That one liner will just fire off once of course. Any reason why you are using WMI, instead of the built-in PowerShell cmdlet - Get-Service?

My suggestion is use an WMI Event watcher, using what you already have in place but target the service and any dependent services and have that event notify you when the state is running.

Use PowerShell to Monitor and Respond to Events on Your Server

This article is using PowerShell and VBScript to do this, but you can do this with all PowerShell.

You can have a temporary or permanent watcher.

PowerShell and Events: WMI Temporary Event Subscriptions

Those can get a bit deep, so, if they aren't for you, you can just use your one line in a Do Loop that stops after the service comes online.

Basic example:

$TargetHost = $env:COMPUTERNAMEdo {    $TargetOperation = Get-WmiObject Win32_Service -ComputerName $TargetHost  |     Where-Object {$_.Name -eq "AppReadiness"}    "Checking host $TargetHost for service/process $($TargetOperation.Name)"    Start-Sleep -Seconds 3} until (($TargetOperation).State -eq 'Running')"Validation of host $TargetHost for service/process $($TargetOperation.Name) complete"# ResultsChecking host WS70 for service/process AppReadinessChecking host WS70 for service/process AppReadinessChecking host WS70 for service/process AppReadinessValidation of host WS70 for service/process AppReadiness complete

You can of course add as many services or processes as you'd like using operation logic.

All the above applies to almost whatever you'd like to watch. Services, process, file-folder.

Or just use this script in the loop.

Get Remote Logon Status - Powershell

This script will return the logon status of the local or a remote machine. Return types include "Not logged on", "Locked", "Logged on", and "Offline.

The most useful part of this is to check whether a computer is in the locked state, although the other return types could also be useful.

This is a simple function, and can easily be included in a larger script. The return types could be changed to numbers for the calling script to more easily parse the return value.

Download: GetRemoteLogonStatus.ps1

Would finding 0 updates queued accomplish what you need then? This arcticle goes into detail on how to accomplish it.

To check if windows is ready to log in, can you query for the event log for 'DHCPv4 client service is started' - Event ID 50036 satisfy if windows is ready.

I spent a week searching for a solution for this issue. I wanted to share what is currently my best solution, hopefully it helps someone.

@kelv-gonzales pointed me in the right direction with his comment about the Windows Modules Installer and TrustedInstaller.

Breakdown of my solution

There exists a process called TiWorker.exe that is the Windows Modules Installer Worker process. This is the process responsible for actually installing the Windows Update. This process (from what I've observed) reliably runs throughout the duration of a Windows Update being installed. Once the update has been installed and a pending reboot is required, this process stops and goes away.

When you reboot the machine to satisfy the pending reboot, the TiWorker.exe process is one of the very first processes to start while the machine is coming back up. In some cases, depending on the nature of the update, will finish the installation of an update (that's the increasing percentage you see during boot-up) while the computer comes back up. Once the login screen is available, this process typically remains running four roughly 2 minutes (from what I've observed). After which, it stops and goes away. I found that waiting these few minutes was a small price to pay for reliably knowing when updates have finished processing.

My scripts logic

I was able to write a script that keys off of the existence of this service. For example, below is a high-level flow of my script.

1. Initiate the installation of Windows Updates.
2. Wait for updates to finishing installing and for a pending reboot.
3. Once a pending reboot exists, wait until TiWorker.exe is no longer running and then trigger a reboot.
4. While the machine is rebooting, repeatedly check the status of the machine during the reboot. While the machine is coming back up, TiWorker.exe will start back up to finish the update. Keep waiting until TiWorker.exe is no longer running (typically, the update will finish and the OS will wait at the lock screen for about 2 minutes before this process stops).

Code

I modified the code posted by @gabriel-graves to check for the TiWorker.exe process.

$creds = Get-Credential -Message "Enter server credentials:" -UserName "SERVERNAME\Administrator"Get-WmiObject Win32_Process -ComputerName "SERVERIPADDRESS" -Credential $creds | Where-Object {$_.Name -eq "TiWorker.exe"}