Skip to content
Packer plugin for installing Windows updates
PowerShell Go Makefile
Branch: master
Clone or download

Packer Windows Update Provisioner

Build status Latest version released Package downloads count

This is a Packer plugin for installing Windows updates (akin to rgl/vagrant-windows-update).

NB This was only tested with Packer 1.5.1 and Windows Server 2019.


Download the binary from the releases page and put it in the same directory as your packer executable.

Use the provisioner from your packer template file, e.g. like in rgl/windows-2016-vagrant:

    "provisioners": [
            "type": "windows-update"

Note, the plugin automatically restarts the machine after Windows Updates are applied. The reboots occur similar to the windows-restart provisioner built into packer where packer is aware that a shutdown is in progress.

Search Criteria, Filters and Update Limit

You can select which Windows Updates are installed by defining the search criteria, a set of filters, and how many updates are installed at a time.

Normally you would use one of the following settings:

Name search_criteria filters
Important AutoSelectOnWebSites=1 and IsInstalled=0 $true
Recommended BrowseOnly=0 and IsInstalled=0 $true
All IsInstalled=0 $true
Optional Only AutoSelectOnWebSites=0 and IsInstalled=0 $_.BrowseOnly

NB Recommended is the default setting.

But you can customize them, e.g.:

    "provisioners": [
            "type": "windows-update",
            "search_criteria": "IsInstalled=0",
            "filters": [
                "exclude:$_.Title -like '*Preview*'",
            "update_limit": 25

NB For more information about the search criteria see the IUpdateSearcher::Search method documentation and the xWindowsUpdateAgent DSC resource source.

NB If the update_limit attribute is not declared, it defaults to 1000.

The general filter syntax is:


ACTION is a string that can have one of the following values:

action description
include includes the update when the expression evaluates to $true
exclude excludes the update when the expression evaluates to $true

NB If no ACTION evaluates to $true the update will NOT be installed.

EXPRESSION is a PowerShell expression. When it returns $true, the ACTION is executed and no further filters are evaluated.

Inside an expression, the Windows Update IUpdate interface can be referenced by the $_ variable.




Configure packer with the path to this provisioner by adding something like the following snippet to your ~/.packerconfig (or %APPDATA%/packer.config):

    "provisioners": {
        "windows-update": "/home/rgl/Projects/packer-provisioner-windows-update/packer-provisioner-windows-update"

If you are having problems running packer set the PACKER_LOG=1 environment variable to see more information.

You can’t perform that action at this time.