Patch Config Audit
Purpose
The purpose of this solution is to showcase the patch configuration of a Windows computer. It exhibits the configuration information altered by the WUA Settings Validation script.
Upgrade Notice: 29-Oct-2024
The solution has been updated to indicate whether Windows upgrades or feature updates are restricted from the registry key for Windows 10 and 11.
Execute the Get Patch Config script against any online Windows computer with the Set_Environment parameter set to 1. This will add the newly introduced column upgradeRestricted to the pvl_patch_config table, which is necessary for the solution.
Associated Content
Auditing
| Content | Type | Function |
|---|---|---|
| Get Patch Config | Script | Gathers Data |
| pvl_patch_config | Custom Table | Stores Data |
| Patch Config Audit | Dataview | Displays Data |
| Execute Script - Get Patch Config | Internal Monitor | Detects Windows Machines |
| △ Custom - Execute Script - Get Patch Config | Alert Template | Executes the Script |
Automation
| Content | Type | Function |
|---|---|---|
| Patch Manager - WUA Settings Validation | Script | Validate and set the appropriate values for the patching registries. |
| Internal Monitor - Patch Config Mismatch | Internal Monitor | Detect computers with mismatched configurations. |
| △ Custom - Patch Config Mismatch | Alert Template | Executes Patch Manager - WUA Settings Validation script. |
Implementation
1.
Import the following auditing content using the ProSync Plugin:
- Script - Get Patch Config
- Dataview - Patch Config Audit
- Internal Monitor - Execute Script - Get Patch Config
- Alert Template - △ Custom - Execute Script - Get Patch Config
2.
Import the following automation content using the ProSync Plugin:
- Script - Patch Manager - WUA Settings Validation
- Internal Monitor - Patch Config Mismatch
- Alert Template: △ Custom - Patch Config Mismatch
3.
Reload the system cache:
4.
Execute the Get Patch Config script against any online Windows computer with the Set_Environment parameter set to 1. This will create the pvl_patch_config table, which is necessary for the solution.
5.
Configure the auditing solution as outlined below:
- Navigate to Automation → Monitors within the CWA Control Center and set up the following:
- Internal Monitor - Execute Script - Get Patch Config
- Set up with the
△ Custom - Execute Script - Get Patch Configalert template - Right-click and Run Now to start the monitor
- Set up with the
- Internal Monitor - Execute Script - Get Patch Config
Only if Requested
6.
Configure the automation as outlined below:
- Navigate to Automation → Monitors within the CWA Control Center and set up the following:
- Internal Monitor - Patch Config Mismatch
- Set up with the
△ Custom - Patch Config Mismatchalert template - Right-click and Run Now to start the monitor
- Set up with the
- Internal Monitor - Patch Config Mismatch
FAQ
Q: Can this solution be used in environments without configuring the WUA Settings Validation script?
A: The auditing section of the solution is independent of the WUA Settings Validation script.