\n
Remember the good old days, when there was a simple text file that you could look at to see what was going on with your Windows Update processes? Yep...the good old days...life was so simple. Starting with Windows 10 and Windows Server 2016 the process has changed considerably. If you view the WindowsUpdate.log file that is located in the C:\\Windows directory, you are greeted with the following text:
\n
\n
\n
Windows Update logs are now generated using ETW (Event Tracing for Windows).\nPlease run the Get-WindowsUpdateLog PowerShell command to convert ETW traces into a readable WindowsUpdate.log.\n\nFor more information, please visit http://go.microsoft.com/fwlink/?LinkId=518345
\nThe link specified above describes the reasoning for modifying this process and the general guidelines for generating and viewing the WindowsUpdate.log file. While I'm in favor of better performance and using less disk space, this new process takes some getting used to. To quote the ever-wise REO Speedwagon, \"you got to roll with the changes\". And roll we will. The reason that I am creating this particular blog post is that I recently had to analyze the WindowsUpdate.log files from multiple machines, which was a challenge when you consider the amount of work that needs to be done to get the correct Symbols in place and the burden of running the command locally on each machine. I didn't do that too many times before the PowerShell light bulb lit up in my head to automate the process of gathering the logs from remote machines. In my case, it was much easier to generate them from the remote machine and copy the files locally where I have everything installed that I need to work with the WindowsUpdate.log files.
\n
\n\n\nAs noted in the top portion of the script, there are a few prerequisites that need to be in place on the machine that is running the script:\n
\n- TraceFMT.exe installed locally, which can be downloaded from the following sites:
\n
\n
WDK Download site: https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit
\n
SDK Download Site: https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk
\n
In my experience, TraceFMT.exe has worked more reliably to convert the files than the native Get-WindowsUpdateLog cmdlet.
\n
\n
\n- Windows Symbols either locally stored on the computer or on a network file share. Symbols are Windows Version specific, so make sure that you have the correct version downloaded for the Operating System version to match the system you are pulling the Windows Update logs from. Symbols can be downloaded from:
\n
\n
Symbols Download Site: https://developer.microsoft.com/en-us/windows/hardware/download-symbols
\n
\n
\n- Create a folder to serve as the base, top-level folder for the collection of the logs. The script will create a sub-folder with the name of the remote machine to hold all of the collected files.
\n
\n\n
\n- Connects remotely to a remote machine and executes the Get-WindowsUpdateLog cmdLet against it.
\n- Copies the resulting WindowsUpdate.*.etl files to your \"Work Directory\", which is just a local folder or file share location to use as a base directory.
\n- Organizes the ETL files into individual folders by date.
\n- Breaks the list of ETL files from each directory into groups of 15.
\n- TraceFMT.exe generates the WindowsUpdate.log file.
\n- Generates a separate WindowsUpdateX.log for each group of 15 ETL files until all ETL files are processed.
\n
\n\nAfter the script has completed, there will be a folder for the machine, with sub-folders for each date. The date folders will have all of the ETL files for that date. When there are more than 15 files, the first 15 files are processed into WindowsUpdate1.log, the second group of 15 into WindowsUpdate2.log, etc.
\n
\n\n\n
WindowsUpdateLogs.ps1 -Computer \"PCNameHere\" -WorkDir \"C:\\Work\" <-SymbolPath \"X:\\SymbolPathHere\"> <-TraceFMTPath X:\\TraceFMTEXEPathHere>\n\n\nThe script can be downloaded at the bottom of this post.
