powershell check if kb is installed on remote computer

It's definitely present in v5.1. I placed the Patches variable inside of Invoke-Command to make the script PowerShell 2.0 PowerShell Search Installed Windows Update on Remote Computers Swapnil Infotech 616 subscribers Subscribe 16 744 views 8 months ago PowerShell Scripts In This Video you will learn how to. This script will check if the computer is pingable and if pingable connects to the remote computer to get the patch details. Tutorial Powershell - List installed updates [ Step by step ] Learn how to use Powershell to list the installed updates on a computer running Windows in 5 minutes or less. This topic has been locked by an administrator and is no longer open for commenting. An example of the basic syntax is get-hotfix -id KB974332 Share Improve this answer Follow edited Feb 23, 2015 at 8:31 HBruijn 73.5k 23 132 194 answered Feb 23, 2015 at 7:35 raeez 191 1 2 Are there tables of wastage rates for different fruit and veg? This cmdlet returns objects representing the hotfixes on the computer. To learn more, see our tips on writing great answers. What is the correct way to screw wall and ceiling drywalls? (Test-Path -path "$DirectoryToSaveTo")) #create it if not existing { New-Item "$DirectoryToSaveTo" -type directory | out-null } #Create a new Excel object using COM $Excel = New-Object -ComObject Excel.Application $Excel.visible = $True $Excel = $Excel.Workbooks.Add() $Sheet = $Excel.Worksheets.Item(1) $sheet.Name = 'Patch status - ' #Create a Title for the first worksheet $row = 1 $Column = 1 $Sheet.Cells.Item($row,$column)= 'Patch status' $range = $Sheet.Range("a1","f2") $range.Merge() | Out-Null $range.VerticalAlignment = -4160 #Give it a nice Style so it stands out $range.Style = 'Title' #Increment row for next set of data $row++;$row++ #Save the initial row so it can be used later to create a border #Counter variable for rows $intRow = $row $xlOpenXMLWorkbook=[int]51 #Read thru the contents of the Servers.txt file $Sheet.Cells.Item($intRow,1) ="Name" $Sheet.Cells.Item($intRow,2) ="Patch status" $Sheet.Cells.Item($intRow,3) ="OS" $Sheet.Cells.Item($intRow,4) ="SystemType" $Sheet.Cells.Item($intRow,5) ="Last Boot Time"$Sheet.Cells.Item($intRow,6) ="IP Address" #sets the font and color for the headers for ($col = 1; $col le 6; $col++) { $Sheet.Cells.Item($intRow,$col).Font.Bold = $True $Sheet.Cells.Item($intRow,$col).Interior.ColorIndex = 48 $Sheet.Cells.Item($intRow,$col).Font.ColorIndex = 34 } $intRow++ Function GetUpTime { param([string] $LastBootTime) $Uptime = (Get-Date) - [System.Management.ManagementDateTimeconverter]::ToDateTime($LastBootTime) "Days: $($Uptime.Days); Hours: $($Uptime.Hours); Minutes: $($Uptime.Minutes); Seconds: $($Uptime.Seconds)" } #This will try every computer in computers txt against the following$computers = Get-Content -Path $computerListforeach ($computer in $computers) { #If it cant find an IP address it will jump down to the catch and write PC not online#if it can find the KB it will continue down the list and write it out to the excel file#if it can find the KB it will jump to the catch see that the ip is not null so it will write out the the KB isnt found try { $IpV4 = (Test-Connection -ComputerName $computer -count 1).IPV4Address.ipaddressTOstring if ($KbInFo = Get-HotFix -Id $Patch -ComputerName $computer -ErrorAction 1) { $kbiNstall="$patch is installed" } $OS = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $Computer -ErrorAction SilentlyContinue $sheetS = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $Computer -ErrorAction SilentlyContinue $sheetPU = Get-WmiObject -Class Win32_Processor -ComputerName $Computer -ErrorAction SilentlyContinue $drives = Get-WmiObject -ComputerName $Computer Win32_LogicalDisk | Where-Object {$_.DriveType -eq 3} -ErrorAction SilentlyContinue $OSRunning = $OS.caption + " " + $OS.OSArchitecture + " SP " + $OS.ServicePackMajorVersion $systemType=$sheetS.SystemType $date = Get-Date $uptime = $OS.ConvertToDateTime($OS.lastbootuptime) $sheet.Cells.Item($intRow, 1) = $computer $sheet.Cells.Item($intRow, 2) = $kbiNstall $sheet.Cells.Item($intRow, 3) = $OSRunning $sheet.Cells.Item($intRow, 4) = $SystemType $sheet.Cells.Item($intRow, 5) = $uptime $sheet.Cells.item($intRow, 6) = $IpV4 } catch { If($IpV4 -eq $null){ $sheet.Cells.Item($intRow, 1) = $computer $sheet.Cells.Item($intRow, 2) = "PC is not online"} else{ $sheet.Cells.Item($intRow, 1) = $computer $sheet.Cells.Item($intRow, 2) = "PC HotFix Not Found" $sheet.Cells.Item($intRow, 3) = $OSRunning $sheet.Cells.Item($intRow, 4) = $SystemType $sheet.Cells.Item($intRow, 5) = $uptime $sheet.Cells.item($intRow, 6) = $IpV4 } } $intRow = $intRow + 1 } $erroractionpreference = SilentlyContinue $Sheet.UsedRange.EntireColumn.AutoFit() ########################################333 ############################################################## $filename = "$DirectoryToSaveTo$filename.xlsx" #if (test-path $filename ) { rm $filename } #delete the file if it already exists $Sheet.UsedRange.EntireColumn.AutoFit() $Excel.SaveAs($filename, $xlOpenXMLWorkbook) #save as an XML Workbook (xslx) $Excel.Saved = $True $Excel.Close() $Excel.DisplayAlerts = $False $Excel.quit()[System.Runtime.Interopservices.Marshal]::ReleaseComObject($Excel)spps -n Excel. Can I tell police to wait and call a lawyer when served with a search warrant? Credentials are stored in a PSCredential The Get-HotFix output might vary on different operating systems. patches installed Via Quick Fix Engineering, https://raw.githubusercontent.com/jampaniharish/OnlineScripts/master/Get-installedPatch.ps1, SCCM CMPivot Fast Channel Making SCCM Fast, SCCM Run Script Deployment Step by Step Guide, PowerShell Script to Import Multiple CSV Files to Pivot Table SCCM Patch Report. You can use the built-in Powershell ISE, too, but it is not being developed any further. only check for the specific updates that are applicable to that OS. A place where magic is studied and practiced? saved as scripts or shared with others. # none found In this script, I have used win32_quickfixengineering rather than Get-hotfix, get-hotfix will also give us the same results, but it has its pros and cons. I wanted to know if i can remote access this machine and switch between os or while rebooting the system I can select the specific os. Install IIS First, we need a web server we can use to distribute the wsusscn2.cab file. How to react to a students panic attack in an oral exam? Luckily, we can do this easily from the PowerShell Gallery. (Exception from HRESULT: 0x800706BA) At C:\powershell\find_missing_patches.ps1:8 char:2 + Get-HotFix -id $patch -ComputerName $Computer -OutVariable results - + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Get-HotFix], COMException + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Microsoft.PowerShell.Commands.GetHotFixCommand ```, are all your systems online? defined at the top and the Using variable scope modifier could have used to use the local variable Results are exported to CSV files, not online, and exception computers are recorded in different text files. Euler: A baby on his lap, a cat on his back thats how he wrote his immortal works (origin?). PowerShell remoting is also more firewall friendly and If you have any updates during this process, please feel free to let me know. Note that the above two links are not from MS, just for your reference. I am trying to search for hotfix installed on list of computers. Windows Server 2008 R 2 Enterprise Edition. Webinar: Reduce Complexity & Optimise IT Capabilities. Day 4: Use PowerShell to Find Missing Updates on WSUS Client Computers. You can use the built-in Powershell ISE, too, but it is not being developed any further. I have a system with me which has dual boot os installed. @sri sri Microsoft Scripting Guy Ed Wilson here. To subscribe to this RSS feed, copy and paste this URL into your RSS reader. This parameter does not rely on Windows PowerShell remoting. Your code appears to be guesswoek and not based on PowerSHell. use a script since the updates are cumulative and the KB numbers that are valid this month wont be How to identify particular KB Installed or Not in a (Remote) windows machine using powershell from wsus server . Thanks for contributing an answer to Stack Overflow! The nature of simulating nature: A Q&A with IBM Quantum researcher Dr. Jamie We've added a "Necessary cookies only" option to the cookie consent popup. I'm excited to be here, and hope to be able to contribute. PowerShell PS> $A = Get-Content -Path ./Servers.txt PS> $A | ForEach-Object { if (! $error | Out-File $failed -Append NOTE! https://community.spiceworks.com/how_to/139222-how-to-list-all-windows-updates-using-powershell?page