cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4216
Views
0
Helpful
6
Replies
Beginner

ISE Windows Update Check?

I see in ISE Windows Update remediations, but I don't see how to check for missing windows updates?

Anyone find any documentation on this or know how to do it?

Thanks

6 REPLIES 6
Cisco Employee

ISE Windows Update Check?

You will need to configure some posture checks. A very good source of documentation is Cisco's TrustSec guide:

http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/landing_DesignZone_TrustSec.html

Thank you for rating!

Beginner

ISE Windows Update Check?

I didn't see how to do the posture checks, I discovered the issue was I was always looking in the "Windows all" group. When I select a specific platform like "Windows 7 (all)" then I see the hotfix checks.

Cisco Employee

ISE Windows Update Check?

Very good! So your issue is solved then? If so we should close the thread

Highlighted
Beginner

ISE Windows Update Check?

Hi Friend,

please, did you find how to check the last updates on Windows?

I can not find out how to do this!!

Could you help me about it?

thanks a lot

Beginner

Hi did you ever find a

Hi did you ever find a solution to this problem?

We don't really care about specific updates. We just want to check for windows having the latest updates available - so its also is auto updated instead of us having to manually update with specific updates. 

Thanks

Beginner

Re: ISE Windows Update Check?

You cannot adopt a manual method to check for missing Windows Update.  It is the Windows Update Services (WUAUSERV) that checks for the  Windows Update State of a machine using query response mechanism and by  checking various files as well as registry settings and whether last  update was successfully completed.

Windows update information and settings are at the following path in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update

Key Value Pair: NextDetectionTime

You may require to create Registry Condition & Compound Condition. Besides this you can also probe some other values in the above registry key path

So for that matter, You can configure posture validation based on the registry

Optionally, you can configure Windows Server Update Services  (WSUS) remediation instead for your posture validation policy. More  detailed help is available at the following location:

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_pos_pol.html#wp1979471