NOTE: If you copy the text below, the ScriptBlock line on line #135 may be incomplete due to the text wrap on that line. Use the download link above instead or make sure that line is corrected before running the script for the first time.\n
###############################################################################################\n# \n# The sample scripts are not supported under any Microsoft standard support \n# program or service. The sample scripts are provided AS IS without warranty \n# of any kind. Microsoft further disclaims all implied warranties including, without \n# limitation, any implied warranties of merchantability or of fitness for a particular \n# purpose. The entire risk arising out of the use or performance of the sample scripts \n# and documentation remains with you. In no event shall Microsoft, its authors, or \n# anyone else involved in the creation, production, or delivery of the scripts be liable \n# for any damages whatsoever (including, without limitation, damages for loss of business \n# profits, business interruption, loss of business information, or other pecuniary loss) \n# arising out of the use of or inability to use the sample scripts or documentation, \n# even if Microsoft has been advised of the possibility of such damages\n#\n###############################################################################################\n#\n# THIS SCRIPT WILL ALLOW A CENTRALIZED ADMIN WORKSTATION TO REMOTELY GENERATE \n# WINDOWSUPDATE.LOG ETL FILES AND WILL COPY THEM TO A LOCAL LOCATION FOR ANALYSIS.\n# IT PLACES THE ETL FILES IN SUBDIRECTORIES ORGANIZED BY DATE AND UTILIZES TRACEFMT.EXE\n# TO GENERATE THE FINAL WINDOWSUPDATE.LOG FILE. \n#\n# PREREQUISITES:\n# ============================================================================================\n# 1. TRACEFMT.EXE (PART OF THE WINDOWS WDK AND SDK)\n# WDK Download site: https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit\n# DK Download Site: https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk\n# 2. WINDOWS SYMBOLS\n# SYMBOLS (FOR EACH SPECIFIC OS BEING ANALYZED)\n# SYMBOLS DOWNLOAD: https://developer.microsoft.com/en-us/windows/hardware/download-symbols\n#\n# 3. CREATE A FOLDER TO BE USED AS A BASE FOR STORAGE OF ALL FILES PULLED FROM REMOTE MACHINES\n#\n#\n# SYNTAX/USAGE:\n# ============================================================================================\n# WindowsUpdateLogs.ps1 -Computer \"SomePC1\" -WorkDir \"C:\\Work\" <-SymbolPath \"X:\\SymbolPathHere\"> \n# <-TraceFMTPath X:\\TraceFMTEXEPathHere>\n\nParam (\n[Parameter(Mandatory=$true)][string]$Computer,\n[Parameter(Mandatory=$true)][string]$WorkDir,\n[string]$SymbolPath = \"C:\\Symbols\",\n[string]$TraceFMTPath = \"C:\\Program Files (x86)\\Windows Kits\\10\\bin\\x86\"\n)\n\n# VERIFY THAT THE $WorkDir PATH SPECIFIED EXISTS\nIf (!(Test-Path $WorkDir))\n{\n Write-Output \"$WorkDir path not found, exiting script\"\n Exit 99\n}\n\n# VERIFY THAT THE PATH SPECIFIED CONTAINS THE TRACEFMT.EXE TOOL SINCE IT IS REQUIRED\nIf (!(Test-Path $TraceFMTPath\\TraceFmt.exe))\n{\n Write-Output \"TraceFmt.exe not found at $TraceFMTPath, exiting script\"\n Write-Output \"TraceFmt.exe is part of the Windows Driver Kit and Software Development Kit\"\n Write-Output \"WDK Download: https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit\" \n Write-Output \"SDK Download: https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk\"\n Exit 99\n}\n\n# VERIFY LOCATION OF SYMBOLS DIRECTORY (REQUIRED)\nIf (!(Test-Path $SymbolPath))\n{\n Write-Output \"Symbols not found at $SymbolPath, exiting script\"\n Write-Output \"If you need to download symbols, they are available at:\"\n Write-Output \"https://developer.microsoft.com/en-us/windows/hardware/download-symbols\"\n Write-Output \"=========================================================================================\"\n Write-Output \"NOTE: Symbols must match the OS version that you are pulling the Windows Update logs from\"\n Write-Output \"=========================================================================================\"\n Exit 99\n}\n\n# SET UP SESSION ON REMOTE COMPUTER\n$Sess = New-PSSession -ComputerName $Computer\nEnter-pssession $Sess\n\n# RUN THE COMMAND