https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-hotfix?view=p How to Manage Windows Updates Remotely on Multiple PCs. I have found that this script is a bit slow to get these detail,s but I could not find any other better way than this to get these details. scripts. A place where magic is studied and practiced? What are you looking for exactly? For me, its a little more difficult to distinguish the difference between whether to use a The $A variable contains computer names that were obtained by Get-Content from a text file. Get-WmiObject -Class Win32_QuickFixEngineering. Thanks for contributing an answer to Stack Overflow! I'm looking to find out if a KB is installed via command line. In addition, I tested it in my lab environment and I would like to share the screenshot for your reference: In a technical forum questions need to be clear and complete. NOTE! $totalpassed = $dev - $totalfailed You can use it to check and run an uninstall command or as part of a SCCM Compliance Settings configuration item. An example of the basic syntax is get-hotfix -id KB974332 On my machine, that command returns Asking for help, clarification, or responding to other answers. PowerShell remoting is also more firewall friendly and is enabled by default on servers running Windows Server 2012 and higher. By clicking Accept all cookies, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy. $machines = C:\Patching\machines.txt Some scripts and functions that Ive seen make this process more complicated than it needs to be by And what are the pros and cons vs cloud based? If it goes through the function and it comes to a computer that doesn't have the patch or isn't online then it goes to the catch and it gives In addition to systeminfo there is also For more information about SecureString data protection, see run "systeminfo" in a CMD window and it will pull back a load of statistics about your system including what patches are installed. Learn how your comment data is processed. $Session = New-Object -ComObject Microsoft.Update.Session $Searcher = $Session.CreateUpdateSearcher () $Searcher.Search ("IsInstalled=1").Updates | ft -a Date,Title You can try using the Windows Update API through PowerShell like in the below example. The compliance can also be switched around where having the KB installed is not complaint and then a remediation script can be used to uninstall the KB. You could just as easily query Active Directory for the computer names or use Get-Content to I'm excited to be here, and hope to be able to contribute. SCCM How to find the list of Software Updates and patches installed Via Quick Fix Engineering. Once you have the module installed, inspect the commands available to you by running Get-Command -Module PSSoftware -Noun Software. I have exported these details to excel file to review the results at later point. Microsoft Security Bulletin MS17-010. I decided to let MS install the 22H2 build. there is a list as follows: computer1 computer2 etc. Query the local system like this: Get-WindowsVersion Or query remote computers: Get-WindowsVersion -ComputerName PC001 I write functions as reusable tools that I place into modules which Some of SCCM features like Run a Script might not work on Windows 7 or Windows 2008. It also confirms that Get-Hotfix does not If you installed the Windows Update Management Module on your computer, you can install it remotely on other computers and / or servers. This class returns only the updates supplied by Component Based After LastPass's breaches, my boss is looking into trying an on-prem password manager. In WinUpdatesView, press F9 to open the 'Advanced Options' window. Thanks Matt for your updated script, your script is little faster than mine when I tested with just few machines that will help, what I liked the most in your script is the way you handled the errors and the way you added the stats to the final CSV. Unfortunately, this same trick does not work with the installation of the patches as remote installation via the COM object is forbidden. Code with aliases and positional parameters shouldnt be Get-Hotfix cmdlet with the Id parameter and a specific Id number for each computer name. } | Select-Object -Property PSComputerName,Description,HotFixID,InstalledOn | Export-Csv -Path $output -Append -NoTypeInformation Why is this the case? The nature