Using compliance settings in Configmgr, you can do many tasks as part of compliance. In the last couple of blogs, we have utilized compliance settings to identify WU settings,automatic update,trusted publisher settings etc. http://eskonr.com/2017/10/configmgr-how-to-use-compliance-settings-to-check-the-windows-update-policy-settings-like-wuserver-usewuservernoautoupdate-on-clients/
In this blog post ,we will see how to use compliance settings to check for Windows update agent version if it is older or latest one as per https://support.microsoft.com/en-us/help/949104/how-to-update-the-windows-update-agent-to-the-latest-version.
The Windows Update Agent runs on each client computer and checks for availability of updates. If you are using configmgr ,when the software update scan cycle runs ,a scan request is passed to the Windows Update Agent (WUA). This WUA then connects to the WSUS server location that is listed in the local policy (this policy will be created at the time of configmgr client installation), retrieves the software updates metadata (update catalog) that has been synchronized on the WSUS server, and scans the client computer for the updates. To read further on software updates https://docs.microsoft.com/en-us/sccm/sum/understand/software-updates-introduction
Daniel (PotentEngineer) has document all the versions of windows update agent on http://www.potentengineer.com/windows-update-agent-build-numbers-for-windows-7/
There are lot cases on windows update issue which happened due to old version of windows update hence you need focus on brining the windows update agent to latest supported version.
I will not go in-detail (step by step) about how to create configuration Item and Configuration baseline instead ,i will guide you through the settings that you need configure for Windows update agent.
Though the configurations used in the settings/creation of rule in compliance setting is very simple ,i would like to get it in this blog post along with SQL Query and WQL collection to identify how many clients in your organisation are running older .
1.Define Compliance setting for the applicable OS (Windows update agent varies from OS to OS) .This blog post focus on windows 7.
Once you deploy the configuration baseline to collection ,clients will perform the CI evaluation and send the results to Configmgr which will help you to create collection from the baseline results and deploy latest windows update agent.
Compliance Item :
New setting:
New Rule: Replace the windows update agent that you are looking for.
Note: The above WUA agent is only for windows 7 hence you need to configure the OS while creation of CI or deploy this to only windows 7 collection.
If you want to create the rule for multiple OS to check WUA version ,you can try something like below (it is untested at the time of writing the blog post).
Make sure you add the latest version of windows update agent into the one of list.
2.WQL Query for collection:
Ronni has nice post on this ,please follow it https://www.ronnipedersen.com/2015/06/04/updating-the-windows-update-agent-on-windows-7-clients/
3.SQL Query:
Windows update agent version stored in v_GS_WINDOWSUPDATEAGENTVERSION SQL view.
We will use this SQL view to find count of versions.
select a.version0 as 'WUA Version', count(*) as 'Total'
from v_GS_WINDOWSUPDATEAGENTVERSION as a
group by a.version0
order by 2 desc
More information http://eskonr.com/2010/02/sccm-collection-for-windows-update-agent/
Using this ,you can create nice SSRS report .you can also create drilldown report to find what are the machines that are running lower versions with computer name ,user name etc.
List of SCCM Configmgr SQL views documentation is available on TechNet https://gallery.technet.microsoft.com/SCCM-Configmgr-2012-R2-SQL-5fefdd3b