When users report hardware problems, it is often not the hardware itself that is malfunctioning, but the installed driver. In these situations, it can be invaluable to have an overview of all drivers on your endpoints. Here is how to create driver reports that list names and versions of some or all installed drivers.

Listing Drivers With uberAgent’s Built-In Functionality

uberAgent collects version numbers for all installed applications, including driver packages. The following search, for example, gives you an overview of all installed Nvidia and Intel graphics software:

| pivot `uberAgent_index` Application_ApplicationInventory
  dc(host) as "#Installations"
  splitrow
      DisplayName as Name
  splitrow
      DisplayVersion as Version
    filter DisplayName in ("Nvidia Graphics Driver*","Intel(R) Processor Graphics") 
| table
  Name
  Version
  "#Installations"

Listing Even More Drivers With Custom Scripts

Anyway, not all drivers are installed via software packages. Some are e.g. installed via Microsoft updates. uberAgent’s custom script functionality to the rescue! In a nutshell, it executes any script you like and sends the output to Splunk.

Use this PowerShell script to list all installed drivers:

$Output = @{}
$DriverPackages = $null

$DriverPackages = Get-WmiObject Win32_PnPSignedDriver | select devicename, driverversion, driverprovidername | where-object {$PSItem.driverprovidername -notlike "" -and $PSItem.driverprovidername -notlike "*Microsoft*"}

Foreach ($DriverPackage in $DriverPackages)
{
    # Do some formatting for Intel drivers as the vendor name is not consistent
    If ($DriverPackage.driverprovidername -like "*Intel*")
    {
        $DriverPackage.driverprovidername = "Intel"
    }
    $Output = @{
       'DeviceName' = "`"$($DriverPackage.devicename)`""
       'DriverVersion' = $DriverPackage.driverversion
       'DriverVendor' = "`"$($DriverPackage.driverprovidername)`""
    }
    Write-Output $($Output.Keys.ForEach({"$_=$($Output.$_)"}) -join ' ')
}

I blacklisted everything Microsoft related reducing the list to third-party drivers only. Another way would be to just include specific vendors:

$Output = @{}
$DriverPackages = $null

$DriverPackages = Get-WmiObject Win32_PnPSignedDriver | select devicename, driverversion, driverprovidername | where-object {$PSItem.driverprovidername -like "*Intel*" -or $PSItem.driverprovidername -like "*Lenovo*"}

Foreach ($DriverPackage in $DriverPackages)
{
    # Do some formatting for Intel drivers as the vendor name is not consistent
    If ($DriverPackage.driverprovidername -like "*Intel*")
    {
        $DriverPackage.driverprovidername = "Intel"
    }
    $Output = @{
       'DeviceName' = "`"$($DriverPackage.devicename)`""
       'DriverVersion' = $DriverPackage.driverversion
       'DriverVendor' = "`"$($DriverPackage.driverprovidername)`""
    }
    Write-Output $($Output.Keys.ForEach({"$_=$($Output.$_)"}) -join ' ')
}

In any case, filtering is recommended to sort out unneeded drivers and keep the indexed data volume as small as possible.

Let us stick to the first example script and have a look at the output:

