Solved

How to list server which needs to be updated with WIndows Update and the total patch required ?

Posted on 2014-12-28
10
271 Views
Last Modified: 2015-01-12
Folks,

Can anyone here please suggest me with the powershell script of which server in a certain OU location that needs to be update with Windows Update and the total number of patch required?

here's my partial script:
# This script shows the last time that a successfull Windows Update was installed.
cls
#add-PSSnapin quest.activeroles.admanagement
$OnlineServers = @()

Get-QADComputer -SearchRoot 'domain.com/Data Center Servers' -OSName "Windows*Server*" | where {$_.accountisdisabled -eq $false} | % {
 
  $PingResult = Get-WmiObject -Query "SELECT * FROM win32_PingStatus WHERE address='$($_.Name)'"
 
  If ($PingResult.StatusCode -eq 0) {
     # Add the current name to the array
    $OnlineServers += "$($_.Name)"
  }
}

foreach ($Server in $OnlineServers ) {
            $key = “SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install”
            $keytype = [Microsoft.Win32.RegistryHive]::LocalMachine
            $RemoteBase = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($keytype,$Server)
            $regKey = $RemoteBase.OpenSubKey($key)
            $KeyValue = $regkey.GetValue(”LastSuccessTime”)
      
            $System = (Get-Date -Format "yyyy-MM-dd hh:mm:ss")
                  
            if      ($KeyValue -lt $System)      {
                  Write-Host " "
                  Write-Host $Server "Last time updates were installed was: " $KeyValue
            }
}

I was able to compile and modify the script to get the latest update applied but not the amount of Updates that is needed and then export the result to .CSV file.

Thanks.
0
Comment
  • 5
  • 4
10 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40521458
Why not just use WSUS and its inbuilt reporting? Its free and it works.
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 500 total points
ID: 40521675
Agree with Neilsr. I would recommend you just use WSUS as it has the ability to do what you are asking for and more.

Here's a guide for deploying WSUS on a Windows 2012/2012 R2 machine if you're interested in going down this route: http://technet.microsoft.com/en-us/library/hh852340.aspx

If you're set on sticking with PowerShell though you can have a look at this script. I haven't tested this myself but it seems to be able to do what you need it to do. You may even be able to take some sections out of the script and adapt it to your own.

All other PowerShell scripts I've found check the WSUS server for missing updates which probably doesn't help you in this scenario.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40521700
Thanks guys.
Do I have to execute that script on my wsus server ?

Or can I execute that code in my powerGUI console on my laptop ?
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40521704
Wait - do you or do you not currently have a WSUS server as that changes the scope of the question significantly?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40521722
Yes I do.
But only wsus 3.0 sp2
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 500 total points
ID: 40521729
In that case have a look at this script, as the previous script I linked checks against the actual Windows Update website and not your local WSUS server.

The same creator of this script has also created a very cool GUI which works quite nicely. See this article if you're interested: http://blogs.technet.com/b/heyscriptingguy/archive/2011/08/13/use-powershell-to-audit-and-install-windows-patches.aspx
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40521744
OK do i need to import some power shell module on my laptop before running on the powerGUI console ?
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40521754
Sorry I'm not familiar with PowerGUI so I can't answer that question. What I can tell you though is that you need to dot-source the script before running it. To do this you simply type in PowerShell . C:\Scripts\Get-PendingUpdate.ps1 (note the dot before the path to the PS1 file).

You will then be able to use the Get-PendingUpdate cmdlet in PowerShell to check for pending updates.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40521763
Ah ok, powerGUI console is a freeware Powershell IDE.

So I assume that there is no need to do DLL import or load some assembly before running the script ?
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 500 total points
ID: 40521766
Yep I know of PowerGUI, just never used it so I can't give you any solid info on it :)

No need to load any modules before running the script, you just need to dot-source the script first as mentioned previously (also mentioned on the script download page) in order to load the functions into memory, otherwise the Get-PendingUpdate cmdlet won't work as expected.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

This script checks a path to see if a folder exists. If the folder does exist you will get output "The folder has previously been created. No action taken" If not it will create the folder. Then adds one user modify permission to the folder. It …
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
The viewer will learn how to dynamically set the form action using jQuery.
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now