TO GENERATE THE WINDOWS UPDATE LOGS ON THE REMOTE COMPUTER\nInvoke-Command -Session $Sess -ScriptBlock {Get-WindowsUpdateLog}\n\n# EXIT PSSESSION \nExit-PSSession\n\n# SET UP A TARGET DIR TO STORE FILES\n$strTargetDir = \"$WorkDir\\$Computer\"\n[array]$arrWULogs = Get-ChildItem \"\\\\$Computer\\c$\\WINDOWS\\logs\\WindowsUpdate\\WindowsUpdate*etl\"\nForEach ($log in $arrWULogs)\n{\n $FileDate = $log.LastWriteTime.date\n $strFileDate = $FileDate.ToString(\"MMddyyyy\")\n $strNewDir = \"$strTargetDir\\$strFileDate\"\n If (Test-Path $strNewDir)\n {\n Copy-Item $log $strNewDir\n }\n Else\n {\n New-Item -ItemType Directory $strNewDir\n Copy-Item $log $strNewDir \n }\n}\n\n# GET ALL OF THE DATE DIRECTORIES CREATED\n[array]$arrDateDirs = Get-ChildItem -Directory $strTargetDir\n\n# GO THROUGH EACH DIRECTORY AND GENERATE THE WINDOWSUPDATE.LOG\nForEach ($DateDir in $arrDateDirs)\n{\n $strFullName = $DateDir.FullName\n [array]$arrETLs = Get-ChildItem \"$strFullName\\WindowsUpdate*.etl\"\n [int]$ETLCount = $arrETLs.Count\n # SINCE TRACEFMT.EXE CAN ONLY HANDLE 15 FILES AT A TIME, BREAK LIST UP INTO GROUPS OF 15\n # ROUNDING UP TO NEXT WHOLE NUMBER (16 WOULD BE 2 GROUPS, 46 WOULD BE 4 GROUPS, ETC.)\n [single]$NumGroups = [math]::Ceiling($ETLCount/15)\n # INITIALIZE COUNTERS\n [int]$intGrpCtr = 1\n [int]$intETLCtr = 0\n # PROCESS THE GROUPS OF 15 ETL FILES NOW\n While ($intGrpCtr -le $NumGroups)\n {\n New-Variable -Name \"tmpVar$intGrpCtr\"\n $tmpVar = Get-Variable -name \"tmpVar$intGrpCtr\"\n # TAKE EACH GROUP OF 15 THROUGH TRACEFMT NOW\n While (($intETLCtr -lt (15 * $intGrpCtr)) -and ($intETLCtr -lt $ETLCount))\n { \n $curETL = ($arrETLs[$intETLCtr]).Name\n $tmpVar.Value += \"$CurETL \"\n $intETLCtr++\n }\n # DO THE TRACEFMT COMMAND NOW WITH TMPVAR HOLDING THE 15 ETLS IN THE LIST\n Set-Location $DateDir.FullName\n [string]$strLogList = $tmpvar.Value\n # CREATE SCRIPTBLOCK TO EXECUTE THE COMMAND\n $sbTrace = $ExecutionContext.InvokeCommand.NewScriptBlock(\"$TraceFMTPath\\TraceFmt.exe -o .\\windowsupate$intGrpCtr.log $strLogList -r $SymbolPath\")\n Invoke-Command -ScriptBlock $sbTrace\n # CLEAR ALL USED VARIABLES HERE SO THEY DON'T CAUSE ISSUES NEXT TIME THROUGH THE LOOP\n Remove-Variable -name \"tmpVar$intGrpCtr\"\n $intGrpCtr++\n $tmpVar = $null\n }\n}\n\n\n\n\nAnd, almost like clockwork, we released an announcement that the process will be changing in version 1709 of Windows 10. Until then, keep the script in mind if you have a need to check out the WindowsUpdate.log on machines.
\n
\n
\n
\n
Remember the good old days, when there was a simple text file that you could look at to see what was going on with your Windows Update processes? Yep...the good old days...life was so simple. Starting with Windows 10 and Windows Server 2016 the process has changed considerably. If you view the WindowsUpdate.log file that is located in the C:\\Windows directory, you are greeted with the following text:
\n
\n
\n
Windows Update logs are now generated using ETW (Event Tracing for Windows).\nPlease run the Get-WindowsUpdateLog PowerShell command to convert ETW traces into a readable WindowsUpdate.log.\n\nFor more information, please visit http://go.microsoft.com/fwlink/?LinkId=518345
\nThe link specified above describes the reasoning for modifying this process and the general guidelines for generating and viewing the WindowsUpdate.log file. While I'm in favor of better performance and using less disk space, this new process takes some getting used to. To quote the ever-wise REO Speedwagon, \"you got to roll with the changes\". And roll we will. The reason that I am creating this particular blog post is that I recently had to analyze the WindowsUpdate.log files from multiple machines, which was a challenge when you consider the amount of work that needs to be done to get the correct Symbols in place and the burden of running the command locally on each machine. I didn't do that too many times before the PowerShell light bulb lit up in my head to automate the process of gathering the logs from remote machines. In my case, it was much easier to generate them from the remote machine and copy the files locally where I have everything installed that I need to work with the WindowsUpdate.log files.
