February 26th, 2013

Use PowerShell to Show Update Messages from a Specific App

Doctor Scripto
Scripter

Summary: Microsoft Scripting Guy, Ed Wilson, shows how to use Windows PowerShell to display Windows Update messages from specific apps in Windows 8.

Hey, Scripting Guy! Question Hey, Scripting Guy! I need to find out how often I am getting Windows Update messages for various apps in Windows 8. It seems like I am having to update things quite often, but I want to make sure. Can you help me?

—JS

Hey, Scripting Guy! Answer Hello JS,

Microsoft Scripting Guy, Ed Wilson, is here. My Scripting Neighbor who works nights is out washing his motor vehicle right now. I know, because the window in my home office looks out over my front yard and into his driveway. The window shades, which I generally keep closed, are open as I continue to watch for my alleged new laptop to arrive. It is actually somewhat cool; it makes me feel connected to the world to see other humans from time to time. I am now wondering if I were to drive the Scripting Wife’s motor vehicle over to the Scripting Neighbor’s driveway if he would notice. Hmm, he might just go ahead and wash it. After the big Charlotte snow storm of 2013, the Scripting Wife’s vehicle could stand a bit of attention.

Anyway, so far my day is going great. I am drinking a nice Darjeeling tea with a half spoon of peppermint herb, lemon grass, and a crushed Cinnamon stick. The flavor is perfect for my Scottish shortbread biscuits (I am out of Anzac biscuits—have been for a while now). I am listening to my cool music channel via a really cool Pandora app I found for my Windows 8 laptop. Yes life is good…would be great if my new laptop would show up. (OK, I will quit whining and get back to work.)

Yes, JS. Using Windows PowerShell it is really easy to find Windows 8 app updates.

First, find the particular app

The first thing I need to do is to use Windows PowerShell to find entries that mention the particular app. This is really easy because each software package appears in the Message property of the event log entry.

Note   This is a continuation of the Use PowerShell to Find Windows 8 Modern App Updates log I wrote yesterday. You should read that blog first.

The event log entry for an Event 17 from the WindowsUpdateClient is shown in the image that follows.

Image of menu

To make sure of exactly where I can find the mention of a specific event log entry, I select a single event log entry and pipe it to the Format-List cmdlet as shown here.

Get-EventLog -LogName system -InstanceId 17 -source *update* -Newest 1 | fl *

The command and the associated output are shown in the image that follows.

Image of command output

OK, it looks good, but I still need to make sure. This is because sometimes cmdlets rename the display name from the actual property name—not too often, but it does happen. This is true of this particular cmdlet (the property Time does not actually exist. The property names are TimeWritten and TimeGenerated. To make sure I know what I am working with, I pipe the results to the Get-Member cmdlet (gm is an alias), and I select the Message property. This is shown here.

PS C:\> Get-EventLog -LogName system -InstanceId 17 -source *update* -Newest 1 | gm –

Name message

 

   TypeName:

System.Diagnostics.EventLogEntry#system/Microsoft-Windows-WindowsUpdateClient/17

 

Name    MemberType Definition

—-    ———- ———-

Message Property   string Message {get;}

This tells me that there is no special formatting for the Message property. It is a plain old everyday string. This means I can use the –match parameter with the Where-Object cmdlet to parse the results contained in the Message property. Therefore, I can find all messages that mention, for example, the Reader app. In fact, it gets better than that because I do not have to know the exact app name. For example, the BingMaps app name is Microsoft.BingMaps. The following command returns all event log entries that mention the Reader app.

Get-EventLog -LogName system -InstanceId 17 -source *update*| where message -match ‘reader’

The command and its associated output are shown in the image that follows.

Image of command output

Group by month

One thing that I am interested in is how often these updates occur. To do this, I need to group the entries. Unfortunately, if I attempt to directly group by date, it all goes pear shaped. This is shown here.

PS C:\> Get-EventLog -LogName system -InstanceId 17 -source *update*| where message –

match ‘reader’ | group timewritten

 

Count Name                      Group

—– —-                      —–

    1 2/21/2013 7:43:52 AM      {System.Diagnostics.EventLogEntry}

    1 2/20/2013 10:59:12 AM     {System.Diagnostics.EventLogEntry}

This is because each event log entry stores the time it was written as a DateTime object. Hmmm, seems like I have had this problem before. Hmmmm, how did I solve it?

Note   See my Troubleshoot Outlook Problems with PowerShell blog for more information about parsing event log entries. I had to refer to it for this section. It is quite good!

The trick is to use the Select-Object cmdlet and use the –ExpandProperty parameter to expand the time-written DateTime object. This permits easy access to any of the properites of a DateTime object. Properties of a DateTime object are shown here:

PS C:\> get-date | gm -MemberType property | select name, definition

 

Name                                       Definition

—-                                       ———-

Date                                       datetime Date {get;}

Day                                        int Day {get;}

DayOfWeek                                  System.DayOfWeek DayOfWeek {get;}

DayOfYear                                  int DayOfYear {get;}

Hour                                       int Hour {get;}

Kind                                       System.DateTimeKind Kind {get;}

Millisecond                                int Millisecond {get;}

Minute                                     int Minute {get;}

Month                                      int Month {get;}

Second                                     int Second {get;}

Ticks                                      long Ticks {get;}

TimeOfDay                                  timespan TimeOfDay {get;}

Year                                       int Year {get;}

This means that after I expand the DateTime object, I can sort or group any of these properties as I see fit. Cool …therefore I can filter defender updates by month. This command, and its associated output are shown here.

PS C:\> Get-EventLog -LogName system -InstanceId 17 -source *update*| where message –

match ‘defender’  | select -ExpandProperty timewritten | group month

 

Count Name                      Group

—– —-                      —–

   44 2                         {2/21/2013 7:43:20 AM, 2/20/2013 10:59:12 AM, 2/1…

   22 1                         {1/31/2013 12:31:11 PM, 1/30/2013 6:30:56 PM, 1/3…

   13 12                        {12/31/2012 4:20:47 PM, 12/30/2012 5:37:25 PM, 12…

   13 11                        {11/25/2012 7:23:21 AM, 11/22/2012 10:14:12 AM, 1…

   23 10                        {10/31/2012 8:58:26 PM, 10/31/2012 8:58:26 PM, 10…

    2 9                         {9/29/2012 6:26:45 PM, 9/22/2012 9:41:32 PM}

JS, that is all there is to parsing the event log for app updates. Join me tomorrow when I will talk about more cool Windows PowerShell stuff.

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy

 

Author

The "Scripting Guys" is a historical title passed from scripter to scripter. The current revision has morphed into our good friend Doctor Scripto who has been with us since the very beginning.

0 comments

Discussion are closed.