It is a fact of life for any help desk or support professional that managing patches, updates and hot fixes is an important and often critical task. The challenge, especially during a critical event like a rampant malware exploit, is to identify where a particular hot fix is installed and more importantly, where it is not. How do you check not only one computer but 100 computers?
When an update or hotfix, and there is a distinction, is installed on a Microsoft Windows platform, it is recorded by Windows Management Instrumentation (WMI). The specific class is Win32_QuickFixEngineering. In the past, you might have relied on VBScript to create complex scripts to determine what hot fixes were installed on a given computer. With the arrival of Windows PowerShell, we were given a better alternative with the Get-WMIObject cmdlet. PowerShell 2.0 introduced a new tool that leverages WMI, making this even easier: Get-HotFix.
The Get-HotFix cmdlet makes finding installed hot fixes and patches a snap. On any computer running PowerShell 2.0, all you need to do is run the cmdlet to retrieve a collection of hot-fix objects.
PS C:\> get-hotfix
Source Description HotFixID InstalledBy InstalledOn ------ ----------- -------- ----------- ----------- QUARK Update KB958830 QUARK\Jeff 7/6/2010 12:…
QUARK Security Update KB2079403 QUARK\Jeff 8/17/2010 12…
QUARK Update KB2158563 NT AUTHORITY\... 10/7/2010 12…
While this looks like a text list, it is actually a collection of Win32_QuickFixEngineering objects. This means you can use standard PowerShell cmdlets to sort or filter these objects. You can retrieve hot fixes by description as well as query one or more remote computers, even using alternate credentials.
PS C:\> $updates=get-hotfix -description "Security Update" -ComputerName desk01 >>-cred jdhitsolutions\administrator PS C:\> $updates.count 42 PS C:\> $updates[0] Source Description HotFixID InstalledBy InstalledOn ------ ----------- -------- ----------- ----------- DESK01 Security Update KB2032276 NT AUTHORITY\SYSTEM 7/19/2010 12:00:00 AM
You can also see me demonstrate these Get-HotFix PowerShell commands in this video.
The bottom line is that is now very easy to identify what hotfixes, patches and updates are installed on computers in your network using Windows PowerShell and Get-HotFix. You can query 10 or 100 computers just as easily as you can query 1. You can create reports ranging from simple text files to complex HTML reports. Naturally, the more PowerShell you know the farther you can take this topic, but you can accomplish a great deal right from the command prompt with no scripting.
In this article I go more in depth into Get-HotFix and the PowerShell commands you need.
Did these commands help you with your hot fix patching?
Comments