How Can I Determine When the Last Patch From Windows Update was Applied?

Hey, Scripting Guy! Question

Hey, Scripting Guy! How can I determine when the last patch from Windows Update was applied?

— JP

SpacerHey, Scripting Guy! AnswerScript Center

Hey, JP. You know, you picked a good time to ask this question; that’s because we just published a Tales from the Script column that introduces scripters to the Windows Update object model, and provides a number of sample scripts for managing Automatic Updates. And while the article doesn’t have a script that returns information for just the last update applied to a computer, well, it was easy enough to come up with one:

Set objSession = CreateObject(“Microsoft.Update.Session”)
Set objSearcher = objSession.CreateUpdateSearcher

Set colHistory = objSearcher.QueryHistory(0, 1)

For Each objEntry in colHistory
Wscript.Echo “Title: ” & objEntry.Title
Wscript.Echo “Update application date: ” & objEntry.Date
Next


What’s going on in this little script? Funny you should ask: we were just about to explain that. We begin by creating an instance of the Microsoft.Update.Session object. Once we have that object in hand we can call the CreateUpdateSearcher method. This gives us an instance of the Searcher object, an object that enables us to search through all the updates that have been applied to a computer. Which is exactly the thing we want to do.


Next we use the QueryHistory method to retrieve the desired updates:

Set colHistory = objSearcher.QueryHistory(0, 1)

As you can see, in this script we pass QueryHistory two parameters: 0 and 1. The 0 tells the script to begin its search with record 0 in the update history; the 1 tells the script to stop its search after record 1. (That is, before it gets to record 2.) Why do we do that? Well, updates are stored in reverse chronological order, with the most recent update being record 0 and the very first update ever applied being the last record in the collection. Because we want information about only the most recent update, we can make the script run a tad bit faster by limiting the returned data to just that one record.







Note. We should point out that it’s very easy to retrieve the complete update history for a computer; in fact, the Tales from the Script column includes a script that does just that.



After calling the QueryHistory method we’ll get back a collection (named colHistory) consisting of a single item, an item which just happens to represent the last update that was applied to the computer. All that’s left now is to walk through that collection (and, yes, technically it’s still a collection even though it contains just one item) and echo the title of the update and the date the update was applied:

For Each objEntry in colHistory
Wscript.Echo “Title: ” & objEntry.Title
Wscript.Echo “Update application date: ” & objEntry.Date
Next

In other words, tell us the last time Windows Update did something to this particular computer.


Incidentally, the Windows Update object model is a mixed-bag: some of the objects can be created on – and thus used against – remote computers while others can’t. Fortunately, this happens to be a script that will run against a remote machine. To do that you simply need to add the remote computer name as the second parameter to CreateObject. For example, this line of code causes the script to run against the remote computer atl-dc-01:

Set objSession = CreateObject(“Microsoft.Update.Session”, “atl-dc-01”)

And the complete script for retrieving the last update from atl-dc-01 would thus look like this:

Set objSession = CreateObject(“Microsoft.Update.Session”, “atl-dc-01”)
Set objSearcher = objSession.CreateUpdateSearcher

Set colHistory = objSearcher.QueryHistory(1, 1)

For Each objEntry in colHistory
Wscript.Echo “Title: ” & objEntry.Title
Wscript.Echo “Update application date: ” & objEntry.Date
Next


And people think that patch management is hard. Not anymore!