Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, February 23, 2012 9:55 PM
what security event id identifies what user who logged on and installed windows patches? this is for a 2008 r2 domain controller.
User used big fix to install windows security updates.
dsk
All replies (5)
Monday, February 27, 2012 8:02 AM âś…Answered | 2 votes
Hi,
As far as I know, there is no such event log that records who installed a security update. The Windows Update client records all transaction information to the following log file: %windir%\Windowsupdate.log. For more information, please refer to:
How to read the Windowsupdate.log file
http://support.microsoft.com/kb/902093/en-us
Regards,
Bruce
Tuesday, September 4, 2012 9:39 AM
There must be somehow to log this information. We have an multi administrator environment and we need to know who installed the updates. Can it somehow be set to extra logging or audit?
Wednesday, July 9, 2014 11:53 PM
Check the Event ID: 19 or Source: WindowsUpdateClinet, it catches MS patches installation on windows server 2008 (R2)......
Thursday, July 10, 2014 7:38 AM
Check the Event ID: 19 or Source: WindowsUpdateClinet, it catches MS patches installation on windows server 2008 (R2)......
But i cannot see who installed the patch. Are you able to see that?
Wednesday, June 6, 2018 4:26 PM | 1 vote
Running 'wmic qfe list' in a command prompt will give a list useful for audit.