Has your hotfix been installed?

Posted on by

Of course you may wonder, why do you not use SCCM or WSUS to check if your software was installed successfully. Sadly when working in an enterprise environment you do not always have access to all the tooling you require, even though you have administrator access to the servers you need to manage.

Recently I was asked if I could scan all our Hypervisors to see if the latest December update rollup was installed, and if possible to mail it to the team’s functional mailbox.

This resulted in the following simple script:

Function CheckHotfix {
<#
.SYNOPSIS
Checks if Microsoft hotfixes are installed against KB numbers (reports if missing).
.DESCRIPTION
The CheckHotfix will check the hosts against the list of KB numbers.
If a KB number is not found it will be reported back to you.
Please make use of the -verbose switch to see information of what the script is handling.
.PARAMETER Server 
A single Servername, or an array of multiple Servers, this field is mandatory.
.PARAMETER KBnumbers 
One or multiple KB numbers, this field is mandatory.
.EXAMPLE
Scan 1 server for a KB number
CheckHotfix -Server "Server01" -KBnumbers "292929"
.EXAMPLE
Scan multiple servers for FC Card information
$computernames = (Get-scvmhost).computername
$kbnumbers = "292929 - doesnt exist","KB3013769 - Update Rollup December 2014"
CheckHotfix -Server $computernames -KBnumbers $kbnumbers
.NOTES
You need to be local administrator on the Server(s) you are querying.
This script was written by Danny den Braver @2015, for questions please contact danny@denbraver.com
#>
[CmdletBinding(SupportsShouldProcess=$true)]
param([array][Parameter(Mandatory=$true)]$Server,
      [array][Parameter(Mandatory=$true)]$KBnumbers)

ForEach ($Server_ in $Server){
    #Test Connection availability and continue if $true
    $testconnection = Test-Connection $Server_ -Quiet
    if ($testconnection -eq $true){
        Write-Verbose -Message "Scanning: KB Article for server $Server_"
        foreach ($kbnumber in $KBnumbers){
            $kba = $null
            $kbnumbersmall = ($kbnumber.split(" "))[0]
            $kba = Get-WmiObject -ComputerName $Server_ -query 'select * from win32_quickfixengineering' |  ? {$_.hotfixid -contains $kbnumbersmall}
            if ($kba -eq $null){
                $Server_ | select @{Name="Computername"; Expression={$Server_}},
                @{Name="Productionlevel"; Expression={(Get-WmiObject Win32_environment -computername $server_ | ? {$_.name -eq "Productionlevel"}).variablevalue}},
                @{Name="Not Installed"; Expression={$kbnumber}}
            }
        }
    }
    else {Write-Warning "Cannot connect to $Server_"}
}

}

Now you only need to add your results to an email message using “send-MailMessage”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.