cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Susan_A
Lansweeper Alumni
The report below lists Windows computers that are missing a specific hotfix (Windows update). Replace YourHotfix with the hotfix ID you would like to report on, e.g. KB2079403.

The report will only list assets that meet all of the following criteria:
  • The asset is a Windows computer.
  • The computer's state is set to "active".
  • The computer has been successfully scanned at least once.
  • The computer does not have the specified hotfix/update installed.

Select Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssets.Firstseen,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblAssets.AssetID Not In (Select Top 1000000 tblQuickFixEngineering.AssetID
From tblQuickFixEngineering
Inner Join tblQuickFixEngineeringUni On tblQuickFixEngineeringUni.QFEID =
tblQuickFixEngineering.QFEID
Where tblQuickFixEngineeringUni.HotFixID Like '%YourHotfix%') And
tblAssetCustom.State = 1
Order By tblAssets.Domain,
tblAssets.AssetName
1 ACCEPTED SOLUTION
Nick_VDB
Champion Sweeper III
The report below will give back the machines that do not have the hotfixes installed. We have updated it with a list of the different hotfixes needed to mitigate MS17-010. These hotfixes are scanned from the Win32_QuickFixEngineering WMI class. There is an interval of 7 days for scanning the Win32_QuickFixEngineering WMI class, this can be modified by going to Scanning\Scanned Item Interval and setting it to 0. You can then do a full rescan of your machines so that the quickfixengineering table is updated with any new updates. Once the rescans have been done you can then run this report. In the report it is also required that the assets be set to the 'Active' state. If

Recap:
  • Go to Scanning\Scanned Item Interval
  • Change the interval time for the 'QUICKFIX' item to 0
  • Rescan all your assets to update the quickfixengineering tables with the new updates
  • Run the report

The hotfix must be found in Win32_QuickFixEngineering for Lansweeper to be able to scan it. The following command lists all the Hotfixes that are found in the Win32_QuickFixEngineering table.

wmic path Win32_QuickFixEngineering

Select Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssets.Firstseen,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where
tblAssets.AssetID Not In (Select Top 1000000 tblQuickFixEngineering.AssetID
From tblQuickFixEngineering Inner Join tblQuickFixEngineeringUni
On tblQuickFixEngineeringUni.QFEID = tblQuickFixEngineering.QFEID
Where tblQuickFixEngineeringUni.HotFixID In ('KB4012216','KB4012215',
'KB4012217','KB4012212','KB4012204','KB4012213', 'KB4015551', 'KB4019216',
'KB4015550', 'KB4019215', 'KB4013429', 'KB4019472', 'KB4015217', 'KB4015438', 'KB4016635', 'KB4012598')) And
tblAssetCustom.State = 1
Order By tblAssets.Domain,
tblAssets.AssetName

View solution in original post

33 REPLIES 33
Nick_VDB
Champion Sweeper III
The report below will give back the machines that do not have the hotfixes installed. We have updated it with a list of the different hotfixes needed to mitigate MS17-010. These hotfixes are scanned from the Win32_QuickFixEngineering WMI class. There is an interval of 7 days for scanning the Win32_QuickFixEngineering WMI class, this can be modified by going to Scanning\Scanned Item Interval and setting it to 0. You can then do a full rescan of your machines so that the quickfixengineering table is updated with any new updates. Once the rescans have been done you can then run this report. In the report it is also required that the assets be set to the 'Active' state. If

Recap:
  • Go to Scanning\Scanned Item Interval
  • Change the interval time for the 'QUICKFIX' item to 0
  • Rescan all your assets to update the quickfixengineering tables with the new updates
  • Run the report

The hotfix must be found in Win32_QuickFixEngineering for Lansweeper to be able to scan it. The following command lists all the Hotfixes that are found in the Win32_QuickFixEngineering table.

wmic path Win32_QuickFixEngineering

Select Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssets.Firstseen,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where
tblAssets.AssetID Not In (Select Top 1000000 tblQuickFixEngineering.AssetID
From tblQuickFixEngineering Inner Join tblQuickFixEngineeringUni
On tblQuickFixEngineeringUni.QFEID = tblQuickFixEngineering.QFEID
Where tblQuickFixEngineeringUni.HotFixID In ('KB4012216','KB4012215',
'KB4012217','KB4012212','KB4012204','KB4012213', 'KB4015551', 'KB4019216',
'KB4015550', 'KB4019215', 'KB4013429', 'KB4019472', 'KB4015217', 'KB4015438', 'KB4016635', 'KB4012598')) And
tblAssetCustom.State = 1
Order By tblAssets.Domain,
tblAssets.AssetName
Argon0
Champion Sweeper
OK, so... I'm confused, I want to see if a Specific KB has NOT been installed, or superseded by a newer patch... How do I do this?

