if exists setting "_BESClient_WinESU_MinimizeWMI" whose (exists value whose (it != "0") of it) of client then (exists setting "_BESClient_WinESU_Keys" whose (exists value whose (exists substrings separated by "|" whose ((it starts with "Year3:" or it starts with "PA:") and it ends with ":Active") of it) of it) of client) else (exists value "asset_tag_number" whose (it as string = "7783-7084-3265-9085-8269-3286-77") of structures of smbios OR exists select objects "PartialProductKey, Name, LicenseStatus from SoftwareLicensingProduct" whose (length of string value of property "PartialProductKey" of it = 5 AND (it contains "-ESU-Year3" or it contains "-ESU-PA") of string value of property "Name" of it AND integer value of property "LicenseStatus" of it = 1) of wmi)
This is a check that the machine has an active ESU license from Microsoft applied - that an ESU-Year3 or _ESU-PA license has been applied. Is the machine relevant to Fixlet 1 “ESU Key Managemetn: Install and Activate MAK” ? On the client, if you run ‘cscript slmgr.vbs /dlv’ to retrieve the detailed Microsoft license info, what’s displayed? (Edit:) What is displayed for this machine in the “ESU Key Information - Windows 2008” Analysis?
not exists keys (names of values whose ((it >= "7601.25984.1.11") of (following text of last "~" of name of it as version)) of keys "Package_for_RollupFix~31bf3856ad364e35~amd64~~0.0.0.0" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex" of native registry) whose ((it = 96 OR it = 112) of (value "CurrentState" of it as integer)) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages" of native registry
This is a check that the relevant patch is not already installed (where I believe the “CurrentState” values of 96 and 112 are…I think…“Staged” and “Installed”). If you check the Registry on the system, looking beneath key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Package_for_RollupFix~31bf3856ad364e35~amd64~~0.0.0.0” - what’s the name of the value beneath this key? In relevance you could retrieve that as
names of values of keys whose (name of it starts with "Package_for_RollupFix~31bf3856ad364e35~amd64~~0.0.0.0") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex" of native registry
Relevance 6 is…well, huge. It’s a check of whether the rollup patch is needed based on any number of earlier-version components being installed. Let’s get through Relevance 4 and Relevance 5 before tackling this one.
Also, on this endpoint…what does this query return?
version of operating system