Use PowerShell to Quickly Find Installed Software

Summary: Learn how to use Windows PowerShell to quickly find installed software on local and remote computers.

 

Microsoft Scripting Guy Ed Wilson here. Guest Blogger Weekend concludes with Marc Carter. The Scripting Wife and I were lucky enough to attend the first PowerShell User Group meeting in Corpus Christi, Texas. It was way cool, and both Marc and his wife Pam are terrific hosts. Here is what Marc has to say about himself.

I am currently a senior systems administrator with the Department of the Army. I started in the IT industry in 1996 with DOS and various flavors of *NIX. I was introduced to VBScript in 2000, and scripting became a regular obsession sometime in 2005. In 2008, I made the move to Windows PowerShell and have never looked back. My daily responsibilities keep me involved with Active Directory, supporting Microsoft Exchange, SharePoint, and various ASP.NET applications. In 2011, I founded the Corpus Christi PowerShell User Group and try to help bring others up to speed on Windows PowerShell. 

Take it away, Marc!

 

One of the life lessons I have learned over the years working in the IT field as a server administrator is that there are often several different valid responses to a situation. It’s one of the things that makes work interesting. Finding the “best” solution to a problem is one of the goals that I think drives many people who are successful at what they do. Occasionally, the best solution is the path of least resistance.

This is one things I love most about working with Windows PowerShell (and scripting in general) is that most problems have more than one solution. Sometimes the “right” way to do something comes down to a matter of opinion or preference. However, sometimes the best solution is dictated by the environment or requirements you are working with.

For instance, let us talk about the task of determining which applications are installed on a system. If you’re familiar with the Windows Management Instrumentation (WMI) classes and the wealth of information that can be gathered by utilizing the Get-WmiObject cmdlet, an obvious choice might be referencing the Win32_product class. The Win32_Product represents products as they are installed by Windows Installer. It is a prime example of many of the benefits of WMI. It contains several useful methods and a variety of properties. At first glance, Win32_Product would appear to be one of those best solutions in the path of least resistance scenario. A simple command to query Win32_Product with the associated output is shown in the following image.

Image of command to query Win32_Product

The benefits of this approach are:

  • This is a simple and straightforward query: Get-WmiObject -Class Win32_Product.
  • It has a high level of detail (for example, Caption, InstallDate, InstallSource, PackageName, Vendor, Version, and so on).

However, because we are talking about alternative routes, let us look at another way to get us to arrive at the same location before we burst the bubble on Win32_Product. Remember, we are simply looking for what has been installed on our systems, and because we have been dealing with WMI, let’s stay with Get-WmiObject, but look at a nonstandard class, Win32Reg_AddRemovePrograms

What is great about Win32Reg_AddRemovePrograms is that it contains similar properties and returns results noticeably quicker than Win32_Product. The command to use this class is shown in the following figure.

Image of command to use Win32Reg_AddRemovePrograms

Unfortunately, as seen in the preceding figure, Win32Reg_AddRemovePrograms is not a standard Windows class. This WMI class is only loaded during the installation of an SMS/SCCM client. In the example above, running this on my home laptop, you will see the “Invalid class” error if you try querying against it without an SMS/SCCM client installation. It is possible (as Windows PowerShell MVP Marc van Orsouw points out) to add additional keys to WMI using the Registry Provider, and mimic what SMS/SCCM does behind the scenes. Nevertheless, let us save that for another discussion.

One other possibly less obvious and slightly more complicated option is diving into the registry. Obviously, monkeying with the registry is not always an IT pro’s first choice because it is sometimes associated with global warming. However, we are just going to query for values and enumerate subkeys. So let’s spend a few moments looking at a method of determining which applications are installed courtesy of another Windows PowerShell MVP and Honorary Scripting Guy Sean Kearney (EnergizedTech). In a script that Sean uploaded to the Microsoft TechNet Script Center Repository, Sean references a technique to enumerate through the registry where the “Currently installed programs” list from the Add or Remove Programs tool stores all of the Windows-compatible programs that have an uninstall program. The key referred to is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall. The script and associated output are shown in the following figure.

Image of script and associated output

Here are the various registry keys:

#Define the variable to hold the location of Currently Installed Programs
  $UninstallKey=”SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall” 
#Create an instance of the Registry Object and open the HKLM base key
   $reg=[microsoft.win32.registrykey]::OpenRemoteBaseKey(‘LocalMachine’,$computername) 
#Drill down into the Uninstall key using the OpenSubKey Method
  $regkey=$reg.OpenSubKey($UninstallKey) 
#Retrieve an array of string that contain all the subkey names
  $subkeys=$regkey.GetSubKeyNames() 
#Open each Subkey and use the GetValue Method to return the string value for DisplayName for each

At this point, if you are anything like me, you are probably thinking, “I’ll stick with a one-liner and use Win32_Product.” But this brings us back to why we started looking at alternatives in the first place. As it turns out, the action of querying Win32_Product has the potential to cause some havoc on your systems. Here is the essence of KB974524.

