Not all installed KB/Patches shown in "History"

GerthE · ‎12-11-2015

Hi

I would appreciate if someone could make a brief explanation about how LanSweeper determines which installs that are shown in "history" on a computer.

I understand that there is some scanning that occure on the computer to determine what software has been installed, and if the scanning can't detect a difference so is it impossible to show it - that no brainer.

Anyway - We did get hit of the faulty KB3114409 patch from Microsoft and when I looked on an affected computer so didn't it show up in the list of installed KB:s
This rendered me to use a couple of hours fault finding the client for other purposes.
Finally when I looked at the client hands on so was the KB listed in the list of installed KB, but not presented in LanSweeper - Why?

We do rely quite heavyly on LanSweeper to fault find issues on computers and looking through newly installed software/patches is one of the first things we do.
As we now got issues with patched not showing up so am I very suspicious about how much we can rely on this way of work.

To be honest LanSweeper showed 9 patches installed during 2015-12-09,the date when we was hit by KB3114409, but when we looked at the affected computer and sorted by install date so where there approx 40 more patches installed - mainly for MS Office, none of them is listed in LanSweeper.

Is there any way to tweak/adjust what is looked for?

Br

Gerth Ericsson

SCA · ‎12-11-2015

Hello,

I'm new to this forum, and I'm using LanSweeper since 3 months.
The issue you're facing is quite common since 2 days, thanks to this 'great' hotfix.

I guess the reason why you can't see this specific hotfix is because this is not an OS hotfix, but an applicative update (office 2010, and especially the Outlook product).

At first, I tried to create a group with assets having this hotfix installed, but I've faced the same issue.
So here is a workaround:

Go to 'Configuration' > 'Custom Scanning' > 'Registry Scanning'.

Open regedit on a machine where you're sure the update is installed.

Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ and search for KB3114409.

Once found, copy the key name in the 'RegPath' field in LanSweeper (remove the HKEY_LOCAL_MACHINE\ before SOFTWARE\)

Then, add any 'RegValue' (like 'DisplayName').

Note that the key may differ regarding the exact version of Office 2010 installed.

Do the same with HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall for x64 computers that have Office x86.

Check that all is ready for Custom reporting using this FAQ : http://www.lansweeper.com/kb/18/report-based-on-registry-keys.html

If custom registy is enabled, rescan all assets you need (you can 1st limit to computers where Office 2010 is installed to go quicker).

Once the scan is done, go back to 'Custom scanning', and select the 'Report' link in front on the newly added regkey. All machines with this key will be listed.

Add them to a group (we can probably create a dynamic group with some custom attributes, but I didn't try).

Then, use one of the following deployement command lines to assign to this group:

WAY1:

I was limited in time, so I use the quick and dirty way to bypass the issue with the patch and not uninstall it:

1 Check if machine is x64 Condition Step 2 Step 3
2 Add Safe Mode Off x64 registry value for 32-bits Outlook Command Next Stop(Failure)
3 Add Safe Mode Off x86 registry value for 32-bits Outlook Command Stop(Success) Stop(Failure)

Command line 2 is : reg add HKLM\Software\Wow6432Node\Microsoft\Office\14.0\Outlook\Security /v DisableSafeMode /t REG_DWORD /d 00000001
Command line 3 is : reg add HKLM\SOFTWARE\Microsoft\Office\14.0\Outlook\Security /v DisableSafeMode /t REG_DWORD /d 0000000

WAY2:

Remove the patch using msiexec.exe. E.g. : msiexec /package {90140000-0011-0000-0000-0000000FF1CE} MSIPATCHREMOVE={14CDCBF7-3CCC-42E2-A5BB-2D4926E16FAA} /qn /norestart (to adapt with the Office package code and the exact patch package code)

WAY3:

Remove the patch using OARPMANY.exe. E.g. "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{14CDCBF7-3CCC-42E2-A5BB-2D4926E16FAA}" "1033" "0" (to adapt with the Office package code and the exact patch package code)

This latest will prompt the users and enforce the reboot...

Hope this is helpful.

Sebastien

View solution in original post

GerthE · ‎12-11-2015

Hi SCA

Thanks for your reply to this matter - the rows you wrote about OS fixes / vs application fixes hadn't I thought about.

We have found out own means of handeling this faulty patch - this time, but the discussion in interesting for furter issuses, as i assume that this isn't the last time.

I will try to use your sugestions regarding registry scanning to se if I can identify computers that i have missed to "cure".

Br

Gerth

SCA · ‎12-11-2015

Hello,

I'm new to this forum, and I'm using LanSweeper since 3 months.
The issue you're facing is quite common since 2 days, thanks to this 'great' hotfix.

I guess the reason why you can't see this specific hotfix is because this is not an OS hotfix, but an applicative update (office 2010, and especially the Outlook product).

At first, I tried to create a group with assets having this hotfix installed, but I've faced the same issue.
So here is a workaround:

Go to 'Configuration' > 'Custom Scanning' > 'Registry Scanning'.

Open regedit on a machine where you're sure the update is installed.

Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ and search for KB3114409.

Once found, copy the key name in the 'RegPath' field in LanSweeper (remove the HKEY_LOCAL_MACHINE\ before SOFTWARE\)

Then, add any 'RegValue' (like 'DisplayName').

Note that the key may differ regarding the exact version of Office 2010 installed.

Do the same with HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall for x64 computers that have Office x86.

Check that all is ready for Custom reporting using this FAQ : http://www.lansweeper.com/kb/18/report-based-on-registry-keys.html

If custom registy is enabled, rescan all assets you need (you can 1st limit to computers where Office 2010 is installed to go quicker).

Once the scan is done, go back to 'Custom scanning', and select the 'Report' link in front on the newly added regkey. All machines with this key will be listed.

Add them to a group (we can probably create a dynamic group with some custom attributes, but I didn't try).

Then, use one of the following deployement command lines to assign to this group:

WAY1:

I was limited in time, so I use the quick and dirty way to bypass the issue with the patch and not uninstall it:

1 Check if machine is x64 Condition Step 2 Step 3
2 Add Safe Mode Off x64 registry value for 32-bits Outlook Command Next Stop(Failure)
3 Add Safe Mode Off x86 registry value for 32-bits Outlook Command Stop(Success) Stop(Failure)

Command line 2 is : reg add HKLM\Software\Wow6432Node\Microsoft\Office\14.0\Outlook\Security /v DisableSafeMode /t REG_DWORD /d 00000001
Command line 3 is : reg add HKLM\SOFTWARE\Microsoft\Office\14.0\Outlook\Security /v DisableSafeMode /t REG_DWORD /d 0000000

WAY2:

Remove the patch using msiexec.exe. E.g. : msiexec /package {90140000-0011-0000-0000-0000000FF1CE} MSIPATCHREMOVE={14CDCBF7-3CCC-42E2-A5BB-2D4926E16FAA} /qn /norestart (to adapt with the Office package code and the exact patch package code)

WAY3:

Remove the patch using OARPMANY.exe. E.g. "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{14CDCBF7-3CCC-42E2-A5BB-2D4926E16FAA}" "1033" "0" (to adapt with the Office package code and the exact patch package code)

This latest will prompt the users and enforce the reboot...

Hope this is helpful.

Sebastien

Lachlan_Brown · ‎12-11-2015

Any update on this as we have the same issue.

Not all installed KB/Patches shown in "History"

New to Lansweeper?

Try Lansweeper For Free