Set it and Forget it: Daily Silent Update of All Your Winget Apps
Clicking "Yes" on UAC 1,000 times not required
When it comes to updating software, there’s a debate between staying on the bleeding edge or waiting for others to test updates before you deploy. On my personal devices, I usually lean bleeding edge with Windows 11 Insider builds and MacOS Dev Beta. With the rate at which software vulnerabilities are discovered and exploited, I like to keep my installed software up to date, too. Manually managing this can be a nightmare, and there are tools that can help (PatchMyPc’s Home Updater comes to mind for personal devices, and Windows AutoPatch for Microsoft apps). Since I try to manage as many of my applicable software packages through Winget as I can, I wanted to automate running Winget updates on a schedule.
More on Winget:
Winget Update Command
Updating all of your Winget and Microsoft Store software is a pretty basic command, just:
winget update --allHowever, if you have a lot of software packages, this gets annoying fast, because it will prompt you with a UAC admin prompt prior to updating EACH package. I have one desktop with 39 packages installed. This is a pain. To get Winget to update all of the packages silently WITHOUT UAC prompts, there are 2 steps:
Make sure you’re running CMD (or Terminal or PowerShell) as Admin.
Run this command:
winget update --all --silent
Now that you have the command for these updates down, the next step is to automate it. Patching software is important, and it’s very easy to get behind. To automate this, I go old school and create a batch file and run it as a scheduled task.
Batch File
To create the batch file, open Notepad and enter the following text:
winget update --all --silentNext, save as wingetupdate.bat.
NOTE: Make sure you save the file as wingetupdate.bat and not wingetupdate.bat.txt. To verify, find the file in File Explorer, make sure View —> File name extensions is checked. It should look like below:
Once the batch file is ready, you can test it by right-clicking on it and selecting Run As Administrator. If all is good, it will launch the CLI, pop up with a single UAC prompt for approval, and then run the update command.
Scheduling Updates
Now that the batch file is tested and ready, open the Task Scheduler app. This is a pre-installed Windows app, so it should already be on your device. Click on Task Scheduler Library and then select Create Task…
On the Create Task screen, on the General tab give the task a descriptive name, then select “Run with the highest privileges” option, which is critical if you don’t want to have multiple UAC prompts. For my scenarios, I also leave this set to “Run only when user is logged on” as it doesn’t play well with the running whether user is logged on or not option.
On the Trigger tab, click new, select a frequency and time, and make sure the “Enabled” box is checked.
On the Actions tab, click New, then select “Start a program” and browse for the batch file we previously saved and click OK.
On the Settings tab the defaults should be acceptable, but can be tweaked based on your needs. To be able to test it, make sure “Allow task to be run on demand” is checked. Click OK when you’re done. Mine is set like this:
Now, in Task Scheduler, click on the newly created task to select it, then click Run.
When this runs, a CLI window should pop up and run with no need for intervention. It should disappear when it finishes running.
Under the Last Run Result column in Task Scheduler, you should now see “The operation completed successfully” like below:
From now on, this script should run based on the schedule you set.
Level Up
Take this to the next level by tweaking your command line arguments in the batch file.
Possible helpful arguments:
--wait
Requires user interaction (hit enter) to close the window when Winget finishes running. This lets you see that the command was run if you like having that confirmation without having to open Task Scheduler
--accept-package-agreements / --accept-source-agreements
Auto-accepts package and / or source agreements
--allow-reboot
If an install requires reboot (rare in my experience), this allows reboot
--verbose
Enables verbose logging
Further documentation on arguments in Winget can be found here.
I had an issue when it came to running this script as an admin where i got some strange errors like this:
0x8a15000f : Data required by the source is missing
Solution: the device was complaining about some missing language stuff or similar. This didnt exist when logging in as normal office user. Fix below:
Add-AppxPackage -DisableDevelopmentMode -Register $(Resolve-Path "C:\Program Files\WindowsApps\Microsoft.Winget.Source_*\AppXManifest.xml") -Verbose
Excellent article, it has helped me a lot, however, I hit a wall, and that is trying it on a domain machine. How can I schedule a scheduled task to run on the user profile but validated with another privileged user?