Checking the status of Windows update with Osquery

osquery> SELECT autoupdate FROM windows_security_center;+------------+
| autoupdate |
+------------+
| Good |
+------------+
osquery> SELECT CASE WHEN autoupdate = 'Good' THEN TRUE ELSE FALSE END AS autoupdate FROM windows_security_center;+------------+
| autoupdate |
+------------+
| 1 |
+------------+
osquery> SELECT * FROM windows_security_products;

Windows Group Policy Object check

SELECT
COUNT(*) AS passed
FROM
registry
WHERE
key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU'
AND name = 'NoAutoUpdate'
AND data = '0';
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

Its all over!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store