Windows - System Preferences - Manage Windows Update Driver Updates

What the driver update manager does

This Automox Worklet™ automates the discovery and installation of all available driver updates from Windows Update on your endpoints. The Worklet queries the Windows Update service to identify any drivers marked as "not installed," downloads any missing drivers to local cache, and deploys them to your endpoints in a single remediation pass.

The Worklet logs detailed installation results for each driver, showing which drivers succeeded and which encountered issues. This visibility helps you track driver deployment status across your Windows infrastructure and identify hardware compatibility problems early.

The Worklet executes the command "New-Object".

The Worklet uses PowerShell 3.0 and the Microsoft Update COM interfaces to interact directly with Windows Update, ensuring your endpoints receive drivers from the authoritative Microsoft update service rather than third-party driver repositories.

Why maintain current hardware drivers

Outdated drivers cause system instability, reduced hardware performance, and security vulnerabilities. Storage drivers, network adapters, and chipset drivers control critical hardware functions. When drivers fall out of date, you risk blue screen errors, network connectivity issues, and compatibility problems with new applications.

Microsoft regularly releases driver updates through Windows Update to patch security vulnerabilities, improve hardware compatibility, and optimize performance. Automating driver updates keeps your endpoints current with these critical patches without requiring manual intervention from IT staff.

By centralizing driver management through Automox, you eliminate the operational burden of manually testing and deploying drivers across hundreds of endpoints. The Worklet runs with administrative privileges and executes on your schedule, installing drivers during maintenance windows to minimize endpoint downtime.

How driver installation works

1. Evaluation phase: The Worklet connects to the Windows Update service and searches for any drivers with a status of "not installed" using the query "Type='Driver' and IsInstalled=0". It returns exit code 2 if drivers are available for installation, or exit code 0 if the endpoint is fully current.

2. Remediation phase: The Worklet iterates through all pending drivers, accepts license agreements, downloads any drivers not already cached locally, and queues them for installation. It creates a COM object to invoke the Windows Update installer, executes the installation, and logs results for each driver. The Worklet outputs tabulated success and failure results, then exits with code 0 for success or code 2 if any drivers failed.

Driver installation requirements

• Windows 8 or later (Windows 10, Windows 11, Windows Server 2016, 2019, 2022, and equivalent versions)

• PowerShell 3.0 or higher (included with Windows 8 and later)

• Administrator or SYSTEM account privileges to install drivers and interact with Windows Update service

• Network connectivity to Microsoft Update service (allowed in firewall rules if you restrict outbound traffic)

• Sufficient disk space for driver download and extraction, especially for large firmware updates

• Some drivers require endpoint restart to complete installation. You can enable auto-restart in the Worklet policy to automatically reboot endpoints if needed.

Expected driver update state

After successful execution, all available drivers from Windows Update will be installed on your endpoint. The Worklet logs specific driver names and installation status for each driver, allowing you to verify which drivers were deployed. You can verify this change through the Automox Activity Log or by checking the endpoint configuration directly.

Your endpoints will show all drivers in an "installed" state when the Windows Update evaluation script runs again. Some drivers require an endpoint restart to fully activate. If a driver necessitates a reboot, the Worklet will mark the endpoint as "Needs Reboot" in the Automox console, allowing you to schedule restarts during your maintenance windows. Subsequent Worklet runs will detect that all drivers are already installed and will exit without making changes, maintaining your target driver state.

How to validate manage windows update driver updates changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for manage windows update driver updates.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as New-Object, Write-Output.

4. Validate remediation effects from script operations such as New-Object, ForEach-Object, Out-Null, then rerun evaluation for compliance.