The Win32_product class is not query optimized. Queries such as “select * from Win32_Product where (name like ‘Sniffer%’)” require WMI to use the MSI provider to enumerate all of the installed products and then parse the full list sequentially to handle the “where” clause:,

  • This process initiates a consistency check of packages installed, and then verifying and repairing the installations.
  • If you have an application that makes use of the Win32_Product class, you should contact the vendor to get an updated version that does not use this class.

On Windows Server 2003, Windows Vista, and newer operating systems, querying Win32_Product will trigger Windows Installer to perform a consistency check to verify the health of the application. This consistency check could cause a repair installation to occur. You can confirm this by checking the Windows Application Event log. You will see the following events each time the class is queried and for each product installed:

Event ID: 1035
Description: Windows Installer reconfigured the product. Product Name: <ProductName>. Product Version: <VersionNumber>. Product Language: <languageID>. Reconfiguration success or error status: 0.

Image of Event ID 1035

 

Event ID: 7035/7036
Description: The Windows Installer service entered the running state.

Image of Event ID 7036

 

Windows Installer iterates through each of the installed applications, checks for changes, and takes action accordingly. This would not a terrible thing to do in your dev or test environment. However, I would not recommend querying Win32_Product in your production environment unless you are in a maintenance window. 

So what is the best solution to determine installed applications? For me, it is reading from the registry as it involves less risk of invoking changes to our production environment. In addition, because I prefer working with the ISE environment, I have a modified version of Sean’s script that I store in a central location and refer back to whenever I need an updated list of installed applications on our servers. The script points to a CSV file that I keep up to date with a list of servers from our domain. 

$computers = Import-Csv “D:\PowerShell\computerlist.csv”

$array = @()

foreach($pc in $computers){

    $computername=$pc.computername

    #Define the variable to hold the location of Currently Installed Programs

    $UninstallKey=”SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall” 

    #Create an instance of the Registry Object and open the HKLM base key

    $reg=[microsoft.win32.registrykey]::OpenRemoteBaseKey(‘LocalMachine’,$computername) 

    #Drill down into the Uninstall key using the OpenSubKey Method

    $regkey=$reg.OpenSubKey($UninstallKey) 

    #Retrieve an array of string that contain all the subkey names

    $subkeys=$regkey.GetSubKeyNames() 

    #Open each Subkey and use GetValue Method to return the required values for each

    foreach($key in $subkeys){

        $thisKey=$UninstallKey+”\\”+$key 

        $thisSubKey=$reg.OpenSubKey($thisKey) 

        $obj = New-Object PSObject

        $obj | Add-Member -MemberType NoteProperty -Name “ComputerName” -Value $computername

        $obj | Add-Member -MemberType NoteProperty -Name “DisplayName” -Value $($thisSubKey.GetValue(“DisplayName”))

        $obj | Add-Member -MemberType NoteProperty -Name “DisplayVersion” -Value $($thisSubKey.GetValue(“DisplayVersion”))

        $obj | Add-Member -MemberType NoteProperty -Name “InstallLocation” -Value $($thisSubKey.GetValue(“InstallLocation”))

        $obj | Add-Member -MemberType NoteProperty -Name “Publisher” -Value $($thisSubKey.GetValue(“Publisher”))

        $array += $obj

    } 

}

$array | Where-Object { $_.DisplayName } | select ComputerName, DisplayName, DisplayVersion, Publisher | ft -auto

 

My modified version of Sean’s script creates a PSObject to hold the properties I am returning from each registry query, which then get dumped into an array for later use. When I am done, I simply output the array and pass it through a Where-Object to display only those entries with something in the DisplayName. This is handy because I can then refer back to just the array if I need to supply different output. Say I want to only report on a specific server. I’d change Where-Object to something like this:

Where-Object { $_.DisplayName -and $_.computerName -eq “thisComputer”} 

In conclusion, if you have added Windows PowerShell to your IT tool belt, you have plenty of go-to options when someone asks you, “What’s the best solution to a problem?”

 

Thank you, Marc, for writing this post and sharing with our readers

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

 

Ed Wilson, Microsoft Scripting Guy