Solved

Windows Updates Status by Computer - PowerShell or ..... ?

Posted on 2016-10-07
16
64 Views
Last Modified: 2016-11-20
We have a number of peer-to-peer networks - mostly Windows 10 Pro.
We are using WMI for monitoring events/logs, etc.
We can see Windows update *events* but this doesn't give us Windows update *status* in any direct or easily readable/understandable way.

I suppose the ideal would be a readout of the Settings/Update & Security/Update Status where it says:
- Your device is up to date
- Updates are available
- [are there others?]

And then somehow to report that updates had failed.  Perhaps this can be parsed from the Update history?

And then, as an option, show update history.

How can this be done?  PowerShell is fine with me / preferable I think....
0
Comment
Question by:Fred Marshall
  • 6
  • 4
  • 4
  • +1
16 Comments
 
LVL 78

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 125 total points
ID: 41834692
Ideally you should be using something like WSUS, there are other products out there like GFI Languard. that get a list of available windows updates and then check each computer to see if they have those updates.
0
 
LVL 39

Expert Comment

by:footech
ID: 41834941
Check out the Windows Update PowerShell Module at https://gallery.technet.microsoft.com/2d191bcd-3308-4edd-9de2-88dff796b0bc

You can use the results from the commands to get the data you want for your report.
0
 
LVL 25

Author Comment

by:Fred Marshall
ID: 41839253
footech:  Perhaps I'm a bit dense.  What "results" were you imagining would be helpful in reaching the objective?
0
 
LVL 39

Expert Comment

by:footech
ID: 41839270
It can get which updates are already installed, updates which need to be installed, whether the computer needs to be rebooted.
For example, if no updates need to be installed, then it's up to date.
0
 
LVL 7

Assisted Solution

by:Hector2016
Hector2016 earned 250 total points
ID: 41852097
Hello,

If you use WSUS server to update your computers you may find helpful my article about make a report of computer status on WSUS server:
https://www.experts-exchange.com/articles/27419/How-to-send-automatically-an-e-mail-with-a-report-of-computers-status-inside-WSUS-server.html

Otherwise, if you don't have WSUS, you can use the WSUSOffline tool to verify if there is any missing update on each computer. But this is not what you want, it will be probably better to install a WSUS server to manage updates for all computers and get a report of their status.
0
 
LVL 25

Author Comment

by:Fred Marshall
ID: 41852953
Hector2016:  I read the script and it looks like it could do what we need.  But, it would help me get some context if you might give a "30,000 foot" i.e. high altitude perspective on it just getting started.

I should emphasize once more that all of this is being done on a peer-to-peer network.

Here we will sort the list of computers by name
So, the implication of this is that the script is running on the "server" computer.  That would be good.  So I'm trying to figure out how the interaction takes place between the server computer / script and the individual computers.  Is there are list of them initially or....?
0
 
LVL 7

Assisted Solution

by:Hector2016
Hector2016 earned 250 total points
ID: 41853828
Ok, I will talk you more about my proposal:

1. You have a set of computers, sharing the same routed network (they can see each other) and the most of them have Windows 10.
2. You are requesting help to keep those computers updated with latest published patches and to get acknowledged for their status, especially when there are updates failing.

The solution for you is to use WSUS, this is why:
1. You will get a central repository for all updates needed.
2. You will get a central repository for all the update-related information about each computer on your peer-to-peer network.
3. You will have control on what updates are being deployed on clients computers.
4. You will be saving Internet bandwidth, because the updates will be downloaded only once. Otherwise, each computer will have to download the same updates (not efficiently).

And this is how-to:
1. Select a computer with good hardware (2GHz CPU 64bits / 8GB RAM / 3TB HDD) and install WIndows 2012R2.
2. Deploy WSUS (Follow the Seth guide)
3. Configure your client computers to connect to your WSUS server. (Follow Microsoft indications)
4. Select Windows 10 in Options-Products and Classifications.
5. Select Security Updates, Critical Updates, Update Rollups and Updates, then Sync the WSUS server with Microsoft Catalog.
6. Aprove only those updates needed and not superseeded.

