PowerShell Basics: Retrieve All The Security Patches Installed On A Server Since A Specific Date

I recently needed to acquire a list of all the security patches installed on a group of servers within the last year. I discovered that there is a WMI class for this which makes it super easy to retrieve this info.

  get-wmiobject win32_quickfixengineering -ComputerName $CompName | ? { $_.InstalledOn -gt (get-date).addyears(-1) }

Within the win32_quickfixengineering class, you’ll find all the security patches installed on a system. One of the properties is the InstalledOn attribute which more recent than a year ago.

If you have a list of servers to do this for, this is still really easy.

 $svrs = @" 
server1 
server2 
server3 "@

$svrs.split("`n") | % { get-wmiobject win32_quickfixengineering -ComputerName $_.trim() | ? { $_.InstalledOn -lt (get-date).addyears(-1) } }

Simply paste them into a here-string and execute this for each of them.

PowerShell_Tips_Tricks_thumb.png