Expert Solution for 2011 Scripting Games Beginner Event 6: Parse the Windows Update Log for Errors with PowerShell


Summary: Microsoft MVP, Sean Kearney, uses Windows PowerShell to solve 2011 Scripting Games Beginner Event 6 and parse the Windows update log for errors.

Microsoft Scripting Guy, Ed Wilson, here. Today we have Sean Kearney to provide his solution for Beginner Event 6.

Photo of Sean Kearney

Sean Kearney is an infrastructure support analyst and Microsoft MVP in Window PowerShell. He is absolutely passionate about automation technologies—especially Windows PowerShell. If you say, “Powershell,” he may just break into song. Sean considers himself “just a tech at heart,” but he can often be found dabbling with most Microsoft technologies at a moment’s notice. We have also been advised to keep him at arm’s length from any open Starbucks in Seattle. We have been advised that any rumors about him ever singing for Microsoft JobsBlog are completely unfounded. Complete rubbish. Let us just keep it between you and me, OK?

Sean’s contact information:
Twitter: EnergizedTech
Blog: Energized About Technology
Website: Powershell: Releasing the Power of Shell to You

Worked solution

———————————– Update of Terror Begin ——————————-

Yes. One of those days. Not just any day, but “THOSE DAYS.” Yep that kind.

I needed to get our workstations updated to deal with a new Security hotfix. All was beautiful. It fit in with the applications. The test rollouts were great. It was all fine until the call…


I glance down. Peering up at me with a disdainful look is my phone. The Boss is calling. I cautiously pick it up.

“Hello, a problem with that update. The CIO is having an issue. It’s not updating on his machine. You know what this means.”

Yep. I knew. Ignore everything else on my plate, including a dead server, to fix this ONE machine. 

I immediately pop over to grab his laptop, and I bump into him.

“I’ll be back in 60 minutes after lunch. I’m confident you’ll have this fixed…or else,” he winks at me.

I hate when he winks like that.  He might be kidding or not. I would like to avoid the “NOT.”

I do quick search online and find out everything in the Windows Update process is logged as Success or Fail in a nice little text log called (oddly enough) WindowsUpdate.log. It is right inside my Windows folder.

Big choice. Do I spend 60 minutes reading through a log file? Or do I try to find a quick way to parse for errors? I’ve looked at this log once before, and I noticed that bad lines were usually tagged with the word FATAL or WARNING.

This looks like a job for Windows POWERSHELL!

Our first task. Read that file. A simple Get-Content Cmdlet will do that.

Get-Content C:\Windows\WindowsUpdate.Log

But darn it. I need to filter out all the stuff I do not need. Fortunately, I know in Windows PowerShell each line of text is an object that I can compare. I can simply compare and see if an object in the pipeline contains the data with a Where-Object cmdlet and add a Like to see if anything is “like” this in the line. I pop some * about the characters to ignore Where it is in the line. Every little bit helps in this situation. A quick and dirty solution will meet my needs to find the answer now.

Get-Content C:\Windows\WindowsUpdate.Log | Where-Object { $_–like ‘*FATAL*’ –or $_ -like ‘*WARNING*’}

Ahhh, much nicer. But I realized I didn’t have my twelfth cup of coffee, so then I miss all the stuff. I am just not as fast as I should be with that PAUSE key. I wish I could pipe this into More to get screenfuls at a time…

Oh right. I can…

Get-Content C:\Windows\WindowsUpdate.Log | Where-Object { $_–like ‘*FATAL*’ –or $_ -like ‘*WARNING*’} | MORE

With the logs parsing and showing me the real problem where the errors in the logs were, I was able to identify our update failure. With a quick search on BING through TechNet, I nailed the minor update needed and got him on his way.

The CIO thanked me later that day for a job well done. Bought me lunch too. I smiled. I never did let him know about my secret weapon: Windows POWERSHELL!

———————————– Update of Terror End ———————————

Thank you, Sean.

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy