How to list server which needs to be updated with WIndows Update and the total patch required ?


Can anyone here please suggest me with the powershell script of which server in a certain OU location that needs to be update with Windows Update and the total number of patch required?

here's my partial script:
# This script shows the last time that a successfull Windows Update was installed.
#add-PSSnapin quest.activeroles.admanagement
$OnlineServers = @()

Get-QADComputer -SearchRoot ' Center Servers' -OSName "Windows*Server*" | where {$_.accountisdisabled -eq $false} | % {
  $PingResult = Get-WmiObject -Query "SELECT * FROM win32_PingStatus WHERE address='$($_.Name)'"
  If ($PingResult.StatusCode -eq 0) {
     # Add the current name to the array
    $OnlineServers += "$($_.Name)"

foreach ($Server in $OnlineServers ) {
            $key = “SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install”
            $keytype = [Microsoft.Win32.RegistryHive]::LocalMachine
            $RemoteBase = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($keytype,$Server)
            $regKey = $RemoteBase.OpenSubKey($key)
            $KeyValue = $regkey.GetValue(”LastSuccessTime”)
            $System = (Get-Date -Format "yyyy-MM-dd hh:mm:ss")
            if      ($KeyValue -lt $System)      {
                  Write-Host " "
                  Write-Host $Server "Last time updates were installed was: " $KeyValue

I was able to compile and modify the script to get the latest update applied but not the amount of Updates that is needed and then export the result to .CSV file.

Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Neil RussellTechnical Development LeadCommented:
Why not just use WSUS and its inbuilt reporting? Its free and it works.
VB ITSSpecialist ConsultantCommented:
Agree with Neilsr. I would recommend you just use WSUS as it has the ability to do what you are asking for and more.

Here's a guide for deploying WSUS on a Windows 2012/2012 R2 machine if you're interested in going down this route:

If you're set on sticking with PowerShell though you can have a look at this script. I haven't tested this myself but it seems to be able to do what you need it to do. You may even be able to take some sections out of the script and adapt it to your own.

All other PowerShell scripts I've found check the WSUS server for missing updates which probably doesn't help you in this scenario.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks guys.
Do I have to execute that script on my wsus server ?

Or can I execute that code in my powerGUI console on my laptop ?
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

VB ITSSpecialist ConsultantCommented:
Wait - do you or do you not currently have a WSUS server as that changes the scope of the question significantly?
Senior IT System EngineerIT ProfessionalAuthor Commented:
Yes I do.
But only wsus 3.0 sp2
VB ITSSpecialist ConsultantCommented:
In that case have a look at this script, as the previous script I linked checks against the actual Windows Update website and not your local WSUS server.

The same creator of this script has also created a very cool GUI which works quite nicely. See this article if you're interested:
Senior IT System EngineerIT ProfessionalAuthor Commented:
OK do i need to import some power shell module on my laptop before running on the powerGUI console ?
VB ITSSpecialist ConsultantCommented:
Sorry I'm not familiar with PowerGUI so I can't answer that question. What I can tell you though is that you need to dot-source the script before running it. To do this you simply type in PowerShell . C:\Scripts\Get-PendingUpdate.ps1 (note the dot before the path to the PS1 file).

You will then be able to use the Get-PendingUpdate cmdlet in PowerShell to check for pending updates.
Senior IT System EngineerIT ProfessionalAuthor Commented:
Ah ok, powerGUI console is a freeware Powershell IDE.

So I assume that there is no need to do DLL import or load some assembly before running the script ?
VB ITSSpecialist ConsultantCommented:
Yep I know of PowerGUI, just never used it so I can't give you any solid info on it :)

No need to load any modules before running the script, you just need to dot-source the script first as mentioned previously (also mentioned on the script download page) in order to load the functions into memory, otherwise the Get-PendingUpdate cmdlet won't work as expected.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.