This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Not all installed KB/Patches shown in "History"

Go to solution
GerthE
Engaged Sweeper II

‎12-11-2015 08:50 AM

Hi

I would appreciate if someone could make a brief explanation about how LanSweeper determines which installs that are shown in "history" on a computer.

I understand that there is some scanning that occure on the computer to determine what software has been installed, and if the scanning can't detect a difference so is it impossible to show it - that no brainer.

Anyway - We did get hit of the faulty KB3114409 patch from Microsoft and when I looked on an affected computer so didn't it show up in the list of installed KB:s
This rendered me to use a couple of hours fault finding the client for other purposes.
Finally when I looked at the client hands on so was the KB listed in the list of installed KB, but not presented in LanSweeper - Why?

We do rely quite heavyly on LanSweeper to fault find issues on computers and looking through newly installed software/patches is one of the first things we do.
As we now got issues with patched not showing up so am I very suspicious about how much we can rely on this way of work.

To be honest LanSweeper showed 9 patches installed during 2015-12-09,the date when we was hit by KB3114409, but when we looked at the affected computer and sorted by install date so where there approx 40 more patches installed - mainly for MS Office, none of them is listed in LanSweeper.

Is there any way to tweak/adjust what is looked for?

Br

Gerth Ericsson
Labels:
Preview file
52 KB
Preview file
69 KB
1 ACCEPTED SOLUTION
Go to solution
SCA
Engaged Sweeper

‎12-11-2015 12:03 PM

Hello,

I'm new to this forum, and I'm using LanSweeper since 3 months.
The issue you're facing is quite common since 2 days, thanks to this 'great' hotfix.

I guess the reason why you can't see this specific hotfix is because this is not an OS hotfix, but an applicative update (office 2010, and especially the Outlook product).

At first, I tried to create a group with assets having this hotfix installed, but I've faced the same issue.
So here is a workaround:

  • Go to 'Configuration' > 'Custom Scanning' > 'Registry Scanning'.

  • Open regedit on a machine where you're sure the update is installed.

  • Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ and search for KB3114409.

  • Once found, copy the key name in the 'RegPath' field in LanSweeper (remove the HKEY_LOCAL_MACHINE\ before SOFTWARE\)

  • Then, add any 'RegValue' (like 'DisplayName').

  • Note that the key may differ regarding the exact version of Office 2010 installed.

  • Do the same with HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall for x64 computers that have Office x86.

  • Check that all is ready for Custom reporting using this FAQ : http://www.lansweeper.com/kb/18/report-based-on-registry-keys.html

  • If custom registy is enabled, rescan all assets you need (you can 1st limit to computers where Office 2010 is installed to go quicker).

  • Once the scan is done, go back to 'Custom scanning', and select the 'Report' link in front on the newly added regkey. All machines with this key will be listed.

  • Add them to a group (we can probably create a dynamic group with some custom attributes, but I didn't try).


Then, use one of the following deployement command lines to assign to this group:

WAY1:

I was limited in time, so I use the quick and dirty way to bypass the issue with the patch and not uninstall it:

1 Check if machine is x64 Condition Step 2 Step 3
2 Add Safe Mode Off x64 registry value for 32-bits Outlook Command Next Stop(Failure)
3 Add Safe Mode Off x86 registry value for 32-bits Outlook Command Stop(Success) Stop(Failure)

Command line 2 is : reg add HKLM\Software\Wow6432Node\Microsoft\Office\14.0\Outlook\Security /v DisableSafeMode /t REG_DWORD /d 00000001
Command line 3 is : reg add HKLM\SOFTWARE\Microsoft\Office\14.0\Outlook\Security /v DisableSafeMode /t REG_DWORD /d 0000000

WAY2:

Remove the patch using msiexec.exe. E.g. : msiexec /package {90140000-0011-0000-0000-0000000FF1CE} MSIPATCHREMOVE={14CDCBF7-3CCC-42E2-A5BB-2D4926E16FAA} /qn /norestart (to adapt with the Office package code and the exact patch package code)

WAY3:

Remove the patch using OARPMANY.exe. E.g. "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{14CDCBF7-3CCC-42E2-A5BB-2D4926E16FAA}" "1033" "0" (to adapt with the Office package code and the exact patch package code)

This latest will prompt the users and enforce the reboot...


