Welcome to the first installment of Pro Tips with Esben. My very own space where I regularly post topics that dive a bit deeper into what Lansweeper can do and creative ways to use Lansweeper. In the first installment, I am going to cover some of the lesser-known Windows update options that Lansweeper can provide.
Starting with Windows 10, Microsoft started its Windows as a Service (WaaS) model. This means that Windows would be updated regularly instead of getting the old service packs along with a new Windows version every 3 years or so. A result of this new model is that we now have 2 types of updates, Feature, and Quality updates.
Feature updates are the new versions of Windows, the ones that used to be indicated with a number (1803,1809, ...) and more recently with a more indicative letter and number combination (20H1, 21H1). Each feature update usually contains new features, visual improvements, and enhancements to the overall experience and security (or so they claim).
Quality updates are the better known cumulative updates or security updates. These updates do not include new features but rather fix bugs, vulnerabilities, or other issues that the Windows version has and are released each month on the second Tuesday, also known as Patch Tuesday.
Lansweeper already scans Windows updates by default, which has led to the great success of the Patch Tuesday reports I create every month. However, there is much more info you can pick up related to Windows updates that you can scan on more recent Windows versions. Using custom registry scanning, we can scan the Windows update settings for each computer.
Finding devices that require a reboot to finish an update is very useful information. Most Windows updates require a reboot to complete the installation, so without having the reboot performed, updates will not be fully installed and effective. Unfortunately, Windows has not provided this information easily for a long time. In more recent Windows versions, a registry key is available to check if your device is waiting on a reboot.
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX\StateVariables
Value: RebootRequired
Both of these types of updates have two options. They can be deferred or paused. When you defer an update, you prevent the update from being installed for X amount of days after release. This is primarily done to prevent bugs that are introduced in updates (which is quite common) from affecting all of your devices at the same time.
Pausing updates is not used as frequently. It simply prevents updates from being installed for X amount of days however, it does not take the release date of the update into account. However, it might be useful to know which developers, or other users in your organization that require admin credentials, are pausing their updates. Both of the options can be scanned using the following registry keys.
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState
Value: FeatureUpdatesDeferralInDays
Value: QualityUpdatesDeferralInDays
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings
Value: PausedFeatureStatus
Value: PausedQualityStatus
Microsoft often adds additional keys and changes them, so it is interesting to take a look at all the data you can find. Simply open up your registry editor and navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate". There is a wealth of information available, including whether a device is enrolled in the Insider Program or active hours settings.
While you tinker away on your own report, I've created a Windows Update Settings Report that will display whether your devices require a reboot or not, the number of deferral days for feature and quality updates, and the pause status of updates. Do note that older Windows 10 versions might not have this registry key so your results may vary.
© Copyright 2000-2023 COGITO SOFTWARE CO.,LTD. All rights reserved