SCCM Right click tools–find missing updates of a client

Managing software updates and creation of custom reports in ConfigMgr is OCEAN. You have so much data to visualize based on your needs.

One of the very common requirements or reports is, find out the missing/required updates of a device that is managed by SCCM.

If you have not moved the device management solution to Microsoft Intune, especially windows updates and you are still with ConfigMgr, then this post is for you.

I have written a couple of blog posts on finding the missing/required updates for a specific device in SCCM are listed below for your reference.

http://eskonr.com/2016/08/sccm-configmgr-sql-query-to-find-top-x-missing-updates-for-specific-collection-for-specific-update-group/

http://eskonr.com/2015/12/sccm-configmgr-ssrs-report-get-list-of-missing-updates-for-pc-from-specific-software-update-group/

likewise, you can create many reports, but it is not always convenient when you need to quickly check the required updates for a specific device within the SCCM console.

I have started reading about the creation of custom right-click tools (Neilp,Ryan) and created a custom tool, integrated with SCCM console to make things easy for you to find the required updates with one click.

The output will look like the following when you right-click on a device in the console, click on required updates, you will see a list of all required updates with a few columns.

image

image

How to configure/install this right-click tools extension?

Download the files from Github.

Right click on the zip file, unblock the file.

Extract the files, you will find required.updates.ps1, and folder.

Edit Required.updates.xml located in folder ed9dee86-eadd-4ac8-82a1-7234a4646e62

You need to edit line 19 for the location of the PowerShell script. You can copy the Required.updates.ps1 to your ConfigMgr admin location or anywhere that you can launch later from the console.

image

"G:\Program Files\Microsoft Configuration Manager\AdminConsole\bin\Required.updates.ps1"

I copied it to the admin console install folder (bin).

Now, copy the folder (ed9dee86-eadd-4ac8-82a1-7234a4646e62) to XmlStorage\Extensions\Actions folder.

In my case, the actions folder is in G:\Program Files\Microsoft Configuration Manager\AdminConsole\XmlStorage\Extensions\Actions

Close the SCCM console (in case it is opened already) and launch the console again.

Right-click on any device, you will see the required updates option, click on it, it shows the missing updates.

You can sort the columns available in the grid window by title, superseded, expired, date posted.

When the updates are superseded, they appear in orange color, if expired, they appear in red. If updates are expired and also superseded, they still appear in orange color.

I know the information that is presented in the RCT tool for required updates is limited and there is a scope to add a lot more information such as is the update targeted to the device, which SUG groups, the update is a member of, etc.

Due to the information available in the SMS provider and the complexity of the code, I have put it aside for now.

Limitations of this RCT tool and you may see empty results if the device meets the following.

1. Device has no SCCM Agent/not healthy or updates scan is not successful.

2. The device is co-managed and the windows update workload is shifted to Intune.

In case you are looking for a SQL query to gather additional information that I could not represent in the RCT solution, is given below.

The following is the SQL code to get the required updates of a device.

declare @PC nvarchar (255);set @PC='CMCB-CL01'

select ui.Title, ui.articleid [ArticleID],
UpdateClassification=cls.CategoryInstanceName,
Required=(case when ucs.Status=2 then 'Yes' else 'No' end),
Targeted=(case when ctm.ResourceID is not null then 'Yes' else 'No' end),
ui.InfoURL as InformationURL,
ui.DateLastModified[Date Posted] ,
case when ui.IsSuperseded=1 then 'Yes' else 'No' end as 'Superseded',
case when ui.IsExpired=1 then 'Yes' else 'No' end as 'Expired'
from V_UpdateComplianceStatus  ucs
join v_UpdateInfo ui on ui.CI_ID=ucs.CI_ID
left join v_CITargetedMachines  ctm on ctm.CI_ID=ucs.CI_ID and ctm. ResourceID = ucs.ResourceID
join v_CICategoryInfo_All vnd on vnd.CI_ID=ui.CI_ID and vnd.CategoryTypeName='Company'
join v_CICategoryInfo_All cls on cls.CI_ID=ui.CI_ID and cls.CategoryTypeName='UpdateClassification'
JOIN dbo.v_R_System AS vrs ON vrs.ResourceID = ucs.ResourceID
WHERE  ucs.Status=2 and vrs.Name0=@PC
order by 1

image

If you want the right-click tool to run on standalone machines (not site server), you can update the powershell script with the following parameter values (thanks to Cedric for commenting)

param(
[parameter(Mandatory=$false)]
[string]$SiteServer="mymecmsiteservername.toto.com",
[parameter(Mandatory=$true)]
$RSRID
)

Hope you find this article useful!

14 Responses to "SCCM Right click tools–find missing updates of a client"

  1. Hello Mr Koneti,

    Some workstations from SCCM lost the older ADR CU updates, and in new ADR Groups they don't take the new updates and show all this WS as unknown. This method can fix that?

    Reply
    1. Hi,
      This right click tools is used to identify the missing updates (like a reporting) , for deployment of updates, you can create SUG groups.

      Thanks,
      Eswar

      Reply
  2. This doesn't work for me. I have the right click tools installed. I unblocked the files. I copied them to the proper folders. I edited line 19 to reflect th proper bin folder path. I see powershell come up but nothing happens after.

    Reply
  3. Hi, very nice and usefull tool !!!!
    Work perfectly on the site server, except for others computers with stand alone adminconsoles the script start and close (manually it woks after the prompt for mandatory parameters).

    Maybe it will help : I've modified the script to set manually the $SiteServer variable in parameter section and it work now also on devices with standalone adminconsoles :

    param(
    [parameter(Mandatory=$false)]
    [string]$SiteServer="mymecmsiteservername.toto.com",
    [parameter(Mandatory=$true)]
    $RSRID
    )

    Reply
  4. This looks super useful! I tried to install it but when I right click a device and select Required Updates, a PowerShell window briefly appears and then disappears.

    Reply
    1. Hi,
      After you download the zip file, did you right click on the zip file, unblock the file?
      This could be the reason why the powershell exit automatically.
      Also try to run the script manually if it works or not?

      Thanks,
      Eswar

      Reply
        1. What version of ConfigMgr are you running? I just tried the same right-click tools that i have posted and it works perfectly fine.
          Are you running the console remotely?
          Are you able to run the powershell script manually without right-click tools?
          When you run the script, you need to input SCCM site server and also the resource ID of the device.

          Thanks,
          Eswar

          Reply
  5. Hi,
    Very nice tool, I followed the instructions copying and modifying the xml\ps1 to the installation directory. I closed and opened the console, I don't see the option of required update, if I run the powershell to validate the scripts and bring the information correct.

    E:\Program Files\Microsoft Configuration Manager\AdminConsole\bin\Required.updates.ps1
    cmdlet Required.updates.ps1 at command pipeline position 1
    Supply values for the following parameters:
    SiteServer: SCCM-Server.domain.NET
    RSRID: 16784885

    Reply
    1. Hi,
      do you see the right click tools on the console? if you dont see the right click tools on specific device then the issue could be incorrectly copied the xml files.
      Did you unblock the powershell script by right click the file, properties?

      Thanks,

      Eswar

      Reply
    1. Hi Jason,
      Yes, it is possible to get th required updates at collection for all devices but the data will be huge and not suggested to use right click tools.
      For example, there are 100 devices in a collection, if you use RCT tool for required updates, and if each device is missing 10 updates, there will be 1000 records for 100 devices, so getting the data is not realtime use. You can use reports for that.

      Thanks,
      Eswar

      Reply

Leave a Reply to Eswar Koneti Cancel reply