0

How to get a list of all available patches/hotfixes for any given Windows platform? What I would like to do is:

  • Get a list of already deployed patches (using something like wmic qfe list full /format:htable >C:\hotfixes.htm)
  • Get a list of all available patches for that platform

Compare the two to see if anything of importance is missing.

Help much appreciated!

Konrads
  • 870
  • 2
  • 20
  • 40
  • 1
    Why not use WSUS? It seems overkill to roll your own solution when WSUS is free and already does this plus more (not much more, but some). – John Homer Mar 23 '12 at 15:06
  • @john-homer Not everything has a WSUS attached to it. Think of stand-alone installations. – Konrads Nov 26 '13 at 13:29
  • I know this is old, but I've been away. WSUS works with standalone (workgroup) hosts as well. You just have to manually set the registry entries instead of having Group Policy push them out. – John Homer Apr 25 '14 at 11:52

3 Answers3

1

Don't think I'd care about knowing the difference, I'd just make sure that you are periodically hitting a wsus server of some sort download/install/reboot monthly... Other then that I've used http://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc with a -whatif and it kinda gives you the info you are looking for.

tony roth
  • 3,884
  • 18
  • 14
1

I'd recommend running a Microsoft Baseline Security Analyzer scan on the system - it'll report on missing updates.

Download it here.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
-1

If you have PowerShell, such a query is fairly simple.

Get-WmiObject -query 'select * from win32_quickfixengineering'

PowerShell is installed by default in modern Windows, and you can download for older ones such as Windows XP.

jscott
  • 24,484
  • 8
  • 79
  • 100
johnshen64
  • 5,865
  • 24
  • 17
  • he already has that portion done, doesn't tell him what he needs. – tony roth Mar 23 '12 at 15:10
  • OP asked: How to get a list of all available patches/hotfixes for any given Windows platform? I don't think PS can do this. – John Homer Mar 23 '12 at 15:11
  • yes powershell can get the list of AVAILABLE patches its just not a simple wmi call, see my post. – tony roth Mar 23 '12 at 15:14
  • That's awesome Tony! It appears someone has already done all of the heavy lifting. It should be a simple matter to put together a script that does exactly what he's asking for using this module. I'll see if I can't find some spare time and whip something up. – John Homer Mar 23 '12 at 15:18