Note: To make WSUS work well with Windows 10 computers you have to make some post-installation steps: Follow this guide.  

If any doubt, please tell me.

-----------------------------------------------------------------------------------------
If after all this you still dont want or cannot use WSUS you still have the WMI alternative:

With this command, you will get a list of all installed updates on a computer:

wmic qfe

Open in new window


This will return a TAB separated file type data with the following fields:

Caption: URL to the KB article associated to the hotfix.
CSName: The name of the computer.
Description: This is actually the category of the hotfix(ex. Update, Security Update, ect).
FixComments: This is always blank.
HotFixID: This is the KB id for the hotfix.
InstallDate: This is always blank.
InstalledBy: This is the account ID which installed the hotfix.
InstalledOn: This is the date of the hotfix installation.
Name: This is always blank.
ServicePackInEffect: This is always blank.
Status: This is always blank.

You can get rid of the junk data by getting only the needed fields, for example:
wmic qfe get Caption, Description, HotFixID, InstalledBy, InstalledOn 

Open in new window



You can use PSEXEC or Remote Powershell to run the previous command on each computer providing authorized credentials.

You will need to re-direct the output of the command to a text file somewhere.

This method will provide you a per-computer list of installed updates, but it will be much less accurate than the WSUS method.
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 
LVL 25

Author Comment

by:Fred Marshall
ID: 41854271
Thanks!
0
 
LVL 7

Expert Comment

by:Hector2016
ID: 41856969
If you feel this question is solved, please close it and assign the points.
0
 
LVL 25

Author Comment

by:Fred Marshall
ID: 41857276
As soon as you said: "Install Windows Server 2012R2" it took me out of the peer-to-peer context.  But perhaps you had another idea?
0
 
LVL 7

Accepted Solution

by:
Hector2016 earned 250 total points
ID: 41857449
:) ok, try this.

With this PowerShell script you will be more comfortable:

$Session = New-Object -ComObject Microsoft.Update.Session
$Searcher = $Session.CreateUpdateSearcher()
$Searcher.Search("IsInstalled=1").Updates | ft -a Date,Title

Open in new window


This piece of code will use the Windows Update API through Powershell to start a search for updates available, then it will list all the updates on the catalog that are already installed on your computer. It doesn't matter if you use WSUS or the Microsoft Windows Update internet site, the result will be the same. Remember to run it As Administrator.

If you change the search criteria "IsInstalled=1" to "IsInstalled=0" then you will retrieve the list of pending updates.
0
 
LVL 39

Assisted Solution

by:footech
footech earned 125 total points
ID: 41857536
The Windows Update PowerShell Module I linked to earlier makes use of that functionality and does more.  Each of the .PS1 files included is a function.  If you just put the contents under C:\Users\username\Documents\WindowsPowerShell\Modules\PSWindowsUpdate, then you can run
Import-Module PSWindowsUpdate
which will load all the functions for your use.
0
 
LVL 25

Author Comment

by:Fred Marshall
ID: 41857615
Thanks all.  I'm doing this piece by piece and not as a full-time job.  So it's taking a little time to try things, etc.  It looks like we're making progress!
0
 
LVL 39

Expert Comment

by:footech
ID: 41892482
Why would a comment that the author said wouldn't work for his environment be proposed as the answer?
If anything, using the COM objects to search Windows (or Microsoft) Update is the best course for a workgroup environment, but a lot would have to be written to do all the comparisons and reporting desired.  If the author can't report back, there's no reasonable expectation that any of the (partial) proposed solutions could be confirmed as the answer.

As such this question should be deleted.  Shame when even the long-standing active members can't close their questions.
0
 
LVL 25

Author Closing Comment

by:Fred Marshall
ID: 41894255
Thanks all!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now