**Check Out OneTrace log viewer in SCCM 1905 TP which replaces this solution**

1The WindowsUpdate.log is no longer populated by live data on Windows 10/Server 2016 endpoints.  To understand why go here.  What my process does is takes Joel Viery’s .etl decode script and converts the .etl’s into logs on the local client.  By installing the symbols and TraceFMT on the runbook servers you no longer have to install these locally.

Here is the automation in action-

End User goes to SCSM’s front end portal and inputs the Computer they want the WindowsUpdate.log information


Orchestrator pulls information from SCSM Front End


Orchestrator takes the computer input and pulls the active directory computer object


Map Publish data to change full OS name into friendly windows version names, this will simplify directory naming structure


Here is where things got interesting with PowerShell, usually I use automys best practice template, but was unable to convert this script.  So I simply created a folder on the runbook server(S) and dropped the script there.  The Orchestrator activity is just a “Run Program” command and passed the parameters through the command from the published data.Screenshot_5

Next I create a folder where I want to move these logs too, for this runbook I will be moving them to the target computer under “C:\Windows\WindowsConvertedLogs”


Finally I send an email to the user who initially completed the form with links to where the logs exist on the client



Pretty straight forward once you understand how Joel Viery’s script works.  Below is the prerequisites to get those going and ill upload a “starter” runbook to my onedrive.

Runbook Server(s) prerequisites-

Folder structure:


Make sure to install the symbols into the symbol directories, this is a dependency for the map published data step*


Install the symbols for each Windows 10 version in your environment from here

Copy TraceFMT.exe to folder TraceFMTPatch

Copy and modify WindowsUpdateLogs.ps1 to Scripts folder

Next Steps-

Create your SCSM offering or use any ITIL integrated system for the front end.  Windows and Server 1709 removed the need for TraceFMT.exe and Symbols for decoding, which you can still incorporate into this process, just simply convert using the native “Get-WindowsUpdateLog” on the remote computer and output to the same folder structure you have created here.