Jump to content

Update Operating System Task - How it works? How updates are detected?


Recommended Posts

Hello,

I work for a IT Company that manage multiple ESET Remote Console across many clients and I have a question about how Update Operating System task works and the way that ESET detects Available updates.

There are some companies that have good GPO Policies configured from AD and computers, are up-to-date. And there are other companies, that never touched GPO Policies and they don't know anything about updates status on the computers.

The big question is, ESET reports that Computer have Available updates to install when....

  1. Windows Update is set to search them automatically.
  2. Whatever if Windows Update is configured or not. ESET forces computer to look for them.

 

I think that correct answer is (1), because look at that:

imagen.thumb.png.a0cb0ef364f18f64e3dbc7c8d4c26f03.png

What does this number mean?

  • 10.0.19041 = Windows 2004 Version
  • 10.0.19041.572 = Windows 2004 With October 2020 Cumulative Patches. Good! Up-to-date
  • 10.0.19041.508 = Windows 2004 With September 2020 Cumulative Patches.
  • 10.0.19041.450 = Windows 2004 With August 2020 Cumulative Patches.
  • 10.0.19041.388 = Windows 2004 With July 2020 Cumulative Patches.

We can see that there are computers outdated.

As you can see, all computers are connected to ESMC and ESET is up-to-date, but computers with 10.0.19041.508 or below are outdated but they don't have any warning or alert on the console. That's because ESET only reports if Windows Update looks for that updates and they are pending on computer. Is that right?

 

Ok, then.... as MSP sometimes, I don't have access to that networks, Active Directory, GPO AD Policy editor, etc.... And I want to keep up to date my client computers. From ESET, how can I manage to trigger/scan that updates?

Options :

  • Send that command wtih Task "Run Command"
    • reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 1 /f
  • Usoclient.exe StartScan (old wuauclt.exe /detectnow)

 

By the way, is there any improvement planned on that feature? Something like that ESET can edit local machine policy and force automatically updates ( obviously configurable from ESMC Policy).

 

Thanks,

 

Edited by rubencastello90
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...