\n
\n
\n
Prerequisites
\nAs noted in the top portion of the script, there are a few prerequisites that need to be in place on the machine that is running the script:\n
\n- TraceFMT.exe installed locally, which can be downloaded from the following sites:
\n
\n
WDK Download site: https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit
\n
SDK Download Site: https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk
\n
In my experience, TraceFMT.exe has worked more reliably to convert the files than the native Get-WindowsUpdateLog cmdlet.
\n
\n
\n- Windows Symbols either locally stored on the computer or on a network file share. Symbols are Windows Version specific, so make sure that you have the correct version downloaded for the Operating System version to match the system you are pulling the Windows Update logs from. Symbols can be downloaded from:
\n
\n
Symbols Download Site: https://developer.microsoft.com/en-us/windows/hardware/download-symbols
\n
\n
\n- Create a folder to serve as the base, top-level folder for the collection of the logs. The script will create a sub-folder with the name of the remote machine to hold all of the collected files.
\n
\n
General Script Flow
\n
\n- Connects remotely to a remote machine and executes the Get-WindowsUpdateLog cmdLet against it.
\n- Copies the resulting WindowsUpdate.*.etl files to your \"Work Directory\", which is just a local folder or file share location to use as a base directory.
\n- Organizes the ETL files into individual folders by date.
\n- Breaks the list of ETL files from each directory into groups of 15.
\n- TraceFMT.exe generates the WindowsUpdate.log file.
\n- Generates a separate WindowsUpdateX.log for each group of 15 ETL files until all ETL files are processed.
\n
\n
Expected Output
\nAfter the script has completed, there will be a folder for the machine, with sub-folders for each date. The date folders will have all of the ETL files for that date. When there are more than 15 files, the first 15 files are processed into WindowsUpdate1.log, the second group of 15 into WindowsUpdate2.log, etc.
\n
\n
\n
Script Syntax
\n
WindowsUpdateLogs.ps1 -Computer \"PCNameHere\" -WorkDir \"C:\\Work\" <-SymbolPath \"X:\\SymbolPathHere\"> <-TraceFMTPath X:\\TraceFMTEXEPathHere>\n
\n
Script & Download
\nThe script can be downloaded at the bottom of this post.
NOTE: If you copy the text below, the ScriptBlock line on line #135 may be incomplete due to the text wrap on that line. Use the download link above instead or make sure that line is corrected before running the script for the first time.\n
###############################################################################################\n# \n# The sample scripts are not supported under any Microsoft standard support \n# program or service. The sample scripts are provided AS IS without warranty \n# of any kind. Microsoft further disclaims all implied warranties including, without \n# limitation, any implied warranties of merchantability or of fitness for a particular \n# purpose. The entire risk arising out of the use or performance of the sample scripts \n# and documentation remains with you. In no event shall Microsoft, its authors, or \n# anyone else involved in the creation, production, or delivery of the scripts be liable \n# for any damages whatsoever (including, without limitation, damages for loss of business \n# profits, business interruption, loss of business information, or other pecuniary loss) \n# arising out of the use of or inability to use the sample scripts or documentation, \n# even if Microsoft has been advised of the possibility of such damages\n#\n###############################################################################################\n#\n# THIS SCRIPT WILL ALLOW A CENTRALIZED ADMIN WORKSTATION TO REMOTELY GENERATE \n# WINDOWSUPDATE.LOG ETL FILES AND WILL COPY THEM TO A LOCAL LOCATION FOR ANALYSIS.