Are All of My Servers Really Up to Date?


SecurityGood


With a single command you can pull a list of all installed updates. Use this to compare patch levels on all systems so you can easily target those not meeting the bar.


We start with simple commands, then build on these to create robust queries with optional CSV and HTML formatting. I think of these commands, which I use on a daily basis, as basics for my Toolkit. If you don’t have a Toolkit I suggest you create one now. Place your often used tools in a folder such as ‘C:\Toolkit’ so that they are always at hand. Grab the first five items under ‘Top 10 Downloads’ from Sysinternals.com to round out your basics.



speechuxcpl.dll_I03b8_0409TIP:  Go one step further and sign up for a Live Mesh account with your Windows Live ID. With this you can  keep your Toolkit directory, and other directories, synched up across all machines you designate. The folders will be available privately online as well. Further, remote control is built-in for all Mesh enabled systems. Sweet! Clearly remote capabilities are geared more towards workstations than servers, but I use it for both.Live_Mesh



And yeah, it’s free. Get started here.


 



 


Basic Commands


Warm up by opening an elevated command prompt on your SCVMM server (or any server for that matter). If your command window does not show ‘Administrator:’ as below, you are not running an elevated console.


Command_Admin


> Single command to pull updates.
wmic qfe


http://support.microsoft.com/?kbid=963660  VMM2008R2-03  Update                        KB963660
                       NT AUTHORITY\SYSTEM  2/26/2009
http://support.microsoft.com/?kbid=967062  VMM2008R2-03  Update                        KB967062
                       NT AUTHORITY\SYSTEM  2/26/2009


You should see a torrent of information scroll through the command window. This is a list of all QFEs (Hotfixes and Updates) installed, along with a good bit of extraneous info.


> Now let’s work on formatting. This is my everyday method.
wmic qfe list brief


Update                        KB963660                                 NT AUTHORITY\SYSTEM  2/26/2009
Update                        KB967062                                 NT AUTHORITY\SYSTEM  2/26/2009


Now some of the noise is removed and it is easier to read the list of updates.


speechuxcpl.dll_I03b8_0409



TIP:  Is KBXXXXXX installed on this system?!? I can only remember the last three digits of the update anyway… Easy to check. Just pipe your output to ‘find.’


wmic qfe list brief | find /i “660”


Update                        KB963660                                 NT AUTHORITY\SYSTEM  2/26/2009


Apparently it is installed. Nice.


> This is good, but we can do better.
wmic qfe get csname,hotfixid,description


VMM2008R2-03  Update           KB963660
VMM2008R2-03  Update           KB967062


Now we’re getting somewhere. We’ve selected the header for only those columns we are interested in and have returned a clean list of updates along with the system name.


This much you can keep in your head. You might want to create a batch file for items in the next section.


 



 


Advanced Queries


Now that you’ve waded into the deep end let’s perform some real work. These are the commands to place in a batch file for your Toolkit. The steps below assume you have already created a ‘C:\Temp’ directory on your system. CSName is not required for the next two commands; it is implied.


> Create a CSV file from the output.
wmic /output:c:\temp\qfe.csv QFE GET HotFixID,Description /format:csv


The resulting CSV file lists these items, ready to be opened in Excel: Node,Description,HotFixID


> CSV files are not as interesting as HTML, so let’s shift output formats.
wmic /output:c:\temp\qfe.html QFE GET HotFixID,Description /format:htable


Now you have a clean multicolored table with results, complete with column headers.



Remote Systems


The only thing left to do is perform this same work on remote machines. First a single machine, then a list of systems. Replace <remotesystem> with your remote system name. Note that we add CSName to pull the remote name.


> List remote system updates.
wmic /node:”<remotesystem>” /output:c:\temp\qfe_remote.html QFE GET CSName,HotFixID,Description /format:htable


If this did not work for you keep in mind that you must be an administrator on the remote machine, and Remote Management must be enabled.


> Finally, let’s feed a list of server names and create a single HTML file. Create a file named ‘serverlist.txt’ with one system per line.
wmic /node:@serverlist.txt /output:c:\temp\qfe_serverlist.html QFE GET CSName,HotFixId,Description /format:htable


That’s it. You should have a table similar to this.WMI_POST



Enjoy your new tools. Thanks for reading!


 


For further reference:


MSDN – WMI Command Line Tools
http://msdn.microsoft.com/en-us/library/aa394531.aspx


 


 

Comments (5)

  1. Wisefaq says:

    Some of the /format commands return a "Invalid XSL format (or) file name." under Windows 7 RC1.

    Works fine on WinXP though, thanks for writing the post.

  2. phat_gz says:

    Hi there,

    awesome first hints and steps to script individual Reports for installed updates.

    Will try it out for comparing with an actual list of available HyperV/SCVMM-Updates.

    Thanks a lot!

  3. JB says:

    this misses the windows malicious software removal tool (KB890830)

    and some .NET updates (KB2836939, KB2836940, KB2836941)

    – note that I also could not find KB890830 in a registry search, whereas I could find other KBs