Windows NRPE

Check Windows Updates using Powershell

Write a Review

Description:

Powershell script to check windows updates using NRPE/NSClient++

Checks:

– how many critical and optional updates are available
– whether the system is waiting for reboot after installed updates

Current Version

1.45

Last Release Date

2016-08-05

Compatible With

Owner

Christian Kaufmann

Website

https://www.tupel7.de/monitoring/

License

GPL

Copy Page Link Recommend Login to Add to Favorites
Project Files
FileDescription
check_windows_updates.ps1
Project Notes
Features: - properly handles NRPE's 1024b limitation in return packet - hidden updates return OK state - Performance data in return packet shows titles of available critical updates - caches updates in file to reduce network traffic, also dramatically increases script execution speed Return Values for NRPE: - No updates available - OK (0) - Hidden Updates only - OK (0) - Updates already installed, reboot required - WARNING (1) - Optional updates available - WARNING (1) - Critial updates available - CRITICAL (2) - Script errors - UNKNOWN (3) Installation Guide for NSClient++: - copy check_windows_updates.ps1 to NSCLient++scripts - open up a Powershell as an admin and set the execution policy: Set-ExecutionPolicy remotesigned - edit NSC.ini, add row (without quotation marks): "check_updates=cmd /c echo scriptscheck_windows_updates.ps1; exit $LastExitCode | powershell.exe -command -" - restart service NSClient++ - done Now you can easily check for windows updates using nagios nrpe-check: define service { service_description WIN-UPDATES use generic-service check_command check_nrpe_wu!check_updates hostgroup_name multiple-windows-servers host_name single-windows-server } It could possibly happen that the script is unable to finish within the default plugin timeout of 10 seconds. To avoid this I recommend setting an extended timeout in the command definition: define command { command_name check_nrpe_wu command_line /usr/lib64/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -t 60 -p 5666 -c $ARG1$ } IMPORTANT: Please make absolutely sure that your Powershell ExecutionPolicy is set to Remotesigned. Also note that there are two versions of powershell on a 64bit OS! Depending on the architecture of your NSClient++ version you have to choose the right one: - 64bit NSClient++ (installed under C:Program Files ): %SystemRoot%SysWOW64WindowsPowerShellv1.0powershell.exe "Set-ExecutionPolicy RemoteSigned" - 32bit NSClient++ (installed under C:Program Files (x86) ): SystemRoot%syswow64WindowsPowerShellv1.0powershell.exe "Set-ExecutionPolicy RemoteSigned"
Reviews (19) Add a Review
Differenz between Win Updates and script return
by Sylvie, March 31, 2020

I have the problem, that the script tell me there is 1 optional update. When I check Windows Updates there ar no updates needed. This error is on different OS from Win Srv 2012, 2016 and 2019. Some servers show it right, some wrong. An other problem is, that sometimes it takes 24h until the status is shown that all is ok. It is not a nagios problem, the wrong status is also when I run teh script local. Has anybody an idea?


Modified Powershell Script to Performance Data
by zamorag, September 30, 2019

I've had a few problems to monitorized this event with nagios and grafana because script didn't show well performance data, just critical output. So I changed some lines into powershell script: Lines 148 to 154 "if ($returnString.length -gt 976) { $estado=$countCritical+$countOptional+$countHidden Write-Host ($returnString.SubString(0,975) + "|critical=$countCritical optional=$countOptional hidden=$countHidden state=$estado") } else { $estado=$countCritical+$countOptional+$countHidden Write-Host ($returnString + "|critical=$countCritical optional=$countOptional hidden=$countHidden state=$estado ") } Now it works perfect! Thanks and regards


Works well
by bhil923, August 31, 2017

I've tried a few different windows update checkers and constantly had issues with timeouts and such. I set this up and worked right away, and was fairly quick. I made one small mod (im not a programer at all). Changed: $returnStateOptionalUpdates = $returnStateOK $returnStateWarning To: $returnStateOptionalUpdates = $returnStateOK I don't care to be warned for the Optional updates so this works for me. Cyber_Saiyan, If you are still having issues running it, you do need to do modifications to your server running Nagios. You simply need to add the service to the config file (mine is in what i think was a default file windows.cfg, but you can add it to which one you'd like) The line is listed in the authors notes above. You also need the command for NRPE in the commands.cfg file as well (listed in the authors notes as well).


Cannot install
by Cyber_Saiyan, April 30, 2017

Can anyone help get this running? I have followed the instructions and updated the INI file on the windows server, recycled the service and placed the script in the SCRIPTS folder on the windows machine. What am I missing from here? It seems that I need to add something to my Ubuntu server but I am lost.


Good software - strange error?
by t.brandt, September 30, 2016

Hi together, I searched many days until I found this great script. It works, of course. But after I updated the Win2008R2 Server, the status is already warning. It shows, that 1 optional update ist outstanding. I rebooted the server and lokked again after updates. Nothing therer. How can this be? :( Any idea? Thanks in advance, Timo


Made it a Check_MK Plugin
by ypid, September 30, 2016

Check_MK ships a [VBS plugin](https://github.com/ypid-bot/check_mk/blob/master/agents/windows/plugins/windows_updates.vbs) which was quite tricky to setup and was not reliable for me so I adopted this PowerShell script to make it a drop-in replacement for [windows_updates.vbs](https://github.com/ypid-bot/check_mk/blob/master/agents/windows/plugins/windows_updates.vbs). https://github.com/ypid-bot/check_mk/pull/7 https://github.com/ypid/check_mk/blob/feature/windows_updates.ps1/agents/windows/plugins/windows_updates.ps1


Can this work with winrpe?
by FractalSystems, December 31, 2015

I had a similar issue running cmd /c echo on a .wsf when the example showed using Nsclient, but I was able to get it to work. I'm not so lucky with this powershell one. Anyone know how to define the command in nrpe.cfg using winrpe? I've tried many variations. From the local machine, I can get an output like: "Updates: 0 critical, 1 optional" but getting Unable to read plugin output from the Nagios side. :( Any help is appreciated.


