Skip navigation
Menu
Security

Q. How can I have a script check if a certain patch is installed?

A. PowerShell 2.0 contains the get-hotfix cmdlet, which is an easy way to check if a given hotfix is installed on the local computer or a remote computer. An example of the basic syntax is

get-hotfix -id KB974332

On my machine, that command returns 

Source       Description  HotFixID  InstalledBy         InstalledOn
------       -----------  --------  -----------         -----------
SAVDALWKS01  Update       KB974332  NT AUTHORITY\SYSTEM 9/23/2009 12:00:00 AM

If the fix isn't installed, an error will be returned.

To check a remote computer, add the -computername parameter. For example, 

get-hotfix -id KB974332 -computername savdalvs01

produces the following output.

Source       Description  HotFixID  InstalledBy          InstalledOn
------       -----------  --------  -----------          -----------
SAVDALVS01   Update       KB974332  SAVILLTECH\Admini... 1/16/2010 12:00:00 AM

You can even add an action to perform if the fix isn't installed, such as writing the computer name to a text file:

if (!(get-hotfix -id KB974332 -computername savdalvs01
)) \{ add-content $_ -path Missing-KB974332.txt \}

If you have a list of computer names, you can pass it to a command to check multiple machines. For example:

get-content computers.txt | foreach \{ if (!(get-hotfix -id KB974332
-computername $_)) \{ add-content $_ -path Missing-KB974332.txt \}\}

would produce the following:

Get-HotFix : This command cannot find hot-fix on the machine 'savdaldc11'.
Verify the input and Run your command again.
At line:1 char:55
+ get-content computers.txt | foreach \{ if (!(get-hotfix <<<<
-id KB974332 -computername $_)) \{ add-content $_ -path M
issing-KB974332.txt \}\}
+ CategoryInfo : ObjectNotFound: (:) \[Get-HotFix\], ArgumentException
+ FullyQualifiedErrorId : GetHotFixNoEntriesFound,Microsoft.PowerShell
.Commands.GetHotFixCommand

Note in the above that I received an error that the fix is missing from savdaldc11, because that server is missing the update.

My computers.txt file has the following content (nothing but computer names).

savdalwks01
savdaldc10
savdaldc11
savdalvs01
savdalvs02
savdalvs03

Obviously, you can manipulate the commands to do any combination that you want, including checking for multiple hotfixes.

Related Reading:



Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.
TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024
cleaning products
6 Essential Steps for Spring Cleaning Your Website
Mar 21, 2024