This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Windows 10 Last Update Installed

Guest
Lansweeper Employee
Lansweeper Employee

‎11-15-2017 05:42 PM

Hi All,

I'm looking for a report that can find the last successful windows update on Windows 10. In the past I have been able to this for Windows 7 by adding a registry key in Scanning Options > File & Registry Scanning (LM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\'LastSuccessTime') and using this report I can list any items older than 90 days.


Select Top 1000000 tblAssets.AssetName,
tblAssets.AssetID,
tblAssets.Domain,
tblRegistry.AssetID As Computername1,
tblRegistry.Regkey,
tblRegistry.Lastchanged,
tblRegistry.Value,
tblRegistry.Valuename
From tblAssets
Inner Join tblRegistry On tblAssets.AssetID = tblRegistry.AssetID
Where
tblRegistry.Regkey =
'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install' And tblRegistry.Value <= DateAdd(day, -90, GetDate())
Order By tblAssets.AssetName


Unfortunately Windows 10 no longer writes to this key, so I went down the path of using a QuickFix engineering report but looking at the time-stamps I found they don't correlate with the actual time-stamp found on a workstation directly, even when the object has been recently scanned.

Select Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.IPAddress,
tblAssets.Firstseen,
tblAssets.Lastseen,
Max(tblQuickFixEngineering.Lastchanged) As LastPatchDetected
From tblAssets
Inner Join tblQuickFixEngineering On tblAssets.AssetID =
tblQuickFixEngineering.AssetID
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblQuickFixEngineeringUni On tblQuickFixEngineeringUni.QFEID =
tblQuickFixEngineering.QFEID
Where tblAssetCustom.State = 1
Group By tsysOS.Image,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.IPAddress,
tblAssets.Firstseen,
tblAssets.Lastseen
Order By LastPatchDetected


I use the following powershell commands to return the date and time, the time is within 24hrs but found it odd they are not accurate.


Get-WmiObject -Class win32_reliabilityRecords -filter "sourcename = 'Microsoft-Windows-WindowsUpdateClient'" -ErrorAction SilentlyContinue |
select @{LABEL = "date";EXPRESSION = {$_.ConvertToDateTime($_.timegenerated)}},
@{LABEL = 'Update';EXPRESSION = {$_.message}} |
FT -AutoSize -Wrap



Get-HotFix


I would like to report on all windows updates(MS Office and etc), not only just the QFE which are System updates only. Has anyone experienced this? or have an alternative report that could help.
Labels:
0 Kudos
2 REPLIES 2
Guest
Lansweeper Employee
Lansweeper Employee

‎11-15-2017 08:32 PM

Thanks for your quick reply and advice, unfortunately that report isn't the one Im after.

I was hoping for something like KBXXXXX, type of update for Windows, and if it was successful only. It would be great if we could add a custom query during the scan operation as the first powershell query mentioned uses win32_reliabilityRecords and pulls the exact information i'm looking for.


I will carry out more tests with QFE for now and check the lansweeper time frames are all within 24 hrs of those queried manually.


0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee

‎11-15-2017 07:18 PM

As you mentioned, the information is not stored in WMI accurately. Since Lansweeper pulls this information from WMI, if WMI has wrong info, Lansweeper will too.

If you want a report about general updates. You would have to combine system updates with software history scanned by Lansweeper. Currently when software is updates, it will be marked in Lansweeper as an uninstall followed by an install.

You can use the built-in report "Software: Changes in the last 7 days" as a starting point.

Reports & Analytics

Ask about reports you're interested in and share reports you've created. Subscribe to receive daily updates of reports shared in the Community.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now