API tools faq
paste
nullzilla

Monitor - Windows Update

nullzilla
Feb 11th, 2021 (edited)
1,975
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 4.59 KB
Copied copy raw download clone embed print report
  1. Import-Module $env:SyncroModule -WarningAction SilentlyContinue
  2.  
  3. # Check Windows 10/11 version age
  4. $OSname = Get-CimInstance Win32_OperatingSystem | Select-Object -ExpandProperty Caption
  5. if ((Get-CimInstance Win32_OperatingSystem).version -like '10*' -and $OSname -notlike '*Server*') {
  6.     if ($OSname -match 'Windows 10') {
  7.         $MaxAge = "18" # Maximum age in months of builds you want to allow
  8.         $CurrentDate = (Get-Date).AddMonths(-$MaxAge).ToString("yyMM")
  9.         # Grab version and convert to numerical format, 19041 and older do not have DispalyVersion so we grab ReleaseID
  10.         if ((Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").DisplayVersion) {
  11.             $Version = ((Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").DisplayVersion).replace('H1','05').replace('H2','11')
  12.         }
  13.         else {
  14.             $Version = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").ReleaseId
  15.         }
  16.     }
  17.     if ($OSname -match 'Windows 11') {
  18.         $MaxAge = "24" # Maximum age of builds you want to support in months
  19.         $CurrentDate = (Get-Date).AddMonths(-$MaxAge).ToString("yyMM")
  20.         # Grab version and convert to numerical format
  21.         $Version = ((Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").DisplayVersion).replace('H1','05').replace('H2','11')
  22.     }
  23.     $Diff = $Version - $CurrentDate
  24.     if ($Diff -lt '0') {
  25.         Write-Host "$OSname $Version is over $MaxAge months old, needs upgrading"`n
  26.         Rmm-Alert -Category 'Monitor - Windows Update' -Body "$OSname $Version is over $MaxAge months old, needs upgrading"
  27.         exit 1
  28.     }
  29. }
  30.  
  31. # Check for disabled services
  32. $disabled = Get-Service wuauserv, BITS, CryptSvc, RpcSs, EventLog | Where-Object -Property StartType -eq Disabled
  33. if ($disabled) {
  34.     "Disabled Services:"
  35.     $disabled
  36.     Rmm-Alert -Category 'Monitor - Windows Update' -Body 'Service(s) are disabled'
  37.     exit 1
  38. }
  39. else {
  40.     Close-Rmm-Alert -Category "Monitor - Windows Update"
  41. }
  42.  
  43. # Check if recent updates are installed
  44. $WindowsUpdateObject = New-Object -ComObject Microsoft.Update.AutoUpdate
  45. $SearchSuccessDate = $WindowsUpdateObject.Results |Select-Object LastSearchSuccessDate
  46. $SSDLastDate = [datetime]$SearchSuccessDate.LastSearchSuccessDate
  47. $SSDLastDate = (Get-Date $SSDlastDate).AddHours(-5)
  48. $SSDStartDate = Get-Date
  49. $SSDDays = (NEW-TIMESPAN -Start $SSDLastDate -End $SSDStartDate |Select-Object days).days
  50. Write-Host 'Last Search Success:' $SSDLastDate "($SSDDays days ago)"`n
  51. $InstallSuccessDate = $windowsUpdateObject.Results |Select-Object LastInstallationSuccessDate
  52. $ISDLastDate = [datetime]$InstallSuccessDate.LastInstallationSuccessDate
  53. $ISDLastDate = (Get-Date $ISDlastDate).AddHours(-5)
  54. $ISDStartDate = Get-Date
  55. $ISDDays = (New-Timespan -Start $ISDLastDate -End $ISDStartDate |Select-Object days).days
  56. Write-Host 'Last Installation Success:' $ISDLastDate "($ISDDays days ago)"`n
  57. $LastMonth = (Get-Date).addmonths(-1).ToString("yyyy-MM")
  58. $ThisMonth = (Get-Date).ToString("yyyy-MM")
  59. $Session = New-Object -ComObject 'Microsoft.Update.Session'
  60. $Searcher = $Session.CreateUpdateSearcher()
  61. $HistoryCount = $Searcher.GetTotalHistoryCount()
  62. if ($HistoryCount -gt 0) {
  63.     $xx = $($Searcher.QueryHistory(0, $HistoryCount)|Select-Object Title, Date, Operation, Resultcode|Where-Object {$_.Operation -like 1 -and $_.Resultcode -match '[123]'}| Select-object Title)
  64. }
  65. else {
  66.     $xx = $(Get-Hotfix|Where-object {$_.hotfixid -match 'KB\d{6,7}'}| Select-object Hotfixid)
  67. }
  68. if (!$xx) {
  69.     Write-Output 'WARNING - No updates returned'
  70.     Rmm-Alert -Category 'Monitor - Windows Update' -Body 'WARNING - No updates returned'
  71. }
  72. else {
  73.     $xx = $xx|Where-Object {$_ -match "($LastMonth|$ThisMonth) (Security Monthly Quality Rollup|Cumulative Update)" -or $_ -match "Feature update" }
  74.     if (!$xx) {
  75.         Write-Output 'WARNING - No recent rollup/cumulative/feature update detected'
  76.         Write-Output 'Last updates:'
  77.         $xx | Select-Object -ExpandProperty Title -First 1
  78.         # If last install succes was recent, let's not fail out
  79.         if ($ISDDays -lt 50 -or $ISDDays -gt 153000) {
  80.              Close-Rmm-Alert -Category "Monitor - Windows Update"
  81.              exit
  82.         }
  83.         Rmm-Alert -Category 'Monitor - Windows Update' -Body 'WARNING - No recent rollup/cumulative/feature update detected'
  84.         exit 1
  85.     }
  86.     else {
  87.         Write-Output 'Recent rollup or cumulative update detected:'
  88.         $xx | Select-Object -ExpandProperty Title -First 1
  89.         Close-Rmm-Alert -Category "Monitor - Windows Update"
  90.     }
  91. }
  92.  
  93.  
RAW Paste Data Copied
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!