When users report hardware problems, it is often not the hardware itself that is malfunctioning, but the installed driver. In these situations, it can be invaluable to have an overview of all drivers on your endpoints. Here is how to create driver reports that list names and versions of some or all installed drivers.
Listing Drivers With uberAgent’s Built-In Functionality
uberAgent collects version numbers for all installed applications, including driver packages. The following search, for example, gives you an overview of all installed Nvidia and Intel graphics software:
| pivot `uberAgent_index` Application_ApplicationInventory
dc(host) as "#Installations"
splitrow
DisplayName as Name
splitrow
DisplayVersion as Version
filter DisplayName in ("Nvidia Graphics Driver*","Intel(R) Processor Graphics")
| table
Name
Version
"#Installations"
Listing Even More Drivers With Custom Scripts
Anyway, not all drivers are installed via software packages. Some are e.g. installed via Microsoft updates. uberAgent’s custom script functionality to the rescue! In a nutshell, it executes any script you like and sends the output to Splunk.
Use this PowerShell script to list all installed drivers:
$Output = @{}
$DriverPackages = $null
$DriverPackages = Get-WmiObject Win32_PnPSignedDriver | select devicename, driverversion, driverprovidername | where-object {$PSItem.driverprovidername -notlike "" -and $PSItem.driverprovidername -notlike "*Microsoft*"}
Foreach ($DriverPackage in $DriverPackages)
{
# Do some formatting for Intel drivers as the vendor name is not consistent
If ($DriverPackage.driverprovidername -like "*Intel*")
{
$DriverPackage.driverprovidername = "Intel"
}
$Output = @{
'DeviceName' = "`"$($DriverPackage.devicename)`""
'DriverVersion' = $DriverPackage.driverversion
'DriverVendor' = "`"$($DriverPackage.driverprovidername)`""
}
Write-Output $($Output.Keys.ForEach({"$_=$($Output.$_)"}) -join ' ')
}
I denylisted everything Microsoft related reducing the list to third-party drivers only. Another way would be to just include specific vendors:
$Output = @{}
$DriverPackages = $null
$DriverPackages = Get-WmiObject Win32_PnPSignedDriver | select devicename, driverversion, driverprovidername | where-object {$PSItem.driverprovidername -like "*Intel*" -or $PSItem.driverprovidername -like "*Lenovo*"}
Foreach ($DriverPackage in $DriverPackages)
{
# Do some formatting for Intel drivers as the vendor name is not consistent
If ($DriverPackage.driverprovidername -like "*Intel*")
{
$DriverPackage.driverprovidername = "Intel"
}
$Output = @{
'DeviceName' = "`"$($DriverPackage.devicename)`""
'DriverVersion' = $DriverPackage.driverversion
'DriverVendor' = "`"$($DriverPackage.driverprovidername)`""
}
Write-Output $($Output.Keys.ForEach({"$_=$($Output.$_)"}) -join ' ')
}
In any case, filtering is recommended to sort out unneeded drivers and keep the indexed data volume as small as possible.
Let us stick to the first example script and have a look at the output:
Once the data is in Splunk you can use it to help you troubleshooting these nasty driver issues. Run the following search to list all driver versions per device:
index = `uberAgent_index` sourcetype = "\"uberAgent:Script:PowerShell Driver Versions\""
| stats
values(DriverVersion) as "Driver versions"
dc(DriverVersion) as "#Driver versions"
latest(DriverVendor) as Vendor
by DeviceName
| sort limit=0 Vendor
| table
Vendor
DeviceName
"Driver versions"
"#Driver versions"
Note that the number of driver versions is always one as I ran this only on my laptop. The number will likely change when running the script in a corporate environment on multiple machines.
Generating Driver Version Inventory Reports
In this article
When users report hardware problems, it is often not the hardware itself that is malfunctioning, but the installed driver. In these situations, it can be invaluable to have an overview of all drivers on your endpoints. Here is how to create driver reports that list names and versions of some or all installed drivers.
Listing Drivers With uberAgent’s Built-In Functionality
uberAgent collects version numbers for all installed applications, including driver packages. The following search, for example, gives you an overview of all installed Nvidia and Intel graphics software:
Listing Even More Drivers With Custom Scripts
Anyway, not all drivers are installed via software packages. Some are e.g. installed via Microsoft updates. uberAgent’s custom script functionality to the rescue! In a nutshell, it executes any script you like and sends the output to Splunk.
Use this PowerShell script to list all installed drivers:
I denylisted everything Microsoft related reducing the list to third-party drivers only. Another way would be to just include specific vendors:
In any case, filtering is recommended to sort out unneeded drivers and keep the indexed data volume as small as possible.
Let us stick to the first example script and have a look at the output:
Start Collecting Data
Save the script to disk and create a new timer in uberAgent’s configuration. After a service restart, uberAgent starts collecting data.
Splunk it!
Once the data is in Splunk you can use it to help you troubleshooting these nasty driver issues. Run the following search to list all driver versions per device:
Note that the number of driver versions is always one as I ran this only on my laptop. The number will likely change when running the script in a corporate environment on multiple machines.