Author Posts

May 17, 2017 at 7:50 am

Hi Admins,

I would like to have a powershell script that scans my servers for patches and give me a list which I can work from.
Im having trouble to understand how I can get the servername next to my patch info.
This is what I have so far.
Advice ?

$servers = Get-adcomputer -filter {((name -like "t-web*") -or (name -like "crs*")) } | select name -ExpandProperty name

$session = New-PSSession -ComputerName $servers
Invoke-Command -ScriptBlock {
$hotfixes = "KB4012212", "KB4012212", "KB4012213", "KB4012213", "KB4012214", "KB4012215", "KB4012215", "KB4012216", "KB4012216", "KB4012217", "KB4012219", "KB4012220", "KB4012598", "KB4012598", "KB4012598", "KB4012598", "KB4012598", "KB4012606", "KB4013198", "KB4013429", "KB4013429", "KB4015217", "KB4015438", "KB4015549", "KB4015550", "KB4015550", "KB4015551", "KB4015553", "KB4015554", "KB4016635", "KB4019215", "KB4019215", "KB4019216", "KB4019264", "KB4019264", "KB4019472"

$hotfix = Get-HotFix | Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object -property "HotFixID"

if (Get-HotFix | Where-Object {$hotfixes -contains $_.HotfixID}) { "Found HotFix: " + $hotfix.HotFixID }
else { "Did not Find HotFix" }

} -Session $session
#Disconnect all sessions
Remove-PSSession $session

May 17, 2017 at 10:50 am

one of dozen possible variants

Invoke-Command -ScriptBlock {
 $hotfixes = "KB4012212", "KB4012212", "KB4012213", "KB4012213", "KB4012214", "KB4012215", "KB4012215", "KB4012216", "KB4012216", "KB4012217", "KB4012219", "KB4012220", "KB4012598", "KB4012598", "KB4012598", "KB4012598", "KB4012598", "KB4012606", "KB4013198", "KB4013429", "KB4013429", "KB4015217", "KB4015438", "KB4015549", "KB4015550", "KB4015550", "KB4015551", "KB4015553", "KB4015554", "KB4016635", "KB4019215", "KB4019215", "KB4019216", "KB4019264", "KB4019264", "KB4019472" 

$idlist = Get-HotFix | Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object -expandproperty "HotFixID"
foreach ($fixid in $hotfixes) {
  if ($idlist -contains $fixid) { "$ENV:ComputerName connains $fixid " }
  else { "$ENV:ComputerName not connains $fixid " }
}
} -Session $session

May 17, 2017 at 11:32 am

Hi Max,

Thanks for the swift reply.
One step forward, but with your script I get information if a server is missing any of the patches.
If any of the patches in $hotfix is installed the server is ok.

You understand what mean? Something you could help me with?

Output from "your" script

WEB03-01 connains KB4019215
WEB03-01 connains KB4019215
WEB03-01 not connains KB4019216
WEB03-01 not connains KB4019264
WEB03-01 not connains KB4019264
WEB03-01 not connains KB4019472

Regards
JOhan

May 17, 2017 at 12:13 pm

np

Invoke-Command -ScriptBlock {
$hotfixes = "KB4012212", "KB4012212", "KB4012213", "KB4012213", "KB4012214", "KB4012215", "KB4012215", "KB4012216", "KB4012216",
"KB4012217", "KB4012219", "KB4012220", "KB4012598", "KB4012598", "KB4012598", "KB4012598", "KB4012598", "KB4012606", "KB4013198",
"KB4013429", "KB4013429", "KB4015217", "KB4015438", "KB4015549", "KB4015550", "KB4015550", "KB4015551", "KB4015553", "KB4015554",
"KB4016635", "KB4019215", "KB4019215", "KB4019216", "KB4019264", "KB4019264", "KB4019472"

 $idlist = Get-HotFix | Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object -expandproperty "HotFixID"
 $foundfix = ''
 foreach ($fixid in $hotfixes) {
   if ($idlist -contains $fixid) { $foundfix = $fixid; break }
 }
 if ($foundfix -eq '') { "$ENV:ComputerName contains no fixes"  } else { "$ENV:ComputerName contains $foundfix " }
} -Session $session

May 17, 2017 at 12:22 pm

Works like a charm!
Many thanks!

//Johan

May 17, 2017 at 12:30 pm

Arrrrggg! your script works great but now I ran into another problem.
According to script many of my servers don't have any of the patches installed.

When I log into the servers and run get-hotfix I don't see the latest hotfixes..
But if I use the gui I can see that they are in fact installed.

Must be some kind of bug.
Time to google.

May 17, 2017 at 12:43 pm

may be superceded ?
and may be you need a WSUS ?
there is a excelent module for wsus https://github.com/proxb/PoshWSUS

May 17, 2017 at 1:21 pm

Not superseded
Wish I could upload an image but I don't find any option to do so?
Seems to be many others who have the same problem, on random servers the installdate property is blank and therefor you dont see the patches when you run get-hotfix (if I understand it correctly)
Have no idea why.

Anyway , with your script I've saved many hours 🙂

Regards
JOhan