Managing software updates and creation of custom reports in ConfigMgr is OCEAN. You have so much data to visualize based on your needs.
One of the very common requirements or reports is, find out the missing/required updates of a device that is managed by SCCM.
If you have not moved the device management solution to Microsoft Intune, especially windows updates and you are still with ConfigMgr, then this post is for you.
I have written a couple of blog posts on finding the missing/required updates for a specific device in SCCM are listed below for your reference.
likewise, you can create many reports, but it is not always convenient when you need to quickly check the required updates for a specific device within the SCCM console.
I have started reading about the creation of custom right-click tools (Neilp,Ryan) and created a custom tool, integrated with SCCM console to make things easy for you to find the required updates with one click.
The output will look like the following when you right-click on a device in the console, click on required updates, you will see a list of all required updates with a few columns.
How to configure/install this right-click tools extension?
Download the files from Github.
Right click on the zip file, unblock the file.
Extract the files, you will find required.updates.ps1, and folder.
Edit Required.updates.xml located in folder ed9dee86-eadd-4ac8-82a1-7234a4646e62
You need to edit line 19 for the location of the PowerShell script. You can copy the Required.updates.ps1 to your ConfigMgr admin location or anywhere that you can launch later from the console.
"G:\Program Files\Microsoft Configuration Manager\AdminConsole\bin\Required.updates.ps1"
I copied it to the admin console install folder (bin).
Now, copy the folder (ed9dee86-eadd-4ac8-82a1-7234a4646e62) to XmlStorage\Extensions\Actions folder.
In my case, the actions folder is in G:\Program Files\Microsoft Configuration Manager\AdminConsole\XmlStorage\Extensions\Actions
Close the SCCM console (in case it is opened already) and launch the console again.
Right-click on any device, you will see the required updates option, click on it, it shows the missing updates.
You can sort the columns available in the grid window by title, superseded, expired, date posted.
When the updates are superseded, they appear in orange color, if expired, they appear in red. If updates are expired and also superseded, they still appear in orange color.
I know the information that is presented in the RCT tool for required updates is limited and there is a scope to add a lot more information such as is the update targeted to the device, which SUG groups, the update is a member of, etc.
Due to the information available in the SMS provider and the complexity of the code, I have put it aside for now.
Limitations of this RCT tool and you may see empty results if the device meets the following.
1. Device has no SCCM Agent/not healthy or updates scan is not successful.
2. The device is co-managed and the windows update workload is shifted to Intune.
In case you are looking for a SQL query to gather additional information that I could not represent in the RCT solution, is given below.
The following is the SQL code to get the required updates of a device.
declare @PC nvarchar (255);set @PC='CMCB-CL01'
select ui.Title, ui.articleid [ArticleID],
UpdateClassification=cls.CategoryInstanceName,
Required=(case when ucs.Status=2 then 'Yes' else 'No' end),
Targeted=(case when ctm.ResourceID is not null then 'Yes' else 'No' end),
ui.InfoURL as InformationURL,
ui.DateLastModified[Date Posted] ,
case when ui.IsSuperseded=1 then 'Yes' else 'No' end as 'Superseded',
case when ui.IsExpired=1 then 'Yes' else 'No' end as 'Expired'
from V_UpdateComplianceStatus ucs
join v_UpdateInfo ui on ui.CI_ID=ucs.CI_ID
left join v_CITargetedMachines ctm on ctm.CI_ID=ucs.CI_ID and ctm. ResourceID = ucs.ResourceID
join v_CICategoryInfo_All vnd on vnd.CI_ID=ui.CI_ID and vnd.CategoryTypeName='Company'
join v_CICategoryInfo_All cls on cls.CI_ID=ui.CI_ID and cls.CategoryTypeName='UpdateClassification'
JOIN dbo.v_R_System AS vrs ON vrs.ResourceID = ucs.ResourceID
WHERE ucs.Status=2 and vrs.Name0=@PC
order by 1
If you want the right-click tool to run on standalone machines (not site server), you can update the powershell script with the following parameter values (thanks to Cedric for commenting)
param(
[parameter(Mandatory=$false)]
[string]$SiteServer="mymecmsiteservername.toto.com",
[parameter(Mandatory=$true)]
$RSRID
)
Hope you find this article useful!
Hello Mr Koneti,
Some workstations from SCCM lost the older ADR CU updates, and in new ADR Groups they don't take the new updates and show all this WS as unknown. This method can fix that?
Hi,
This right click tools is used to identify the missing updates (like a reporting) , for deployment of updates, you can create SUG groups.
Thanks,
Eswar
This doesn't work for me. I have the right click tools installed. I unblocked the files. I copied them to the proper folders. I edited line 19 to reflect th proper bin folder path. I see powershell come up but nothing happens after.
Hi,
are you able to run the script manually and does it show anything?
Thanks,
Eswar
Hi, very nice and usefull tool !!!!
Work perfectly on the site server, except for others computers with stand alone adminconsoles the script start and close (manually it woks after the prompt for mandatory parameters).
Maybe it will help : I've modified the script to set manually the $SiteServer variable in parameter section and it work now also on devices with standalone adminconsoles :
param(
[parameter(Mandatory=$false)]
[string]$SiteServer="mymecmsiteservername.toto.com",
[parameter(Mandatory=$true)]
$RSRID
)
Great suggestion. I have updated the post with your comment so it helps others.
Regards,
Eswar
This looks super useful! I tried to install it but when I right click a device and select Required Updates, a PowerShell window briefly appears and then disappears.
Hi,
After you download the zip file, did you right click on the zip file, unblock the file?
This could be the reason why the powershell exit automatically.
Also try to run the script manually if it works or not?
Thanks,
Eswar
I unblocked it. I kinda gave up on trying it ages ago.
What version of ConfigMgr are you running? I just tried the same right-click tools that i have posted and it works perfectly fine.
Are you running the console remotely?
Are you able to run the powershell script manually without right-click tools?
When you run the script, you need to input SCCM site server and also the resource ID of the device.
Thanks,
Eswar
Hi,
Very nice tool, I followed the instructions copying and modifying the xml\ps1 to the installation directory. I closed and opened the console, I don't see the option of required update, if I run the powershell to validate the scripts and bring the information correct.
E:\Program Files\Microsoft Configuration Manager\AdminConsole\bin\Required.updates.ps1
cmdlet Required.updates.ps1 at command pipeline position 1
Supply values for the following parameters:
SiteServer: SCCM-Server.domain.NET
RSRID: 16784885
Hi,
do you see the right click tools on the console? if you dont see the right click tools on specific device then the issue could be incorrectly copied the xml files.
Did you unblock the powershell script by right click the file, properties?
Thanks,
Eswar
can you get all required updates of a collection?
Hi Jason,
Yes, it is possible to get th required updates at collection for all devices but the data will be huge and not suggested to use right click tools.
For example, there are 100 devices in a collection, if you use RCT tool for required updates, and if each device is missing 10 updates, there will be 1000 records for 100 devices, so getting the data is not realtime use. You can use reports for that.
Thanks,
Eswar