\n# IT PLACES THE ETL FILES IN SUBDIRECTORIES ORGANIZED BY DATE AND UTILIZES TRACEFMT.EXE\n# TO GENERATE THE FINAL WINDOWSUPDATE.LOG FILE. \n#\n# PREREQUISITES:\n# ============================================================================================\n# 1. TRACEFMT.EXE (PART OF THE WINDOWS WDK AND SDK)\n# WDK Download site: https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit\n# DK Download Site: https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk\n# 2. WINDOWS SYMBOLS\n# SYMBOLS (FOR EACH SPECIFIC OS BEING ANALYZED)\n# SYMBOLS DOWNLOAD: https://developer.microsoft.com/en-us/windows/hardware/download-symbols\n#\n# 3. CREATE A FOLDER TO BE USED AS A BASE FOR STORAGE OF ALL FILES PULLED FROM REMOTE MACHINES\n#\n#\n# SYNTAX/USAGE:\n# ============================================================================================\n# WindowsUpdateLogs.ps1 -Computer \"SomePC1\" -WorkDir \"C:\\Work\" <-SymbolPath \"X:\\SymbolPathHere\"> \n# <-TraceFMTPath X:\\TraceFMTEXEPathHere>\n\nParam (\n[Parameter(Mandatory=$true)][string]$Computer,\n[Parameter(Mandatory=$true)][string]$WorkDir,\n[string]$SymbolPath = \"C:\\Symbols\",\n[string]$TraceFMTPath = \"C:\\Program Files (x86)\\Windows Kits\\10\\bin\\x86\"\n)\n\n# VERIFY THAT THE $WorkDir PATH SPECIFIED EXISTS\nIf (!(Test-Path $WorkDir))\n{\n Write-Output \"$WorkDir path not found, exiting script\"\n Exit 99\n}\n\n# VERIFY THAT THE PATH SPECIFIED CONTAINS THE TRACEFMT.EXE TOOL SINCE IT IS REQUIRED\nIf (!(Test-Path $TraceFMTPath\\TraceFmt.exe))\n{\n Write-Output \"TraceFmt.exe not found at $TraceFMTPath, exiting script\"\n Write-Output \"TraceFmt.exe is part of the Windows Driver Kit and Software Development Kit\"\n Write-Output \"WDK Download: https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit\" \n Write-Output \"SDK Download: https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk\"\n Exit 99\n}\n\n# VERIFY LOCATION OF SYMBOLS DIRECTORY (REQUIRED)\nIf (!(Test-Path $SymbolPath))\n{\n Write-Output \"Symbols not found at $SymbolPath, exiting script\"\n Write-Output \"If you need to download symbols, they are available at:\"\n Write-Output \"https://developer.microsoft.com/en-us/windows/hardware/download-symbols\"\n Write-Output \"=========================================================================================\"\n Write-Output \"NOTE: Symbols must match the OS version that you are pulling the Windows Update logs from\"\n Write-Output \"=========================================================================================\"\n Exit 99\n}\n\n# SET UP SESSION ON REMOTE COMPUTER\n$Sess = New-PSSession -ComputerName $Computer\nEnter-pssession $Sess\n\n# RUN THE COMMAND TO GENERATE THE WINDOWS UPDATE LOGS ON THE REMOTE COMPUTER\nInvoke-Command -Session $Sess -ScriptBlock {Get-WindowsUpdateLog}\n\n# EXIT PSSESSION \nExit-PSSession\n\n# SET UP A TARGET DIR TO STORE FILES\n$strTargetDir = \"$WorkDir\\$Computer\"\n[array]$arrWULogs = Get-ChildItem \"\\\\$Computer\\c$\\WINDOWS\\logs\\WindowsUpdate\\WindowsUpdate*etl\"\nForEach ($log in $arrWULogs)\n{\n $FileDate = $log.LastWriteTime.date\n $strFileDate = $FileDate.ToString(\"MMddyyyy\")\n $strNewDir = \"$strTargetDir\\$strFileDate\"\n If (Test-Path $strNewDir)\n {\n Copy-Item $log $strNewDir\n }\n Else\n {\n New-Item -ItemType Directory $strNewDir\n Copy-Item $log $strNewDir \n }\n}\n\n# GET ALL OF THE DATE DIRECTORIES CREATED\n[array]$arrDateDirs = Get-ChildItem -Directory $strTargetDir\n\n# GO THROUGH EACH DIRECTORY AND GENERATE THE WINDOWSUPDATE.LOG\nForEach ($DateDir in $arrDateDirs)\n{\n $strFullName = $DateDir.FullName\n [array]$arrETLs = Get-ChildItem \"$strFullName\\WindowsUpdate*.etl\"\n [int]$ETLCount = $arrETLs.Count\n # SINCE TRACEFMT.EXE CAN ONLY HANDLE 15 FILES AT A TIME, BREAK LIST UP INTO GROUPS OF 15\n # ROUNDING UP TO NEXT WHOLE NUMBER (16 WOULD BE 2 GROUPS, 46 WOULD BE 4 GROUPS, ETC.)