of simulating nature: A Q&A with IBM Quantum researcher Dr. Jamie We've added a "Necessary cookies only" option to the cookie consent popup. Get-Hotfix With this useful command you can show all installed Updates on the localhost. After LastPass's breaches, my boss is looking into trying an on-prem password manager. Hello, PowerShell enthusiast today I will be sharing a script that will eventually help you to check various things on a server remotely after the windows server patching is performed. but as for now you can make due with the following Powershell cmdlet. So I ended up fixing the problem and this will give me the info that I am looking for the only thing that I noticed in the error handling is if you dont have access to the computer it will tell you the KB isn't found. By clicking Accept all cookies, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy. A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications. I need to get all installed Windows updates with PowerShell. string of remote computer names. PowerShell script or function. to the next computer once it tries to connect to one that is unreachable. Find centralized, trusted content and collaborate around the technologies you use most. Invoke-Command -ComputerName $_ -ScriptBlock { 3 I need to get all installed Windows updates with PowerShell. $pcnotfound = "true" which in turn once this happens once it will always be true which in turn gives me the PC Not Found message for every computer after that one. permission to access the remote computers and run commands. $dev = 0 parameter for targeting remote computers but more than likely it will be blocked by either a network Actually We have a WSUS server in which 200 computers are reporting(existing) . Appreciate this is an old answer but the %windir%\Windowsupdate.log only seems to show updates for the past month. is enabled by default on servers running Windows Server 2012 and higher. If the response is helpful, please click "Accept Answer" and upvote it. Sort-Object sorts An if statement uses the adjusted using the ThrottleLimit parameter. (Test-Path -path "$DirectoryToSaveTo")) #create it if not existing { New-Item "$DirectoryToSaveTo" -type directory | out-null } #Create a new Excel object using COM $Excel = New-Object -ComObject Excel.Application $Excel.visible = $True $Excel = $Excel.Workbooks.Add() $Sheet = $Excel.Worksheets.Item(1) $sheet.Name = 'Patch status - ' #Create a Title for the first worksheet $row = 1 $Column = 1 $Sheet.Cells.Item($row,$column)= 'Patch status' $range = $Sheet.Range("a1","f2") $range.Merge() | Out-Null $range.VerticalAlignment = -4160 #Give it a nice Style so it stands out $range.Style = 'Title' #Increment row for next set of data $row++;$row++ #Save the initial row so it can be used later to create a border #Counter variable for rows $intRow = $row $xlOpenXMLWorkbook=[int]51 #Read thru the contents of the Servers.txt file $Sheet.Cells.Item($intRow,1) ="Name" $Sheet.Cells.Item($intRow,2) ="Connection Status" $Sheet.Cells.Item($intRow,3) ="Patch status" $Sheet.Cells.Item($intRow,4) ="OS" $Sheet.Cells.Item($intRow,5) ="SystemType" $Sheet.Cells.Item($intRow,6) ="Last Boot Time"$Sheet.Cells.Item($intRow,7) ="IP Address" for ($col = 1; $col le 7; $col++) { $Sheet.Cells.Item($intRow,$col).Font.Bold = $True $Sheet.Cells.Item($intRow,$col).Interior.ColorIndex = 48 $Sheet.Cells.Item($intRow,$col).Font.ColorIndex = 34 } $intRow++ Function GetStatusCode { Param([int] $StatusCode) switch($StatusCode) { 0 {"Success"} 11001 {"Buffer Too Small"} 11002 {"Destination Net Unreachable"} 11003 {"Destination Host Unreachable"} 11004 {"Destination Protocol Unreachable"} 11005 {"Destination Port Unreachable"} 11006 {"No Resources"} 11007 {"Bad Option"} 11008 {"Hardware Error"} 11009 {"Packet Too Big"} 11010 {"Request Timed Out"} 11011 {"Bad Request"} 11012 {"Bad Route"} 11013 {"TimeToLive Expired Transit"} 11014 {"TimeToLive Expired Reassembly"} 11015 {"Parameter Problem"} 11016 {"Source Quench"} 11017 {"Option Too Big"} 11018 {"Bad Destination"} 11032 {"Negotiating IPSEC"} 11050 {"General Failure"} default {"Failed"} } } Function GetUpTime { param([string] $LastBootTime) $Uptime = (Get-Date) - [System.Management.ManagementDateTimeconverter]::ToDateTime($LastBootTime) "Days: $($Uptime.Days); Hours: $($Uptime.Hours); Minutes: $($Uptime.Minutes); Seconds: $($Uptime.Seconds)" } foreach ($Computer in $Computers) { TRY { $OS = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $Computer $sheetS = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $Computer $sheetPU = Get-WmiObject -Class Win32_Processor -ComputerName $Computer $drives = Get-WmiObject -ComputerName $Computer Win32_LogicalDisk | Where-Object {$_.DriveType -eq 3} $pingStatus = Get-WmiObject -Query "Select * from win32_PingStatus where Address='$Computer'" $OSRunning = $OS.caption + " " + $OS.OSArchitecture + " SP " + $OS.ServicePackMajorVersion $systemType=$sheetS.SystemType $date = Get-Date $uptime = $OS.ConvertToDateTime($OS.lastbootuptime) $IpV4 =([System.Net.DNS]::GetHostAddresses($computers)|Where-Object {$_.AddressFamily -eq "InterNetwork"} | select-object IPAddressToString)[0].IPAddressToString if ($kb=get-hotfix -id $Patch -ComputerName $computer -ErrorAction 2) { $kbinstall="$patch is installed" } else { $kbinstall="$patch is not installed" } if($pingStatus.StatusCode -eq 0) { $Status = GetStatusCode( $pingStatus.StatusCode ) } else { $Status = GetStatusCode( $pingStatus.StatusCode ) } } CATCH { $pcnotfound = "true" } #### Pump Data to Excel if ($pcnotfound -eq "true") { #$sheet.Cells.Item($intRow, 1) = "PC Not Found" $sheet.Cells.Item($intRow, 1) = $computer $sheet.Cells.Item($intRow, 2) = "PC Not Found" } else { $sheet.Cells.Item($intRow, 1) = $computer $sheet.Cells.Item($intRow, 2) = $status $Sheet.Cells.Item($intRow, 3) = $kbinstall $sheet.Cells.Item($intRow, 4) = $OSRunning $Sheet.Cells.Item($intRow, 5) = $SystemType $sheet.Cells.Item($intRow, 6) = $uptime $Sheet.Cells.item($intRow, 7) = $IpV4 } $intRow = $intRow + 1 $pcnotfound = "false" } $erroractionpreference = SilentlyContinue $Sheet.UsedRange.EntireColumn.AutoFit() ########################################333 ############################################################## $filename = "$DirectoryToSaveTo$filename.xlsx" #if (test-path $filename ) { rm $filename } #delete the file if it already exists $Sheet.UsedRange.EntireColumn.AutoFit() $Excel.SaveAs($filename, $xlOpenXMLWorkbook) #save as an XML Workbook (xslx) $Excel.Saved = $True $Excel.Close() $Excel.DisplayAlerts = $False $Excel.quit()[System.Runtime.Interopservices.Marshal]::ReleaseComObject($Excel)spps -n Excel. Find if a Windows Update KB has been applied Method 1: Check the Windows Update history Method 2: View installed updates in Programs and Features Control Panel Method 3: Use DISM command-line I realized I messed up when I went to rejoin the domain I just ran Get-Hotfix on my local computer and it came back with a short list of 11 updates/hotfixes while the longer script came back with a detailed history of 775 events both successful and failures. Open a Command Prompt and Type Command Right-click on the Start button (or the key combination WIN + X) and select Command Prompt (Administrator) in the menu that opens. enter image description hereTrying to run the following powershell script in order to find the kbs from a list, installed on remote severs, from a list as well. using all the aliases and positional parameters that I want since Ill simply close out of the I have a system with me which has dual boot os installed. Site design / logo 2023 Stack Exchange Inc; user contributions licensed under CC BY-SA. Powershell, How to get date of last Windows update install or at least checked for an update? Installer (MSI) or the Windows Update site aren't returned by Does Counterspell prevent from any further spells being cast on a given turn? The free version of our cloud-based solution Action1 will help you. Guest Blogger Weekend concludes with Marc Carter. What you really should just use is pstools from sysinternals. But I used the word grep here as in "to grep" to indicate the process in stead of literally meaning the utility "grep". can be specified with Get-Hotfix, it runs against one computer at a time and it does not continue A Boolean is a Boolean and dies not get tested against a string. It can be enabled on other Example Get-HotFix Output The script contains multiple updates to check and multiple machine to check against, the script only needs to find one update out of the 3 or so to be compliant By clicking Post Your Answer, you agree to our terms of service, privacy policy and cookie policy. The following example scans three servers for the hotfixes listed in