Are All of My Servers Really Up to Date?

SecurityGood

With a single command you can pull a list of all installed updates. Use this to compare patch levels on all systems so you can easily target those not meeting the bar.

We start with simple commands, then build on these to create robust queries with optional CSV and HTML formatting. I think of these commands, which I use on a daily basis, as basics for my Toolkit. If you don’t have a Toolkit I suggest you create one now. Place your often used tools in a folder such as ‘C:\Toolkit’ so that they are always at hand. Grab the first five items under ‘Top 10 Downloads’ from Sysinternals.com to round out your basics.

speechuxcpl.dll_I03b8_0409TIP:  Go one step further and sign up for a Live Mesh account with your Windows Live ID. With this you can  keep your Toolkit directory, and other directories, synched up across all machines you designate. The folders will be available privately online as well. Further, remote control is built-in for all Mesh enabled systems. Sweet! Clearly remote capabilities are geared more towards workstations than servers, but I use it for both.Live_Mesh

And yeah, it’s free. Get started here.

 


 

Basic Commands

Warm up by opening an elevated command prompt on your SCVMM server (or any server for that matter). If your command window does not show ‘Administrator:’ as below, you are not running an elevated console.

Command_Admin

> Single command to pull updates.
wmic qfe

https://support.microsoft.com/?kbid=963660  VMM2008R2-03  Update                        KB963660
                       NT AUTHORITY\SYSTEM  2/26/2009
https://support.microsoft.com/?kbid=967062  VMM2008R2-03  Update                        KB967062
                       NT AUTHORITY\SYSTEM  2/26/2009

You should see a torrent of information scroll through the command window. This is a list of all QFEs (Hotfixes and Updates) installed, along with a good bit of extraneous info.

> Now let's work on formatting. This is my everyday method.
wmic qfe list brief

Update                        KB963660                                 NT AUTHORITY\SYSTEM  2/26/2009
Update                        KB967062                                 NT AUTHORITY\SYSTEM  2/26/2009

Now some of the noise is removed and it is easier to read the list of updates.

speechuxcpl.dll_I03b8_0409

TIP:   Is KBXXXXXX installed on this system?!? I can only remember the last three digits of the update anyway… Easy to check. Just pipe your output to ‘find.’

wmic qfe list brief | find /i "660"

Update                        KB963660                                 NT AUTHORITY\SYSTEM  2/26/2009

Apparently it is installed. Nice.

> This is good, but we can do better.
wmic qfe get csname,hotfixid,description

VMM2008R2-03  Update           KB963660
VMM2008R2-03  Update           KB967062

Now we're getting somewhere. We've selected the header for only those columns we are interested in and have returned a clean list of updates along with the system name.

This much you can keep in your head. You might want to create a batch file for items in the next section.

 


 

Advanced Queries

Now that you've waded into the deep end let's perform some real work. These are the commands to place in a batch file for your Toolkit. The steps below assume you have already created a ‘C:\Temp’ directory on your system. CSName is not required for the next two commands; it is implied.

> Create a CSV file from the output.
wmic /output:c:\temp\qfe.csv QFE GET HotFixID,Description /format:csv

The resulting CSV file lists these items, ready to be opened in Excel: Node,Description,HotFixID

> CSV files are not as interesting as HTML, so let's shift output formats.
wmic /output:c:\temp\qfe.html QFE GET HotFixID,Description /format:htable

Now you have a clean multicolored table with results, complete with column headers.


Remote Systems

The only thing left to do is perform this same work on remote machines. First a single machine, then a list of systems. Replace <remotesystem> with your remote system name. Note that we add CSName to pull the remote name.

> List remote system updates.
wmic /node:"<remotesystem>" /output:c:\temp\qfe_remote.html QFE GET CSName,HotFixID,Description /format:htable

If this did not work for you keep in mind that you must be an administrator on the remote machine, and Remote Management must be enabled.

> Finally, let's feed a list of server names and create a single HTML file. Create a file named 'serverlist.txt' with one system per line.
wmic /node:@serverlist.txt /output:c:\temp\qfe_serverlist.html QFE GET CSName,HotFixId,Description /format:htable

That's it. You should have a table similar to this.WMI_POST


Enjoy your new tools. Thanks for reading!

 

For further reference:

MSDN - WMI Command Line Tools
https://msdn.microsoft.com/en-us/library/aa394531.aspx

Comments

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    PingBack from http://microsoft.linkedz.info/2009/04/21/are-all-of-my-servers-really-up-to-date/

  • Anonymous
    January 01, 2003
    thank you

  • Anonymous
    December 21, 2010
    Hi there, awesome first hints and steps to script individual Reports for installed updates. Will try it out for comparing with an actual list of available HyperV/SCVMM-Updates. Thanks a lot!

  • Anonymous
    June 24, 2013
    this misses the windows malicious software removal tool (KB890830) and some .NET updates (KB2836939, KB2836940, KB2836941)

  • note that I also could not find KB890830 in a registry search, whereas I could find other KBs