PowerShell : How do I find the latest patches installed on a remote system ?
Using PowerShell, you can get a report of patches that are installed on a remote workstation/server. Launch the PowerShell and run the following command where testworkstation is the name of your computer.
Get-WmiObject -Class Win32_QuickFixEngineering -ComputerName testworkstation
If you need to provide another set of credentials for the domain-joined machine you are after, or if you get access-denied error. Use the Get-Credential cmdlet to provide the credentials.
You can see above the default output of the cmdlet, but you can narrow down the results with the following option.
Get-WmiObject -Class Win32_QuickFixEngineering -ComputerName testworkstation | select description,hotfixid,installedon
I would further export it to a CSV for an easier review and analysis with the following export option.
Get-WmiObject -Class Win32_QuickFixEngineering -ComputerName testworkstation | select description,hotfixid,installedon | export-csv c:\Testworkstation_Hotfixes.csv
As you can see that this cmdlet relies on the WMI object class. It is necessary to have the pertinent ports open between the workstation you are running this from to the target. WMI is an entity of shared DCOM ports/services. If there are firewall issues you can’t overcome then perhaps run the PowerShell cmdlets from within the same subnet of your target machine.
In PS V2 CTP3 we have a command which wraps this function called get-hotfix. It does the same thing you are doing, it just saves you some typing.
Gets the QFE updates that have been applied to the local and remote computers.
Get-HotFix
(0)[-Id | -HFID ]
[-ComputerName | -CN | -__Server | -IPAddress (ByName)]
[-Credential ]
Get-HotFix
[-ComputerName | -CN | -__Server | -IPAddress (ByName)]
[-Credential ]
[-Description ]Gets the QFE updates that have been applied to the local and remote computers.
Get-HotFix
(0)[-Id | -HFID ]
[-ComputerName | -CN | -__Server | -IPAddress (ByName)]
[-Credential ]
Get-HotFix
[-ComputerName | -CN | -__Server | -IPAddress (ByName)]
[-Credential ]
[-Description ]Gets the QFE updates that have been applied to the local and remote computers.
Get-HotFix
(0)[-Id | -HFID ]
[-ComputerName | -CN | -__Server | -IPAddress (ByName)]
[-Credential ]
Get-HotFix
[-ComputerName | -CN | -__Server | -IPAddress (ByName)]
[-Credential ]
[-Description ]
Experiment! Enjoy! Engage!
Jeffrey Snover [MSFT]
Windows Management Partner Architect
Visit the Windows PowerShell Team blog at: http://blogs.msdn.com/PowerShell
Visit the Windows PowerShell ScriptCenter at: http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx
Thanks Jeffrey. I am glad that inevitably as PowerShell continues to grow new cmdlets are being introduced. I will give V2 CTP3 a try for this, as I have also been looking forward to the ISE feature in V2 CTP3.
Hi, nice script but you are not offering a solution for find just the latest patches.
IMO, this one’s better because does retrive just the last 10 patches:
function qfe
{
$global:checkkb = gwmi Win32_QuickFixEngineering -ComputerName $computer | ? { $_.InstalledOn } | sort { Get-Date $_.InstalledOn } | ft hotfixid,installedon,installedby,description
}
qfe
$global:checkkb
#Note the function is on one line and note the “select -last”
You should also mention that the class Win32_QuickFixEngineering does return incomplete results… maybe Microsoft should improve this instead of producing a command which bases itself on a wrong basis.
Nevertheless I like the possibility to pass credentials to the new command, even if you could do that before for WLI queries.
Instead remote authentication is not possible for remote registry queries, which is a pity. We’re still stuck to a .NET class which cannot authenticate in a different security context…
Carlo
Sorry mate, forgot the ” | select -Last 10 | ” in the WQL. Can you please update ?
Thx