Windows OS Hub
  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux

 Windows OS Hub / Windows 11 / Check the Software Installation/Removal History in Windows

October 8, 2024

Check the Software Installation/Removal History in Windows

A complete history of software installations, updates, and removals on a computer can be found in Windows Event logs. These logs can also be used to identify the specific user who initiated the installation or removal of the application.

How to view the application installation logs in Windows:

  1. Open the Event Viewer snap-in (eventvwr.msc)
  2. Expand Windows Logs -> Application
  3. Right-click on the log and select Filter current log Filter Event Viewer log
  4. Select MsiInstaller as the event source. find software installation events from msiinstaller
  5. Check the following events for information about installing or removing software.
    EventID 11707 – Installation completed successfully.
    EventID 11724 – Removal completed successfully.
    software installation event id windows

    This log only contains installation events for applications packaged in MSI/MSP packages (or in EXE files that actually run the MSI installer using msiexec.exe). The Windows Installer service (MSIServer) is used to install MSI packages. This service is used to manage the installation, maintenance, rollback, and removal of software on Windows. Some apps distributed in EXE file format don’t use the MSIServer service and therefore don’t write such events.
  6. To find out which specific user uninstalled or installed the program, go to the Details tab in the event properties. Switch to the XML view mode. The user’s SID is specified in the Security UserID attribute value. Copy it. How to detect who installed software on Windows
  7. Run the following command to convert the user SID to an account name:
    wmic useraccount where sid='S-1-5-21-3414967564-454070197-2746421142-1001' get name

This command returns the name of the user who initiated the installation or removal of the program.
convert sid to username

To get all the software installation and removal events from the Event log, use the Get-WinEvent cmdlet. For example, to list a history of successful software installations:

Get-WinEvent -FilterHashtable @{LogName="Application";ID=11707;ProviderName='MsiInstaller'} | Select TimeCreated,Message

PowerShell: View software installation history

To store Event Viewer logs at maximum depth, increase the Windows Event Log size limit.

Windows has a more convenient tool for viewing the history of installing, removing, and updating applications, including Microsoft Store (UWP) apps, and the Windows Update logs. This is the system Reliability Monitor.

Reliability Monitor is a separate graphical applet in the Classic Control Panel that displays the system stability index and detailed information about events that could affect the operating system’s stability (application crashes, software installation, removal events, etc.).

To open Reliability Monitor, go to Control Panel -> Security and Maintenance. In the Maintenance section, click the View reliability history link (or run the perfmon /rel command).

Open the Reliability Monitor

View which updates, programs, and UWP apps have been installed or removed by day or week. For more information about the event, click the View technical details button.

View software installation events in reliability history

This script displays all program installation, removal, and update events (including Windows updates and APPX/MSIX installations) on the computer for the last 7 days in the Out-GridView interactive graphical table.

$DaysAgo = (Get-Date).AddDays(-7)
$RealiabilityFilter= "TimeGenerated > '$DaysAgo' and (SourceName='Microsoft-Windows-WindowsUpdateClient' or SourceName='MsiInstaller')"
Get-CimInstance -ClassName Win32_ReliabilityRecords -filter $RealiabilityFilter|Select TimeGenerated,ProductName,User,message |Out-GridView

Filter events by a specific app, event, or user using Out-GridView’s built-in filters.

PowerShell: Find all software installed/uninstalled in the last 7 days

1 comment
6
Facebook Twitter Google + Pinterest
PowerShellWindows 10Windows 11
previous post
Validating AD User Credentials with PowerShell
next post
Disable BitLocker Automatic Drive Encryption in Windows 11

Related Reading

Create a Custom Windows Image with Pre-installed Apps

February 28, 2024

Upgrading to Windows 11 on Unsupported Hardware

March 6, 2024

Configuring RemoteApps Hosted on Windows 10/11 (without Windows...

January 25, 2025

How to Assign (Passthrough) a Physical GPU to...

June 11, 2024

Disable BitLocker Automatic Drive Encryption in Windows 11

October 16, 2024

Enable Hyper-V on Windows 10/11 Pro and Home...

August 12, 2024

Fix: Your IT Administrator Has Limited Access to...

March 22, 2024

Disable and Completely Remove Widgets from Taskbar in...

September 26, 2024

1 comment

Robert December 31, 2024 - 2:18 pm

I have learned more in 1 hour on this site than the 1000 hours spent on macrocrap. The instructions here are easy to understand. Thanks ! Peace to all

Reply

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • Map a Network Drive over SSH (SSHFS) in Windows

    May 13, 2025
  • Configure NTP Time Source for Active Directory Domain

    May 6, 2025
  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025
  • How to Prefer IPv4 over IPv6 in Windows Networks

    April 9, 2025
  • Load Drivers from WinPE or Recovery CMD

    March 26, 2025
  • How to Block Common (Weak) Passwords in Active Directory

    March 25, 2025
  • Fix: The referenced assembly could not be found error (0x80073701) on Windows

    March 17, 2025
  • Exclude a Specific User or Computer from Group Policy

    March 12, 2025
  • AD Domain Join: Computer Account Re-use Blocked

    March 11, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • How to Delete Old User Profiles in Windows
  • Fix: Remote Desktop Licensing Mode is not Configured
  • How to Install Remote Server Administration Tools (RSAT) on Windows
  • Configuring User Profile Disks (UPD) on Windows Server RDS
  • How to Create UEFI Bootable USB Drive to Install Windows
  • Wi-Fi (Internet) Disconnects After Sleep or Hibernation on Windows 10/11
  • How to Allow Non-Admin User to Start/Stop Service in Windows
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top