Hope this is helpful.

Sebastien

View solution in original post

12 REPLIES 12
Go to solution
Susan_A
Lansweeper Alumni

‎12-18-2015 02:05 PM

jprateragg wrote:
So....is it possible to update the LS scanner so it can also search for installed Office updates?

Built-in functionality for scanning application updates found in the Windows Update history is on our customer wish list, but we do not have a release date for this feature. For now, it is recommended that you use file or registry scanning to retrieve data that's not scanned by default.
Go to solution
mshajin
Engaged Sweeper III

‎12-17-2015 05:21 PM

Brilliant - That's it uninstalled from 100 computers already and scheduled the remaining to run after scanning 🙂
0 Kudos
Go to solution
jprateragg
Champion Sweeper

‎12-17-2015 05:01 PM

All you need to do is attach the tblRegistry table and just filter on the registry key name. This is what my report looks like:


Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Description,
  tsysAssetTypes.AssetTypename,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblAssets.Lastseen,
  tblRegistry.Valuename,
  tblRegistry.Value
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tblRegistry On tblAssets.AssetID = tblRegistry.AssetID
Where tblRegistry.Valuename = 'DisplayName' And tblRegistry.Value Like
  '%KB3114409%' And
  tblRegistry.Regkey = LIKE '%14CDCBF7-3CCC-42E2-A5BB-2D4926E16FAA%' And tblAssetCustom.State = 1


EDIT: Nevermind--looks like you found your solution it while I was writing my post. 🙂
Go to solution
mshajin
Engaged Sweeper III

‎12-17-2015 04:58 PM

UPDATE: I think I figured this out.

I created a new report called "Registry: Computers with KB31144209 installed" as below which is the same as the custom scanning report. I can now schedule the uninstall package against this report.. Awesome!

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblRegistry.Regkey,
tblRegistry.Valuename,
tblRegistry.Value,
tblRegistry.Lastchanged
From tblAssets
Inner Join tblRegistry On tblAssets.AssetID = tblRegistry.AssetID
Where tblRegistry.Regkey Like '%{90140000-0012-0000-0000-0000000FF1CE}%' And
tblAssets.Assettype = -1
Order By tblAssets.AssetName


Thanks again.
0 Kudos
Go to solution
mshajin
Engaged Sweeper III

‎12-17-2015 04:43 PM

This is exactly what I was looking for! Good job.. Thanks very much!

So I have enabled the registry scanning and created the uninstall package so now I know which computers have the update installed.. Perfect! Now is there a way to export these computers to a group/report so that I can schedule to run the uninstall package against this group/report as the custom scanning reports don't show up under normal reports?

Thanks.
0 Kudos
Go to solution
jprateragg
Champion Sweeper

‎12-16-2015 03:53 PM

So....is it possible to update the LS scanner so it can also search for installed Office updates?

And thanks SCA for posting this--we are in the same boat!
0 Kudos
Go to solution
76012
Engaged Sweeper II

‎12-15-2015 05:43 PM

Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ and search for KB3114409.


Genius! Thanks a lot!
0 Kudos
Go to solution
Susan_A
Lansweeper Alumni

‎12-12-2015 02:28 PM

Just to confirm for everyone: what SCA stated is correct. (Great post by the way, SCA!) Lansweeper by default only scans system-wide updates. This is because these are the only updates returned by the Win32_QuickFixEngineering WMI class on the computer. Lansweeper pulls most Windows computer data from WMI (Windows Management Instrumentation), a framework built into Windows operating systems that stores system data. Our database dictionary explains which WMI class we get specific data from. The Win32_QuickFixEngineering class we pull patches from is documented in this article on the Microsoft website.

As SCA stated as well, registry scanning can be used to retrieve additional data that is not scanned by default. Depending on the situation, file scanning could also be used.
Go to solution
GerthE
Engaged Sweeper II

‎12-11-2015 02:45 PM

Thanks SCA !

Now do we have a way to identify computers affecter by a faulty installation.

Thanks for the heads up on this feature of LanSweeper - hadn't used it before.

//Gerth
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now