\n [single]$NumGroups = [math]::Ceiling($ETLCount/15)\n # INITIALIZE COUNTERS\n [int]$intGrpCtr = 1\n [int]$intETLCtr = 0\n # PROCESS THE GROUPS OF 15 ETL FILES NOW\n While ($intGrpCtr -le $NumGroups)\n {\n New-Variable -Name \"tmpVar$intGrpCtr\"\n $tmpVar = Get-Variable -name \"tmpVar$intGrpCtr\"\n # TAKE EACH GROUP OF 15 THROUGH TRACEFMT NOW\n While (($intETLCtr -lt (15 * $intGrpCtr)) -and ($intETLCtr -lt $ETLCount))\n { \n $curETL = ($arrETLs[$intETLCtr]).Name\n $tmpVar.Value += \"$CurETL \"\n $intETLCtr++\n }\n # DO THE TRACEFMT COMMAND NOW WITH TMPVAR HOLDING THE 15 ETLS IN THE LIST\n Set-Location $DateDir.FullName\n [string]$strLogList = $tmpvar.Value\n # CREATE SCRIPTBLOCK TO EXECUTE THE COMMAND\n $sbTrace = $ExecutionContext.InvokeCommand.NewScriptBlock(\"$TraceFMTPath\\TraceFmt.exe -o .\\windowsupate$intGrpCtr.log $strLogList -r $SymbolPath\")\n Invoke-Command -ScriptBlock $sbTrace\n # CLEAR ALL USED VARIABLES HERE SO THEY DON'T CAUSE ISSUES NEXT TIME THROUGH THE LOOP\n Remove-Variable -name \"tmpVar$intGrpCtr\"\n $intGrpCtr++\n $tmpVar = $null\n }\n}\n\n\n\n
This just in...
\nAnd, almost like clockwork, we released an announcement that the process will be changing in version 1709 of Windows 10. Until then, keep the script in mind if you have a need to check out the WindowsUpdate.log on machines.
\n
\n
\n
Given that the Symbols download site has been axed, the only other method of acquiring those symbols is to download them from the ADK's symchk.exe tool. If you Google it, you'll come across a stack overflow article telling you to get the install.wim from an ISO of the version of Windows you want to run your script against, mount it, and target that, but I've found an easier way as long as the remote computer you're gathering logs for is running.
I am new to Windows 10 (I am currently running 7). I have successfully run get-windowsupdatelog in a Power Shell in 10. Is there a way to run it outside of Power Shell? Or can I invoke Power Shell from a script? I would like to have something that I can run from the cmd prompt to get the WU log. Thanks.
","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"223","kudosSumWeight":0,"repliesCount":0,"postTime":"2020-04-22T08:52:04.287-07:00","lastPublishTime":"2020-04-22T08:52:04.287-07:00","metrics":{"__typename":"MessageMetrics","views":16367},"visibilityScope":"PUBLIC","placeholder":false,"originalMessageForPlaceholder":null,"entityType":"BLOG_REPLY","eventPath":"category:cis/category:microsoft-security/category:products-services/category:communities/community:gxcuf89792board:CoreInfrastructureandSecurityBlog/message:1023347/message:1329278","replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"User:user:610747":{"__typename":"User","id":"user:610747","uid":610747,"login":"kumarshai88","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2020-04-06T02:41:40.662-07:00"},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/m_assets/avatars/default/avatar-1.svg?time=0"},"rank":{"__ref":"Rank:rank:37"},"entityType":"USER","eventPath":"community:gxcuf89792/user:610747"},"ModerationData:moderation_data:1284282":{"__typename":"ModerationData","id":"moderation_data:1284282","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"BlogReplyMessage:message:1284282":{"__typename":"BlogReplyMessage","author":{"__ref":"User:user:610747"},"id":"message:1284282","revisionNum":1,"uid":1284282,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Blog:board:CoreInfrastructureandSecurityBlog"},"parent":{"__ref":"BlogTopicMessage:message:1023347"},"conversation":{"__ref":"Conversation:conversation:1023347"},"subject":"Re: Get-WindowsUpdateLog...If it were only that easy....","moderationData":{"__ref":"ModerationData:moderation_data:1284282"},"body":"can i have script download link.
