Q. How can I have a script check if a certain patch is installed?

A. PowerShell 2.0 contains the get-hotfix cmdlet, which is an easy way to check if a given hotfix is installed on the local computer or a remote computer. An example of the basic syntax is

get-hotfix -id KB974332

On my machine, that command returns

Source       Description  HotFixID  InstalledBy         InstalledOn
------       -----------  --------  -----------         -----------
SAVDALWKS01  Update       KB974332  NT AUTHORITY\SYSTEM 9/23/2009 12:00:00 AM

If the fix isn't installed, an error will be returned.

To check a remote computer, add the -computername parameter. For example,

get-hotfix -id KB974332 -computername savdalvs01

produces the following output.

Source       Description  HotFixID  InstalledBy          InstalledOn
------       -----------  --------  -----------          -----------
SAVDALVS01   Update       KB974332  SAVILLTECH\Admini... 1/16/2010 12:00:00 AM

You can even add an action to perform if the fix isn't installed, such as writing the computer name to a text file:

if (!(get-hotfix -id KB974332 -computername savdalvs01
)) \{ add-content $_ -path Missing-KB974332.txt \}

If you have a list of computer names, you can pass it to a command to check multiple machines. For example:

get-content computers.txt | foreach \{ if (!(get-hotfix -id KB974332
-computername $_)) \{ add-content $_ -path Missing-KB974332.txt \}\}

would produce the following:

Get-HotFix : This command cannot find hot-fix on the machine 'savdaldc11'.
Verify the input and Run your command again.
At line:1 char:55
+ get-content computers.txt | foreach \{ if (!(get-hotfix <<<<
-id KB974332 -computername $_)) \{ add-content $_ -path M
issing-KB974332.txt \}\}
+ CategoryInfo : ObjectNotFound: (:) \[Get-HotFix\], ArgumentException
+ FullyQualifiedErrorId : GetHotFixNoEntriesFound,Microsoft.PowerShell

Note in the above that I received an error that the fix is missing from savdaldc11, because that server is missing the update.

My computers.txt file has the following content (nothing but computer names).


Obviously, you can manipulate the commands to do any combination that you want, including checking for multiple hotfixes.

Related Reading:

Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.