Generating Driver Version Inventory Reports
When users report hardware problems, it is often not the hardware itself that is malfunctioning, but the installed driver. In these situations, it can be invaluable to have an overview of all drivers on your endpoints. Here is how to create driver reports that list names and versions of some or all installed drivers.
Listing Drivers With uberAgent’s Built-In Functionality
uberAgent collects version numbers for all installed applications, including driver packages. The following search, for example, gives you an overview of all installed Nvidia and Intel graphics software:
| pivot `uberAgent_index` Application_ApplicationInventory
dc(host) as "#Installations"
splitrow
DisplayName as Name
splitrow
DisplayVersion as Version
filter DisplayName in ("Nvidia Graphics Driver*","Intel(R) Processor Graphics")
| table
Name
Version
"#Installations"Listing Even More Drivers With Custom Scripts
Anyway, not all drivers are installed via software packages. Some are e.g. installed via Microsoft updates. uberAgent’s custom script functionality to the rescue! In a nutshell, it executes any script you like and sends the output to Splunk.
Use this PowerShell script to list all installed drivers:
$Output = @{}
$DriverPackages = $null
$DriverPackages = Get-WmiObject Win32_PnPSignedDriver | select devicename, driverversion, driverprovidername | where-object {$PSItem.driverprovidername -notlike "" -and $PSItem.driverprovidername -notlike "*Microsoft*"}
Foreach ($DriverPackage in $DriverPackages)
{
# Do some formatting for Intel drivers as the vendor name is not consistent
If ($DriverPackage.driverprovidername -like "*Intel*")
{
$DriverPackage.driverprovidername = "Intel"
}
$Output = @{
'DeviceName' = "`"$($DriverPackage.devicename)`""
'DriverVersion' = $DriverPackage.driverversion
'DriverVendor' = "`"$($DriverPackage.driverprovidername)`""
}
Write-Output $($Output.Keys.ForEach({"$_=$($Output.$_)"}) -join ' ')
}I blacklisted everything Microsoft related reducing the list to third-party drivers only. Another way would be to just include specific vendors:
$Output = @{}
$DriverPackages = $null
$DriverPackages = Get-WmiObject Win32_PnPSignedDriver | select devicename, driverversion, driverprovidername | where-object {$PSItem.driverprovidername -like "*Intel*" -or $PSItem.driverprovidername -like "*Lenovo*"}
Foreach ($DriverPackage in $DriverPackages)
{
# Do some formatting for Intel drivers as the vendor name is not consistent
If ($DriverPackage.driverprovidername -like "*Intel*")
{
$DriverPackage.driverprovidername = "Intel"
}
$Output = @{
'DeviceName' = "`"$($DriverPackage.devicename)`""
'DriverVersion' = $DriverPackage.driverversion
'DriverVendor' = "`"$($DriverPackage.driverprovidername)`""
}
Write-Output $($Output.Keys.ForEach({"$_=$($Output.$_)"}) -join ' ')
}In any case, filtering is recommended to sort out unneeded drivers and keep the indexed data volume as small as possible.
