?
Solved

Windows Updates Status by Computer - PowerShell or ..... ?

Posted on 2016-10-07
16
Medium Priority
?
3,301 Views
Last Modified: 2016-11-20
We have a number of peer-to-peer networks - mostly Windows 10 Pro.
We are using WMI for monitoring events/logs, etc.
We can see Windows update *events* but this doesn't give us Windows update *status* in any direct or easily readable/understandable way.

I suppose the ideal would be a readout of the Settings/Update & Security/Update Status where it says:
- Your device is up to date
- Updates are available
- [are there others?]

And then somehow to report that updates had failed.  Perhaps this can be parsed from the Update history?

And then, as an option, show update history.

How can this be done?  PowerShell is fine with me / preferable I think....
0
Comment
Question by:Fred Marshall
  • 6
  • 4
  • 4
  • +1
15 Comments
 
LVL 84

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 500 total points
ID: 41834692
Ideally you should be using something like WSUS, there are other products out there like GFI Languard. that get a list of available windows updates and then check each computer to see if they have those updates.
0
 
LVL 41

Expert Comment

by:footech
ID: 41834941
Check out the Windows Update PowerShell Module at https://gallery.technet.microsoft.com/2d191bcd-3308-4edd-9de2-88dff796b0bc

You can use the results from the commands to get the data you want for your report.
0
 
LVL 26

Author Comment

by:Fred Marshall
ID: 41839253
footech:  Perhaps I'm a bit dense.  What "results" were you imagining would be helpful in reaching the objective?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 41

Expert Comment

by:footech
ID: 41839270
It can get which updates are already installed, updates which need to be installed, whether the computer needs to be rebooted.
For example, if no updates need to be installed, then it's up to date.
0
 
LVL 8

Assisted Solution

by:Hector2016
Hector2016 earned 1000 total points
ID: 41852097
Hello,

If you use WSUS server to update your computers you may find helpful my article about make a report of computer status on WSUS server:
https://www.experts-exchange.com/articles/27419/How-to-send-automatically-an-e-mail-with-a-report-of-computers-status-inside-WSUS-server.html

Otherwise, if you don't have WSUS, you can use the WSUSOffline tool to verify if there is any missing update on each computer. But this is not what you want, it will be probably better to install a WSUS server to manage updates for all computers and get a report of their status.
0
 
LVL 26

Author Comment

by:Fred Marshall
ID: 41852953
Hector2016:  I read the script and it looks like it could do what we need.  But, it would help me get some context if you might give a "30,000 foot" i.e. high altitude perspective on it just getting started.

I should emphasize once more that all of this is being done on a peer-to-peer network.

Here we will sort the list of computers by name
So, the implication of this is that the script is running on the "server" computer.  That would be good.  So I'm trying to figure out how the interaction takes place between the server computer / script and the individual computers.  Is there are list of them initially or....?
0
 
LVL 8

Assisted Solution

by:Hector2016
Hector2016 earned 1000 total points
ID: 41853828
Ok, I will talk you more about my proposal:

1. You have a set of computers, sharing the same routed network (they can see each other) and the most of them have Windows 10.
2. You are requesting help to keep those computers updated with latest published patches and to get acknowledged for their status, especially when there are updates failing.

The solution for you is to use WSUS, this is why:
1. You will get a central repository for all updates needed.
2. You will get a central repository for all the update-related information about each computer on your peer-to-peer network.
3. You will have control on what updates are being deployed on clients computers.
4. You will be saving Internet bandwidth, because the updates will be downloaded only once. Otherwise, each computer will have to download the same updates (not efficiently).

And this is how-to:
1. Select a computer with good hardware (2GHz CPU 64bits / 8GB RAM / 3TB HDD) and install WIndows 2012R2.
2. Deploy WSUS (Follow the Seth guide)
3. Configure your client computers to connect to your WSUS server. (Follow Microsoft indications)
4. Select Windows 10 in Options-Products and Classifications.
5. Select Security Updates, Critical Updates, Update Rollups and Updates, then Sync the WSUS server with Microsoft Catalog.
6. Aprove only those updates needed and not superseeded.

