The WindowsUpdate.log is no longer populated by live data on Windows 10/Server 2016 endpoints. To understand why go here. What my process does is takes Joel Viery’s .etl decode script and converts the .etl’s into logs on the local client. By installing the symbols and TraceFMT on the runbook servers you no longer have to install these locally.
Here is the automation in action-
End User goes to SCSM’s front end portal and inputs the Computer they want the WindowsUpdate.log information
Orchestrator pulls information from SCSM Front End
Orchestrator takes the computer input and pulls the active directory computer object
Map Publish data to change full OS name into friendly windows version names, this will simplify directory naming structure
Here is where things got interesting with PowerShell, usually I use automys best practice template, but was unable to convert this script. So I simply created a folder on the runbook server(S) and dropped the script there. The Orchestrator activity is just a “Run Program” command and passed the parameters through the command from the published data.
Next I create a folder where I want to move these logs too, for this runbook I will be moving them to the target computer under “C:\Windows\WindowsConvertedLogs”
Finally I send an email to the user who initially completed the form with links to where the logs exist on the client
Runbook Server(s) prerequisites-
Make sure to install the symbols into the symbol directories, this is a dependency for the map published data step*
Install the symbols for each Windows 10 version in your environment from here
Copy TraceFMT.exe to folder TraceFMTPatch
Copy and modify WindowsUpdateLogs.ps1 to Scripts folder
Create your SCSM offering or use any ITIL integrated system for the front end. Windows and Server 1709 removed the need for TraceFMT.exe and Symbols for decoding, which you can still incorporate into this process, just simply convert using the native “Get-WindowsUpdateLog” on the remote computer and output to the same folder structure you have created here.