• State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 34 subscribers
  • Views 2445 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

How to make a report of missing Windows updates on Windows nodes?

JoachimT

I duplicated and edited the Application Monitor Template "Windows Update Monitoring" and would like now to create a report of the information I gather there (missing critical updates, missing normal updates, days since last restart and if a reboot is pending). Could someone please help me with that?

Parents
  • 0

    Add these to PowerShell script components, run on the remote system. We use SCCM to deploy, and like those status better, but you can use it as an example if you don't and just find our the WMI query for Software updates. 

    Here is the PowerShell we use to get pending restarts:

    Try {
	$Test2 = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update'  Name 'RebootRequired' -ErrorAction SilentlyContinue
} Catch {
}
Try {
	$Test3 = Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager' -Name 'PendingFileRenameOperations' -ErrorAction SilentlyContinue
} Catch {
}
If ($Test1 -or $Test2 -or $Test3) {
	Write-host "Message.Restart: Pending"
	Write-host "Statistic.Restart: 1"
	Exit 2;
} Else {
	Write-host "Message.Restart: Not Needed"
	Write-host "Statistic.Restart: 0"
	Exit 0;
}

    SCCM missing updates that have been assigned:

    #Get a list of all the missing updates according to CCM. Add -ComputerName to run on a remote system.
$MissingUpdates = get-wmiobject -query "SELECT * FROM CCM_UpdateStatus" -namespace "root\ccm\SoftwareUpdates\UpdatesStore" | Where-Object {
	$_.status -eq "Missing"
}
$MissingUpdates = $MissingUpdates | Where-Object {
	$_.title -notlike "Security Intelligence Update for Microsoft Defender*"
}
$MissingUpdates = $MissingUpdates | Where-Object {
	$_.title -notlike "Windows Malicious Software Removal*"
}
$MissingUpdates = $MissingUpdates | Where-Object {
	$_.title -match (get-date -Format "yyyy-MM") -or $_.title -match ((get-date).AddMonths(-1)).ToString("yyyy-MM") -or $_.title -match ((get-date).AddMonths(-2)).ToString("yyyy-MM") -or $_.title -match ((get-date).AddMonths(-3)).ToString("yyyy-MM")
}

$MissingUpdates = $MissingUpdates.title | Sort-Object -Unique

If ($MissingUpdates.Count -eq "0") {
	Write-host "Message.Patches: No Missing Patches"
	Write-host "Statistic.Patches: 0"
	Exit 0;
} Else {
	$line = $MissingUpdates -join ", "
	$Count = $MissingUpdates.Count
	Write-host "Message.Patches: $line"
	Write-host "Statistic.Patches: $Count"
	Exit 0;
}

    SCCM updates that have been tried and failed: 

    #Get all of the failed updates on the system
$ListOfPendingUpdates = get-wmiobject -query "SELECT * FROM CCM_SoftwareUpdate" -namespace "ROOT\ccm\ClientSDK" | Select-Object Name, ErrorCode | Where {$_.ErrorCode -ge 13 -or $_.ErrorCode -eq 8 -or $_.ErrorCode -eq 9 -or $_.ErrorCode -eq 10 } 
$ListOfPendingUpdates = $ListOfPendingUpdates.Name | Sort-Object -Unique

If ($ListOfPendingUpdates.Count -eq "0") {
	Write-host "Message.Patches: No Failed Patches"
	Write-host "Statistic.Patches: 0"
	Exit 0;
} Else {
	$line = $ListOfPendingUpdates -join ", "
	$Count = $ListOfPendingUpdates.Count
	Write-host "Message.Patches: $line"
	Write-host "Statistic.Patches: $Count"
	Exit 0;
}

  • 0 in reply to jm_sysadmin

    Thats very generous of you, but I already have my Powershell Scripts. I need now a report to get this values and show it to me for all servers.

  • 0 in reply to JoachimT

    Did you get to complete the report? Looking something similar

  • 0 in reply to aldo.lopez

    Sadly not. I just use the (modified) Application Monitor Template "Windows Update Monitoring" in combination with a custom table widget in my summary overview. So at least I see which servers are missing updates and which are online longer than x days. I also made an autostart script in Solarwinds, that checks if a server in a specific group has not rebooted since x days and reboot if its a specific date (example:if its friday later than 2am and the server has not rebooted for 6 days or more, reboot now). This auto reboot is always one day behind the WSUS auto update and restart GPO.

Reply
  • 0 in reply to aldo.lopez

    Sadly not. I just use the (modified) Application Monitor Template "Windows Update Monitoring" in combination with a custom table widget in my summary overview. So at least I see which servers are missing updates and which are online longer than x days. I also made an autostart script in Solarwinds, that checks if a server in a specific group has not rebooted since x days and reboot if its a specific date (example:if its friday later than 2am and the server has not rebooted for 6 days or more, reboot now). This auto reboot is always one day behind the WSUS auto update and restart GPO.

Children
No Data

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.