Kaseya Community

Check if Windows Update Installed

This question has suggested answer(s)

Does anyone know of a way to use Kaseya to check if Microsoft Update has been installed on a computer.  (The link to update other Microsoft products on Windows Update.) 

I am trying to find a way to identify machines where this has not been done.

Thanks in advance.

All Replies
  • Maybe this helps? community.kaseya.com/.../84949.aspx

  • Thanks for the suggestion.  Does that linked article state how to check if it's installed?  I didn't see it.

  • Should be able to check for the presence of this key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d

  • I check the version of the "%WINDIR%\System32\wuauclt.exe" file.

    To do this I had to unhide the file and copy it to a temporary folder as files in the "system32" folder tends to be hard to access via normal Kaseya Agent Procedures.


    ATTRIB -H %WINDIR%\System32\wuauclt.exe

    XCOPY "%WINDIR%\System32\wuauclt.exe" "#vAgentConfiguration.AgentTempDir#" /H /Y

    I then checked if the file exists in the temporary folder and get the file version which I write into Custom Field so I can use an aggregated table report.

    I have also added Windows XP Root Certificate auditing to the same audit procedure as it is another common reason why updates will fail to install. To do this I get the value for the following registry key;


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Version

    The same key has been used for a few years now.

    You can find out what the latest version of the Root Certificate is by googling "KB931125" and finding the download page download the "rootsupd.exe" update file extract it with WinRAR or Z-Zip and read through the "rootsupd.inf" file (its around the middle of the file and will start with VERSION).

    The last Root Certificate released for Windows XP (ATTOW) was May 2013 (38,0,2195,0)

  • Good info, HardKnoX.

  • I leverege Patch Management to report on missing service packs.  You can reverse the logic to report on whether or not a patch has been installed by changing the "PATCH APPLIED FLAG" from 0 to 1.  

    It might be easier if I link screenshots of each part of the report...

    Like I said before, just change the Patch Applied Flag filter to 1 and you're golden to report on whether something IS installed. 

  • Test--Windows_Update_Exists.zip

    This was very helpful Hard Knox.  I created the attached agent prodecure to execute what you've outlined.

     

    My question is: does anyone have a procedure to automatically install WUAU on XP, 7, and 8 machines?  Each one is slightly different...