none
Report - Server 2008 R2 "MANUALLY" installed hotfixes

    Question

  • Hi All,
    One of my server guys asked me a good question today:

    "Can you produce a list of all the servers with this hotfix installed?"

    Easy! I thought.
    So I checked the update repository for the update first to make sure we had it... arh... we haven't.
    It turns out that KB981314 (http://support.microsoft.com/kb/981314/en-gb) is a manual download and install hotfix.

    OK, so I can't query update lists for compliance, how about doing a standard software check, either for product or registered in Add/Remove programs?
    Nope.  Before 2008 updates were stored in Add/Remove programs and could be reported on, post 2008 they're not, only appearing in Windows Update.

    Anyone any ideas how I could write a report to find either all updates manually installed, or narrowed to specific Article numbers?

    Thanks in advance,
    SB


    http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx If you don't ever patch anything, for god sake make sure this patch is on.......
    • Moved by John Marcum [MVP]MVP Tuesday, June 15, 2010 12:32 PM (From:Configuration Manager General)
    Tuesday, June 15, 2010 12:08 PM

Answers

  • Using either software inventory or DCM, look for the updated file indicated in the KB and then write a report based on its existence. According the article, the hotfix updates the file Cimwin32.dll to version 6.1.7600.20683.
    Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys
    Tuesday, June 15, 2010 1:36 PM
  • It's been a cautionary thing for years...I don't remember why anymore.

    Personally, I'd make a DCM rule.

    Create a general CI, the only thing in it is under Settings, just 1 WQL test, looking for  root/cimv2,  win32_quickfixengineering, Property HotfixID, where clause of   HotfixID = "KB981314"

    On validation tab, just leave checked on "report a non-compliance event when this instance count fails" of Greater than 0.

    If kb981314 exists, it'll return compliant.  If not, it'll return non-compliant.

    Add the CI to a custom Baseline, and target the Baseline to the Collection of Servers you've been asked to check.

    Done, and relatively easily, too.


    Standardize. Simplify. Automate.
    Tuesday, June 15, 2010 3:51 PM
    Moderator

All replies

  • Using either software inventory or DCM, look for the updated file indicated in the KB and then write a report based on its existence. According the article, the hotfix updates the file Cimwin32.dll to version 6.1.7600.20683.
    Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys
    Tuesday, June 15, 2010 1:36 PM
  • Arhhh.. that's a nightmare, I was hoping not to have to go down that route!

    Any other ideas, possibly, maybe, hopefully?
    I was hoping to be able to supply a standard report where all the server guys had to do was enter a KB Article number when prompted.

    Cheers,
    SB


    http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx If you don't ever patch anything, for god sake make sure this patch is on.......
    Tuesday, June 15, 2010 2:57 PM
  • Thanks Jason, I was hoping not to have to go down that route :(

    I was hoping to provide a simple report to the server guys where all they had to do was specify a KB Article ID.

    I've just noticed this thread (I didn't see it before posting when searching earlier) http://social.technet.microsoft.com/Forums/en-US/configmgrinventory/thread/bff9edaa-4c56-4b00-b05f-c3cdbd02e2f3?prof=required

    It mentions the win32_quickfixengineering class in WMI.

    I've just run Get-wmiObject win32_quickfixengineering in powershell on one of the servers that I know has the hotfix installed and it reports it as there.
    The mentioned post says to be careful when enabling that class, any ideas why?

    Cheers,

    SB


    http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx If you don't ever patch anything, for god sake make sure this patch is on.......
    Tuesday, June 15, 2010 3:42 PM
  • It's been a cautionary thing for years...I don't remember why anymore.

    Personally, I'd make a DCM rule.

    Create a general CI, the only thing in it is under Settings, just 1 WQL test, looking for  root/cimv2,  win32_quickfixengineering, Property HotfixID, where clause of   HotfixID = "KB981314"

    On validation tab, just leave checked on "report a non-compliance event when this instance count fails" of Greater than 0.

    If kb981314 exists, it'll return compliant.  If not, it'll return non-compliant.

    Add the CI to a custom Baseline, and target the Baseline to the Collection of Servers you've been asked to check.

    Done, and relatively easily, too.


    Standardize. Simplify. Automate.
    Tuesday, June 15, 2010 3:51 PM
    Moderator
  • Sherry, once again you are a star.

    I know Jason mentioned the DCM route earlier, but it's one area where I've yet to dive into deeper.

    Your explanation makes perfect sense to me however so I'll give it a try tomorrow!

    Thanks all,
    SB

    On a side note, anyone know if Beta1 of ConfigMgr V.Next changes anything related to this post, in terms of making it easier to report on hotfixes installed on server 2008 that don't reside on the SUP?


    http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx If you don't ever patch anything, for god sake make sure this patch is on.......
    Tuesday, June 15, 2010 3:57 PM
  • P.S. I shouldn't be so lazy before posting and should have just checked the SMS_def.mof:

    //===================================================================
    //    W A R N I N G        W A R N I N G        W A R N I N G
    //
    // DO NOT: Enable the Win32_QuickFixEngineering class unless you have
    //         installed the QFE for Q279225.  Enabling this class without
    //         the QFE will result in inventory cycles taking a very long
    //         time to complete on the client and the WINMGMT service
    //         using 99% to 100% CPU time and leaking memory.
    //
    //===================================================================

    http://support.microsoft.com/kb/279225/en-gb

     It looks like it's only applicable to Windows 2000 so "in theory" should be a problem on our 2003/2008 R2 estate.


    http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx If you don't ever patch anything, for god sake make sure this patch is on.......
    Tuesday, June 15, 2010 4:00 PM