Note: To make WSUS work well with Windows 10 computers you have to make some post-installation steps: Follow this guide.  

If any doubt, please tell me.

-----------------------------------------------------------------------------------------
If after all this you still dont want or cannot use WSUS you still have the WMI alternative:

With this command, you will get a list of all installed updates on a computer:

wmic qfe

Open in new window


This will return a TAB separated file type data with the following fields:

Caption: URL to the KB article associated to the hotfix.
CSName: The name of the computer.
Description: This is actually the category of the hotfix(ex. Update, Security Update, ect).
FixComments: This is always blank.
HotFixID: This is the KB id for the hotfix.
InstallDate: This is always blank.
InstalledBy: This is the account ID which installed the hotfix.
InstalledOn: This is the date of the hotfix installation.
Name: This is always blank.
ServicePackInEffect: This is always blank.
Status: This is always blank.

You can get rid of the junk data by getting only the needed fields, for example:
wmic qfe get Caption, Description, HotFixID, InstalledBy, InstalledOn 

Open in new window



You can use PSEXEC or Remote Powershell to run the previous command on each computer providing authorized credentials.

You will need to re-direct the output of the command to a text file somewhere.

This method will provide you a per-computer list of installed updates, but it will be much less accurate than the WSUS method.
0
 
LVL 26

Author Comment

by:Fred Marshall
ID: 41854271
Thanks!
0
 
LVL 8

Expert Comment

by:Hector2016
ID: 41856969
If you feel this question is solved, please close it and assign the points.
0
 
LVL 26

Author Comment

by:Fred Marshall
ID: 41857276
As soon as you said: "Install Windows Server 2012R2" it took me out of the peer-to-peer context.  But perhaps you had another idea?
0
 
LVL 8

Accepted Solution

by:
Hector2016 earned 1000 total points
ID: 41857449
:) ok, try this.

With this PowerShell script you will be more comfortable:

$Session = New-Object -ComObject Microsoft.Update.Session
$Searcher = $Session.CreateUpdateSearcher()
$Searcher.Search("IsInstalled=1").Updates | ft -a Date,Title

Open in new window


This piece of code will use the Windows Update API through Powershell to start a search for updates available, then it will list all the updates on the catalog that are already installed on your computer. It doesn't matter if you use WSUS or the Microsoft Windows Update internet site, the result will be the same. Remember to run it As Administrator.

If you change the search criteria "IsInstalled=1" to "IsInstalled=0" then you will retrieve the list of pending updates.
0
 
LVL 41

Assisted Solution

by:footech
footech earned 500 total points
ID: 41857536
The Windows Update PowerShell Module I linked to earlier makes use of that functionality and does more.  Each of the .PS1 files included is a function.  If you just put the contents under C:\Users\username\Documents\WindowsPowerShell\Modules\PSWindowsUpdate, then you can run
Import-Module PSWindowsUpdate
which will load all the functions for your use.
0
 
LVL 26

Author Comment

by:Fred Marshall
ID: 41857615
Thanks all.  I'm doing this piece by piece and not as a full-time job.  So it's taking a little time to try things, etc.  It looks like we're making progress!
0
 
LVL 41

Expert Comment

by:footech
ID: 41892482
Why would a comment that the author said wouldn't work for his environment be proposed as the answer?
If anything, using the COM objects to search Windows (or Microsoft) Update is the best course for a workgroup environment, but a lot would have to be written to do all the comparisons and reporting desired.  If the author can't report back, there's no reasonable expectation that any of the (partial) proposed solutions could be confirmed as the answer.

As such this question should be deleted.  Shame when even the long-standing active members can't close their questions.
0
 
LVL 26

Author Closing Comment

by:Fred Marshall
ID: 41894255
Thanks all!
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article covers five tools all IT professionals should know about, as they up productivity by a great deal!
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question