Notification

Icon
Error

Microsoft Patch Tuesday Report – February 2019

Posted: Wednesday, February 13, 2019 11:56:48 AM(UTC)
Esben.D

Esben.D

Member Administration Original PosterPosts: 1,834
7
Like
February has come so another Patch Tuesday is upon us. This report checks if assets in your network are on the latest Windows monthly roll-up (or security) update released on this patch Tuesday. If you want more information about what is included in this update, feel free to visit the related blog post.

The report is color-coded to give you an easy and quick overview which assets are already on the latest Windows update (excluding anything older than Windows 7 SP1).

If you have any suggestions which might improve the report for future use, feel free to post your suggestion. You can find the report for last month here.

Code:
Select Distinct Top 1000000 Coalesce(tsysOS.Image,
tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblState.Statename As State,
Case tblAssets.AssetID
When SubQuery1.AssetID Then 'Up to date'
Else 'Out of date'
End As [Patch status],
Case
When tblComputersystem.Domainrole > 1 Then 'Server'
Else 'Workstation'
End As [Workstation/Server],
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
Case
When tsysOS.OScode Like '10.0.10240%' Then '1507'
When tsysOS.OScode Like '10.0.10586%' Then '1511'
When tsysOS.OScode Like '10.0.14393%' Then '1607'
When tsysOS.OScode Like '10.0.15063%' Then '1703'
When tsysOS.OScode Like '10.0.16299%' Then '1709'
When tsysOS.OScode Like '10.0.17134%' Then '1803'
When tsysOS.OScode Like '10.0.17763%' Then '1809'
End As Version,
tblAssets.Lastseen,
tblAssets.Lasttried,
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
Case
When tblAssets.AssetID = SubQuery1.AssetID Then ''
Else Case
When tsysOS.OSname = 'Win 2008' Then 'KB4487023 or KB4487019'
When tsysOS.OSname = 'Win 7' Or tsysOS.OSname = 'Win 7 RC' Or
tsysOS.OSname = 'Win 2008 R2' Then 'KB4486563 or KB4486564'
When tsysOS.OSname = 'Win 2012' Or
tsysOS.OSname = 'Win 8' Then 'KB4487025 or KB4486993'
When tsysOS.OSname = 'Win 8.1' Or
tsysOS.OSname = 'Win 2012 R2' Then 'KB4487000 or KB4487028'
When tsysOS.OScode Like '10.0.10240' Then 'KB4487018'
When tsysOS.OScode Like '10.0.10586' Then 'KB4093109'
When tsysOS.OScode Like '10.0.14393' Or
tsysOS.OSname = 'Win 2016' Then 'KB4487026'
When tsysOS.OScode Like '10.0.15063' Then 'KB4487020'
When tsysOS.OScode Like '10.0.16299' Then 'KB4486996'
When tsysOS.OScode Like '10.0.17134' Then 'KB4487017'
When tsysOS.OScode Like '10.0.17763' Or
tsysOS.OSname = 'Win 2019' Then 'KB4487044'
End
End As [Install one of these updates],
Convert(nvarchar,DateDiff(day, QuickFixLastScanned.QuickFixLastScanned,
GetDate())) + ' days ago' As WindowsUpdateInfoLastScanned,
Case
When Convert(nvarchar,DateDiff(day, QuickFixLastScanned.QuickFixLastScanned,
GetDate())) > 3 Then
'Windows update information may not be up to date. We recommend rescanning this machine.'
Else ''
End As Comment,
Case tblAssets.AssetID
When SubQuery1.AssetID Then '#d4f4be'
Else '#ffadad'
End As backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Top 1000000 tblQuickFixEngineering.AssetID
From tblQuickFixEngineering
Inner Join tblQuickFixEngineeringUni On tblQuickFixEngineeringUni.QFEID
= tblQuickFixEngineering.QFEID
Where tblQuickFixEngineeringUni.HotFixID In ('KB4487023','KB4487019','KB4486563','KB4486564','KB4487025','KB4486993','KB4487000','KB4487028','KB4487018','KB4093109','KB4487026','KB4487020','KB4486996','KB4487017','KB4487044')) As
SubQuery1 On tblAssets.AssetID = SubQuery1.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblOperatingsystem On tblOperatingsystem.AssetID =
tblAssets.AssetID
Left Join tsysIPLocations On tblAssets.IPNumeric >= tsysIPLocations.StartIP
And tblAssets.IPNumeric <= tsysIPLocations.EndIP
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join (Select Distinct Top 1000000 tblAssets.AssetID As ID,
TsysLastscan.Lasttime As QuickFixLastScanned
From TsysWaittime
Inner Join TsysLastscan On TsysWaittime.CFGCode = TsysLastscan.CFGcode
Inner Join tblAssets On tblAssets.AssetID = TsysLastscan.AssetID
Where TsysWaittime.CFGname = 'QUICKFIX') As QuickFixLastScanned On
tblAssets.AssetID = QuickFixLastScanned.ID
Left Join (Select Distinct Top 1000000 tblAssets.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Inner Join tblAssets On tblAssets.AssetID = tblErrors.AssetID
Group By tblAssets.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Inner Join tblComputersystem On tblAssets.AssetID = tblComputersystem.AssetID
Where tblAssets.AssetID Not In (Select Top 1000000 tblAssets.AssetID
From tblAssets Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tsysOS.OSname Like 'Win 7%' And tblAssets.SP = 0) And
tsysOS.OSname != 'Win 2000 S' And tsysOS.OSname Not Like '%XP%' And
tsysOS.OSname Not Like '%2003%' And tsysAssetTypes.AssetTypename Like
'Windows%' And tblAssetCustom.State = 1
Order By tblAssets.Domain,
tblAssets.AssetName
darren.kimber@stockland.com.au
posted: 2/13/2019 11:09:12 PM(UTC)
Hi Esben,

