS.
Strange, huh?
Also, when using GUI, how can I pick which ones to install selectively?
The DBAs do not want to do the updates related to SQL. So in this case, from SQL related patches perspective, I am already done with everything else if I believe in sconfig. But from GUI perspective, I still need to do a few items. But if I do, it will also do SQL item. so I am caught between a rock and hard place. 🙂
Thanks
Sean
How can I test if restart is pending?
On Windows Core server, of course.
It will prompt the error.