################################################################################## # # NAME: check_win_last_update.ps1 # # AUTHOR: Peter Luetke-Bexten # COAUTHOR: Christoph Hamschmidt # EMAIL: peter.luetke-bexten (at) benteler.com # # COMMENT: # Script to calculate the Days since last Windows Update # which is understandable for every Manager :-} # should be called via NRPE/NSClient++ # inspired by bratislav.stojkovic@gmail.com check_win_lastupdate.vbs # but with using Microsoft.Update.Session instead of Registry. # Registry query not working in W2016 or W10. # # NSCLIENT.ini: # check_win_lastupdate = cmd /c echo scriptspowershellcheck_win_last_update.ps1 $ARG1$ $ARG2$ ; exit($lastexitcode) | "C:WindowsSystem32WindowsPowerShellv1.0powershell.exe" -noninteractive -noprofile -ExecutionPolicy unrestricted -command - # # NRPE Check: # check_nrpe -H targethost -p 5666 -t 120 -u -c check_win_lastupdate -a 35 70 # # CHANGELOG: # 1.0 20180126 - initial version # ################################################################################ # Script calculates curent date and date of last Windows Update Installation ## Arguments #$wldays = $args[0] #$cldays = $args[1] $wldays = 90 $cldays = 180 ## ReturnStates $returnStateOK = 0 $returnStateWarning = 1 $returnStateCritical = 2 $returnStateUnknown = 3 ## Get lasat installed update and select date as object $Session = New-Object -ComObject Microsoft.Update.Session $Searcher = $Session.CreateUpdateSearcher() $HistoryCount = $Searcher.GetTotalHistoryCount() ## http://msdn.microsoft.com/en-us/library/windows/desktop/aa386532%28v=vs.85%29.aspx $DatelastInstall = $Searcher.QueryHistory(0,$HistoryCount) | ForEach-Object {$_} | Select-Object -First 1 | Select-Object -Property Date ## Get actual date $Datenow = Get-Date ## Get number of days since list install $DayslastInstall = ($Datenow - $DatelastInstall.date).Days $DayslastInstalldate = ($Datenow.Date - $DatelastInstall.Date).Days ## Debug # $DatelastInstall.ToString() # $DatelastInstall # $DatelastInstall.date # $Datenow # $Datenow.date # $DayslastInstall # $DayslastInstalldate If (!$wldays) { echo "Usage: check_win_last_update.ps1 " exit 3 } # if ($DayslastInstall) { If ($DayslastInstalldate -eq 0) { Write-Host "OK - Patches applied $DayslastInstalldate days ago at $($DatelastInstall.Date)" exit $returnStateOK } Elseif ($DayslastInstall -lt $wldays) { Write-Host "OK - Patches applied $DayslastInstalldate days ago at $($DatelastInstall.Date)" exit $returnStateOK } Elseif ($DayslastInstall -lt $cldays) { Write-Host "WARNING - Patches applied $DayslastInstalldate days ago $($DatelastInstall.Date)" exit $returnStateWarning } Elseif ($DayslastInstall -gt $cldays) { Write-Host "CRITICAL - Patches applied $DayslastInstalldate days ago $($DatelastInstall.Date)" exit $returnStateCritical } Else { Write-Host "UNKNOWN" exit $returnStateUnknown } # } else { else { Write-Host "UNKNOWN - unable to get date of last Widows Update Installation" exit $returnStateUnknown }