DriverVendor="Lenovo" DeviceName="System Interface Foundation V2 Device" DriverVersion=1.1.17.2
DriverVendor="Synaptics" DeviceName="Synaptics HID-Compliant Touch pad Device" DriverVersion=19.3.4.219
DriverVendor="Intel" DeviceName="Intel(R) Software Guard Extensions Platform Software Component" DriverVersion=2.1.100.46245
DriverVendor="Intel" DeviceName="Intel(R) Software Guard Extensions Device" DriverVersion=1.9.103.38781
DriverVendor="Intel" DeviceName="Intel(R) Ethernet Connection (4) I219-V" DriverVersion=12.15.24.1
DriverVendor="Synaptics" DeviceName="Synaptics SMBus Driver" DriverVersion=19.3.4.219
DriverVendor="Intel" DeviceName="Intel(R) Display-Audio" DriverVersion=10.22.1.97
DriverVendor="Realtek Semiconductor Corp." DeviceName="Realtek High Definition Audio" DriverVersion=6.0.1.8551
DriverVendor="Intel" DeviceName="Mobile 6th/7th Generation Intel(R) Processor Family I/O PMC - 9D21" DriverVersion=10.1.1.38
DriverVendor="Synaptics" DeviceName="Synaptics Pointing Device" DriverVersion=19.3.4.219
DriverVendor="Lenovo" DeviceName="Lenovo Power Manager" DriverVersion=10.0.56.0
DriverVendor="Lenovo" DeviceName="Lenovo PM Device" DriverVersion=1.67.12.23
DriverVendor="Intel" DeviceName="Mobile 7th Generation Intel(R) Processor Family I/O LPC Controller (U Premium) - 9D58" DriverVersion=10.1.1.38
DriverVendor="Intel" DeviceName="Mobile 6th/7th Generation Intel(R) Processor Family I/O PCI Express Root Port #9 - 9D18" DriverVersion=10.1.1.38
DriverVendor="Intel" DeviceName="Intel(R) Dual Band Wireless-AC 8265" DriverVersion=20.70.3.3
DriverVendor="Intel" DeviceName="Mobile 6th/7th Generation Intel(R) Processor Family I/O PCI Express Root Port #3 - 9D12" DriverVersion=10.1.1.38
DriverVendor="Intel" DeviceName="Mobile 6th/7th Generation Intel(R) Processor Family I/O PCI Express Root Port #1 - 9D10" DriverVersion=10.1.1.38
DriverVendor="Intel" DeviceName="Intel(R) Management Engine Interface " DriverVersion=11.7.0.1040
DriverVendor="Intel" DeviceName="Mobile 6th/7th Generation Intel(R) Processor Family I/O Thermal subsystem - 9D31" DriverVersion=10.1.1.38
DriverVendor="SunplusIT" DeviceName="Integrated Camera" DriverVersion=3.5.7.4802
DriverVendor="Intel" DeviceName="Intel(R) Wireless Bluetooth(R)" DriverVersion=19.30.1648.920
DriverVendor="Sierra Wireless Inc." DeviceName="Sierra Wireless EM7455 Qualcomm Snapdragon swmbbnode device 01" DriverVersion=17.3.2.9
DriverVendor="AlcorMicro" DeviceName="Alcor Micro USB Smart Card Reader" DriverVersion=1.7.45.15
DriverVendor="Logitech" DeviceName="Logitech USB Input Device" DriverVersion=1.10.78.0
DriverVendor="Realtek Semiconductor Corp." DeviceName="Realtek USB 3.0 Card Reader" DriverVersion=10.0.14393.31228
DriverVendor="Lenovo" DeviceName="Wide viewing angle & High density FlexView Display 2560x1440" DriverVersion=6.3.0.0
DriverVendor="Intel" DeviceName="Intel(R) HD Graphics 620" DriverVersion=21.20.16.4590
DriverVendor="Intel" DeviceName="Intel(R) Xeon(R) E3 - 1200 v6/7th Gen Intel(R) Core(TM) Host Bridge/DRAM Registers - 5904" DriverVersion=10.1.1.38
DriverVendor="Sierra Wireless Incorporated" DeviceName="Sierra Wireless Location Sensor" DriverVersion=17.8.1030.33

Start Collecting Data

Save the script to disk and create a new timer in uberAgent’s configuration. After a service restart, uberAgent starts collecting data.

[Timer]
Name              = PowerShell Driver Versions
Interval          = 86400000
Start delay       = 600000
Persist interval  = true
Thread priority   = background
Script            = powershell.exe -executionpolicy bypass -file "C:\Program Files\vast limits\uberAgent\Scripts\Get-DriverVersions.ps1"
ScriptContext     = Session0AsSystem

Splunk it!

Once the data is in Splunk you can use it to help you troubleshooting these nasty driver issues. Run the following search to list all driver versions per device:

index = `uberAgent_index` sourcetype = "\"uberAgent:Script:PowerShell Driver Versions\"" 
| stats 
   values(DriverVersion) as "Driver versions"
   dc(DriverVersion) as "#Driver versions"
   latest(DriverVendor) as Vendor
      by DeviceName
| sort limit=0 Vendor
| table
   Vendor
   DeviceName
   "Driver versions"
   "#Driver versions"

Note that the number of driver versions is always one as I ran this only on my laptop. The number will likely change when running the script in a corporate environment on multiple machines.