This report is only including an 8th of my fleet. I can't work out what is filtering the rest. It has a mix in the output of all the OS's so something else is filtering? Any ideas?

Thanks
Esben.D
#2Esben.D Member Administration Original PosterPosts: 1,834  
posted: 2/15/2019 10:47:08 AM(UTC)
Are your assets all in the Active state? The report only shows assets that have the active state.
B.L.
#3B.L. Member Posts: 14  
posted: 2/22/2019 2:53:05 PM(UTC)
Hi

It seems like the report only takes into account the latest KB's, I have devices that are up to date for this month, but not for a previous month.
I really like this idea, but as it is now I can't trust it.
It would be nicer if some way it could connect to some sources (RSS?) and use information from that source.
I understand there are security implications but it should be possible to solve that.
Esben.D
#4Esben.D Member Administration Original PosterPosts: 1,834  
posted: 2/22/2019 3:23:24 PM(UTC)
Originally Posted by: B.L. Go to Quoted Post
Hi

It seems like the report only takes into account the latest KB's, I have devices that are up to date for this month, but not for a previous month.
I really like this idea, but as it is now I can't trust it.
It would be nicer if some way it could connect to some sources (RSS?) and use information from that source.
I understand there are security implications but it should be possible to solve that.

Can use the report from the previous month to check if those KBs are installed. If you want to, you can combine the two reports.
The reason why I don't do it myself is simply workload. At the moment its find the KB numbers and replace. When you add KBs of previous months, you also need to add more conditional information messages with more requirements to alert which specific KBs are missing etc.

Active Discussions

Lansweeper Remove all users from old domain
by  cmuter   Go to last post Go to first unread
Last post: 9/20/2019 8:03:58 PM(UTC)
Lansweeper Static IP Address
by  cycleheat  
Go to last post Go to first unread
Last post: 9/20/2019 4:07:16 PM(UTC)
Lansweeper Bitlocker Encryption Recovery Key no information found
by  Stephane   Go to last post Go to first unread
Last post: 9/20/2019 2:26:19 PM(UTC)
Lansweeper InTune Scanning Issues
by  Esben.D  
Go to last post Go to first unread
Last post: 9/20/2019 12:34:59 PM(UTC)
Lansweeper Office 365 scanning issues
by  Esben.D   Go to last post Go to first unread
Last post: 9/20/2019 12:23:30 PM(UTC)
Lansweeper Hard Drive Tracking - Start to Finish
by  Lone Jedi  
Go to last post Go to first unread
Last post: 9/19/2019 8:11:56 PM(UTC)
Lansweeper Lansweeper Reporting Old Assets as New
by  Jpatterson   Go to last post Go to first unread
Last post: 9/19/2019 12:52:14 PM(UTC)
Lansweeper Cannot edit a ticket anymore
by  Esben.D  
Go to last post Go to first unread
Last post: 9/19/2019 12:32:42 PM(UTC)