","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"34","kudosSumWeight":0,"repliesCount":0,"postTime":"2020-04-06T03:04:12.939-07:00","lastPublishTime":"2020-04-06T03:04:12.939-07:00","metrics":{"__typename":"MessageMetrics","views":16761},"visibilityScope":"PUBLIC","placeholder":false,"originalMessageForPlaceholder":null,"entityType":"BLOG_REPLY","eventPath":"category:cis/category:microsoft-security/category:products-services/category:communities/community:gxcuf89792board:CoreInfrastructureandSecurityBlog/message:1023347/message:1284282","replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"CachedAsset:text:en_US-components/community/Navbar-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1745505307000","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","gxcuf89792":"Tech Community","external-1":"Events","s-m-b":"Nonprofit Community","windows-server":"Windows Server","education-sector":"Education Sector","driving-adoption":"Driving Adoption","Common-content_management-link":"Content Management","microsoft-learn":"Microsoft Learn","s-q-l-server":"Content Management","partner-community":"Microsoft Partner Community","microsoft365":"Microsoft 365","external-9":".NET","external-8":"Teams","external-7":"Github","products-services":"Products","external-6":"Power Platform","communities-1":"Topics","external-5":"Microsoft Security","planner":"Outlook","external-4":"Microsoft 365","external-3":"Dynamics 365","azure":"Azure","healthcare-and-life-sciences":"Healthcare and Life Sciences","external-2":"Azure","microsoft-mechanics":"Microsoft Mechanics","microsoft-learn-1":"Community","external-10":"Learning Room Directory","microsoft-learn-blog":"Blog","windows":"Windows","i-t-ops-talk":"ITOps Talk","external-link-1":"View All","microsoft-securityand-compliance":"Microsoft Security","public-sector":"Public Sector","community-info-center":"Lounge","external-link-2":"View All","microsoft-teams":"Microsoft Teams","external":"Blogs","microsoft-endpoint-manager":"Microsoft Intune","startupsat-microsoft":"Startups at Microsoft","exchange":"Exchange","a-i":"AI and Machine Learning","io-t":"Internet of Things (IoT)","Common-microsoft365-copilot-link":"Microsoft 365 Copilot","outlook":"Microsoft 365 Copilot","external-link":"Community Hubs","communities":"Products"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1745505307000","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1745505307000","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1745505307000","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1745505307000","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1745505307000","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageCoverImage-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageCoverImage-1745505307000","value":{"coverImageTitle":"Cover Image"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeTitle-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeTitle-1745505307000","value":{"nodeTitle":"{nodeTitle, select, community {Community} other {{nodeTitle}}} "},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTimeToRead-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTimeToRead-1745505307000","value":{"minReadText":"{min} MIN READ"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1745505307000","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1745505307000","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserRank-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserRank-1745505307000","value":{"rankName":"{rankName}","userRank":"Author rank {rankName}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1745505307000","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1745505307000","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageCustomFields-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageCustomFields-1745505307000","value":{"CustomField.default.label":"Value of {name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRevision-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRevision-1745505307000","value":{"lastUpdatedDatePublished":"{publishCount, plural, one{Published} other{Updated}} {date}","lastUpdatedDateDraft":"Created {date}","version":"Version {major}.{minor}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1745505307000","value":{"title":"Query Handler"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageReplyButton-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageReplyButton-1745505307000","value":{"repliesCount":"{count}","title":"Reply","title@board:BLOG@message:root":"Comment","title@board:TKB@message:root":"Comment","title@board:IDEA@message:root":"Comment","title@board:OCCASION@message:root":"Comment"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageAuthorBio-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageAuthorBio-1745505307000","value":{"sendMessage":"Send Message","actionMessage":"Follow this blog board to get notified when there's new activity","coAuthor":"CO-PUBLISHER","contributor":"CONTRIBUTOR","userProfile":"View Profile","iconlink":"Go to {name} {type}"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1745505307000","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1745505307000","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/ranks/UserRankLabel-1745505307000","value":{"altTitle":"Icon for {rankName} rank"},"localOverride":false},"CachedAsset:text:en_US-components/attachments/AttachmentView/AttachmentViewChip-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/attachments/AttachmentView/AttachmentViewChip-1745505307000","value":{"errorTitle":"Failed!","previewFile":"Preview File","downloadFile":"Download File {name}","removeFile":"Remove File {name}","errorBadExtension":"This file does not have a valid extension. \"{extensions}\" are the valid extensions.","errorFileEmpty":"This file is empty or does not exist.","errorTooLarge":"
Microsoft