Let us stick to the first example script and have a look at the output:
DriverVendor="Lenovo" DeviceName="System Interface Foundation V2 Device" DriverVersion=1.1.17.2
DriverVendor="Synaptics" DeviceName="Synaptics HID-Compliant Touch pad Device" DriverVersion=19.3.4.219
DriverVendor="Intel" DeviceName="Intel(R) Software Guard Extensions Platform Software Component" DriverVersion=2.1.100.46245
DriverVendor="Intel" DeviceName="Intel(R) Software Guard Extensions Device" DriverVersion=1.9.103.38781
DriverVendor="Intel" DeviceName="Intel(R) Ethernet Connection (4) I219-V" DriverVersion=12.15.24.1
DriverVendor="Synaptics" DeviceName="Synaptics SMBus Driver" DriverVersion=19.3.4.219
DriverVendor="Intel" DeviceName="Intel(R) Display-Audio" DriverVersion=10.22.1.97
DriverVendor="Realtek Semiconductor Corp." DeviceName="Realtek High Definition Audio" DriverVersion=6.0.1.8551
DriverVendor="Intel" DeviceName="Mobile 6th/7th Generation Intel(R) Processor Family I/O PMC - 9D21" DriverVersion=10.1.1.38
DriverVendor="Synaptics" DeviceName="Synaptics Pointing Device" DriverVersion=19.3.4.219
DriverVendor="Lenovo" DeviceName="Lenovo Power Manager" DriverVersion=10.0.56.0
DriverVendor="Lenovo" DeviceName="Lenovo PM Device" DriverVersion=1.67.12.23
DriverVendor="Intel" DeviceName="Mobile 7th Generation Intel(R) Processor Family I/O LPC Controller (U Premium) - 9D58" DriverVersion=10.1.1.38
DriverVendor="Intel" DeviceName="Mobile 6th/7th Generation Intel(R) Processor Family I/O PCI Express Root Port #9 - 9D18" DriverVersion=10.1.1.38
DriverVendor="Intel" DeviceName="Intel(R) Dual Band Wireless-AC 8265" DriverVersion=20.70.3.3
DriverVendor="Intel" DeviceName="Mobile 6th/7th Generation Intel(R) Processor Family I/O PCI Express Root Port #3 - 9D12" DriverVersion=10.1.1.38
DriverVendor="Intel" DeviceName="Mobile 6th/7th Generation Intel(R) Processor Family I/O PCI Express Root Port #1 - 9D10" DriverVersion=10.1.1.38
DriverVendor="Intel" DeviceName="Intel(R) Management Engine Interface " DriverVersion=11.7.0.1040
DriverVendor="Intel" DeviceName="Mobile 6th/7th Generation Intel(R) Processor Family I/O Thermal subsystem - 9D31" DriverVersion=10.1.1.38
DriverVendor="SunplusIT" DeviceName="Integrated Camera" DriverVersion=3.5.7.4802
DriverVendor="Intel" DeviceName="Intel(R) Wireless Bluetooth(R)" DriverVersion=19.30.1648.920
DriverVendor="Sierra Wireless Inc." DeviceName="Sierra Wireless EM7455 Qualcomm Snapdragon swmbbnode device 01" DriverVersion=17.3.2.9
DriverVendor="AlcorMicro" DeviceName="Alcor Micro USB Smart Card Reader" DriverVersion=1.7.45.15
DriverVendor="Logitech" DeviceName="Logitech USB Input Device" DriverVersion=1.10.78.0
DriverVendor="Realtek Semiconductor Corp." DeviceName="Realtek USB 3.0 Card Reader" DriverVersion=10.0.14393.31228
DriverVendor="Lenovo" DeviceName="Wide viewing angle & High density FlexView Display 2560x1440" DriverVersion=6.3.0.0
DriverVendor="Intel" DeviceName="Intel(R) HD Graphics 620" DriverVersion=21.20.16.4590
DriverVendor="Intel" DeviceName="Intel(R) Xeon(R) E3 - 1200 v6/7th Gen Intel(R) Core(TM) Host Bridge/DRAM Registers - 5904" DriverVersion=10.1.1.38
DriverVendor="Sierra Wireless Incorporated" DeviceName="Sierra Wireless Location Sensor" DriverVersion=17.8.1030.33Start Collecting Data
Save the script to disk and create a new timer in uberAgent’s configuration. After a service restart, uberAgent starts collecting data.
[Timer]
Name = PowerShell Driver Versions
Interval = 86400000
Start delay = 600000
Persist interval = true
Thread priority = background
Script = powershell.exe -executionpolicy bypass -file "C:\Program Files\vast limits\uberAgent\Scripts\Get-DriverVersions.ps1"
ScriptContext = Session0AsSystemSplunk it!
Once the data is in Splunk you can use it to help you troubleshooting these nasty driver issues. Run the following search to list all driver versions per device:
index = `uberAgent_index` sourcetype = "\"uberAgent:Script:PowerShell Driver Versions\""
| stats
values(DriverVersion) as "Driver versions"
dc(DriverVersion) as "#Driver versions"
latest(DriverVendor) as Vendor
by DeviceName
| sort limit=0 Vendor
| table
Vendor
DeviceName
"Driver versions"
"#Driver versions"
Note that the number of driver versions is always one as I ran this only on my laptop. The number will likely change when running the script in a corporate environment on multiple machines.