Nick.VDB wrote:
The report below will give back the machines that do not have the hotfixes installed. We have updated it with a list of the different hotfixes needed to mitigate MS17-010. These hotfixes are scanned from the Win32_QuickFixEngineering WMI class. There is an interval of 7 days for scanning the Win32_QuickFixEngineering WMI class, this can be modified by going to Scanning\Scanned Item Interval and setting it to 0. You can then do a full rescan of your machines so that the quickfixengineering table is updated with any new updates. Once the rescans have been done you can then run this report. In the report it is also required that the assets be set to the 'Active' state. If

Recap:
  • Go to Scanning\Scanned Item Interval
  • Change the interval time for the 'QUICKFIX' item to 0
  • Rescan all your assets to update the quickfixengineering tables with the new updates
  • Run the report

The hotfix must be found in Win32_QuickFixEngineering for Lansweeper to be able to scan it. The following command lists all the Hotfixes that are found in the Win32_QuickFixEngineering table.

wmic path Win32_QuickFixEngineering

Select Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssets.Firstseen,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where
tblAssets.AssetID Not In (Select Top 1000000 tblQuickFixEngineering.AssetID
From tblQuickFixEngineering Inner Join tblQuickFixEngineeringUni
On tblQuickFixEngineeringUni.QFEID = tblQuickFixEngineering.QFEID
Where tblQuickFixEngineeringUni.HotFixID In ('KB4012216','KB4012215',
'KB4012217','KB4012212','KB4012204','KB4012213', 'KB4015551', 'KB4019216',
'KB4015550', 'KB4019215', 'KB4013429', 'KB4019472', 'KB4015217', 'KB4015438', 'KB4016635', 'KB4012598')) And
tblAssetCustom.State = 1
Order By tblAssets.Domain,
tblAssets.AssetName


mshajin
Engaged Sweeper III
Nick.VDB wrote:
The report below will give back the machines that do not have the hotfixes installed. We have updated it with a list of the different hotfixes needed to mitigate MS17-010. These hotfixes are scanned from the Win32_QuickFixEngineering WMI class. There is an interval of 7 days for scanning the Win32_QuickFixEngineering WMI class, this can be modified by going to Scanning\Scanned Item Interval and setting it to 0. You can then do a full rescan of your machines so that the quickfixengineering table is updated with any new updates. Once the rescans have been done you can then run this report. In the report it is also required that the assets be set to the 'Active' state. If

Recap:
  • Go to Scanning\Scanned Item Interval
  • Change the interval time for the 'QUICKFIX' item to 0
  • Rescan all your assets to update the quickfixengineering tables with the new updates
  • Run the report

The hotfix must be found in Win32_QuickFixEngineering for Lansweeper to be able to scan it. The following command lists all the Hotfixes that are found in the Win32_QuickFixEngineering table.

wmic path Win32_QuickFixEngineering

Select Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssets.Firstseen,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where
tblAssets.AssetID Not In (Select Top 1000000 tblQuickFixEngineering.AssetID
From tblQuickFixEngineering Inner Join tblQuickFixEngineeringUni
On tblQuickFixEngineeringUni.QFEID = tblQuickFixEngineering.QFEID
Where tblQuickFixEngineeringUni.HotFixID In ('KB4012216','KB4012215',
'KB4012217','KB4012212','KB4012204','KB4012213', 'KB4015551', 'KB4019216',
'KB4015550', 'KB4019215', 'KB4013429', 'KB4019472', 'KB4015217', 'KB4015438', 'KB4016635')) And
tblAssetCustom.State = 1
Order By tblAssets.Domain,
tblAssets.AssetName


Many thanks for this. You may want to include KB4012598 to the list to cover the legacy systems.
chrisarcher
Engaged Sweeper
Can I re-iterate this to Lansweeper.

There are a lot of organisations that will need to audit their estate given the recent cyber attacks and we need this report running properly to ensure we have 100% rollout of the patches.
abustraan
Engaged Sweeper III
trying to use the same report. However, I am receiving several false positives. I've checked for 4012212, 4012215, and 4012216 and Lansweeper says they're installed, when in fact, they have not.
SystemsIT
Engaged Sweeper III
abustraan wrote:
trying to use the same report. However, I am receiving several false positives. I've checked for 4012212, 4012215, and 4012216 and Lansweeper says they're installed, when in fact, they have not.


Interesting as I am getting the opposite.

Can you confirm your report your using?
ITfoam
Engaged Sweeper II
I am looking at the same report for the ransomeware. The patches have to have on OR statement I believe. I am testing the report now.

Yes, do do need to account for the rollup KB's as well.
SystemsIT
Engaged Sweeper III
ITfoam wrote:
I am looking at the same report for the ransomeware. The patches have to have on OR statement I believe. I am testing the report now.

Yes, do do need to account for the rollup KB's as well.


Even looking for just the single KB for the March release it does not appear to be found by lansweeper for some reason.
Tomas
Engaged Sweeper III
SystemsIT wrote:
ITfoam wrote:
I am looking at the same report for the ransomeware. The patches have to have on OR statement I believe. I am testing the report now.

Yes, do do need to account for the rollup KB's as well.


Even looking for just the single KB for the March release it does not appear to be found by lansweeper for some reason.


Can lansweeper confirm this? We are also trying to report on missing MS17-10 updates!
I cases like this, it would be nice for LS to provide an "emergency" report or even a installer package.
Since conditions for MS update packages can get confusing.
SystemsIT
Engaged Sweeper III
Sorry for all the posts, could this have something to do with MS new cumulative updates?

Under Lansweeper / device / Config/ Windows /Quickfix i do not show installed the KB article I am looking for. I only see some smaller ones like:

KB3210137 Update 1/2/2017 NT AUTHORITY\SYSTEM
KB4014555 Update 4/19/2017 NT AUTHORITY\SYSTEM
KB4015550 Security Update 4/19/2017 NT AUTHORITY\SYSTEM

But not the ones listed above.