Unknown Command
by petr0s, October 31, 2015

Hi all, i need some help. The NSclient version is 0.4.3.143 and im getting Unknown command. Can anyone help me to overcome this issue please? Best regards, Peter


Some additions to the script
by shades4321, October 31, 2015

The script does a good job, I'm not quite sure if this is the latest version of the script, but I noted a minor bug and some improvements that could be added. 1. Bug: $critialTitles = ""; should read: $criticalTitles = ""; The script works anyway despite the error. 2. Putting newlines into update string: $criticalTitles += $update.Title + " " Changed to: $criticalTitles += $update.Title + " `n" 3. These 3 lines are used twice in if statements and ideally would be in a function, just for neatness and brevity. $updateSession = new-object -com "Microsoft.Update.Session" $updates=$updateSession.CreateupdateSearcher().Search(("IsInstalled=0 and Type='Software'")).Updates Export-Clixml -InputObject $updates -Encoding UTF8 -Path $updateCacheFile Otherwise script works quite nicely.


Office Updates?
by didi, September 30, 2015

Check approves only for Windows Updates. It's possible to check also for Office, SQL, Exchange, Sharepoint ... Updates?


A tweak to handle "important"?
by Soccan, July 31, 2015

This is really a great and smooth running script, only adjusted the $returnStateOptionalUpdates parameter and then deployed it by Puppet to our windows boxes. A thought thou, obviously Microsoft decided to list updates according to "Important" and "Optional", maybe one should let this script class updates in the same manor. I for example had a machine reporting 15 critical ant 18 optional by the script, in the Windows update GUI all 33 were listed as Important... I guess there is a XML attribute there somewhere telling what is important and not, trying to look into that myself for the moment...


Really useful
by Spik31, October 31, 2014

Plugin works well using NRPE, make sure you have your command definitions set correctly! My NRPE check wouldn't like the arguments and power-shell takes a little while to resolve so make sure you set your time-out to 30 seconds!


Very Nice script!
by Blue17, October 31, 2014

For those who have NSClient 0.4.1 + 1) Place check_windows_updates.ps1 in NSclient "scripts" folder Copy these lines in nsclient.ini : [/settings/external scripts/scripts] check_updates = cmd /c echo scriptscheck_windows_updates.ps1; exit($LastExitCode) | powershell.exe -command - 2) In nagios put your command line like this : command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c check_updates Hope this could help someone.


Very Good Plugin but it doesn't work by console
by clarkseth, February 28, 2014

I've try this nagios plugin by local prompt, and it works fine, but if i implement it by nrpe.cfg it doesn't work: I have this error: '-' was specified with the -Command parameter: no other arguments to -Command are permitted. Exit 0 I Don't understand why, it's declared correctly command[check_win_upd]=cmd /c echo C:nrpelibexeccheck_windows_updates.ps1 "$ARG1$"; exit $LastExitCode | powershell.exe -command - It's very strange


help
by lukecolb, December 31, 2013

I run this on my serer from powershell and it seems to run fine but when run ./check_nrpe -H sos-srv-dev -c check_updates! from my nagios server i get no output back


NRPE install instructions
by egalstad, January 31, 2012

What are those instructions?


Question...
by jbwaclawski, December 31, 2011

I don't quite have this working yet; I'm running into a bit of a snare. This may sound like a silly question, but I'm new to all of this so I'll ask. I have NSClient++ installed on the server I'm testing this on and everything else I've thrown at it works. I don't have NRPE installed though because I'm trying to avoid that if possible because I don't want to have to A) Run around installing it on every server if I don't have to, B) Punch anymore holes in my firewall. I read that this works with NSClient++/NRPE, and I followed all the steps, but it's not really working. I get this error when I try to use it in Icinga: ## Error: Service check command 'check_nrpe' not defined anywhere! Ideas?


Thanks!
by carekapt, October 31, 2011

Just created an account to thank you for this fine script! The other review solved the original text bugs in the description, after that all worked fine!


Extra Windows Install steps
by corcoran, October 31, 2011

You need Powershell 2.0 for Windows 2003 server else 'start-process' fails in execution. Once Powershell is installed, you also need to right-click the .ps1 file, click properties, and unblock it. 24/10 - error in command path in install instructions! should read: "check_updates=cmd /c echo scriptscheck_windows_updates.ps1; exit $LastExitCode | powershell.exe -command -" ... Oh, review: Does exactly what it says on the tin! I changed the script to return OK for Optional Updates - just change 'warn' to 'ok' on line 110 -- you might want to do this before unblocking it to avoid permission issues afterwards!


Add a Review

You must be logged in to submit a review.

Thank you for your review!

Your review has been submitted and is pending approval.

Recommend

To:


From:


Thank you for your recommendation!

Your recommendation has been sent.

Page Sections
Project Overview Project Files Project Notes Reviews
Project Stats
Rating
4.3 (33)
Favorites
7
Views
284,685