≡ Menu

Use power shell to get installed patches from windows box

Today, I will take you through some of the PowerShell one-liners which will help you in querying patches installed in your machine.
 List All installed patches:

 
 PS C:>gwmi Win32_QuickFixEngineering | select Description, Hotfixid

 List all patches that are installed in last 30 days:

 PS C:> gwmi Win32_QuickFixEngineering | ? {$_.InstalledOn} | where { (Get-date($_.Installedon)) -gt (get-date).adddays(-30) }

 List all patches installed on specific date:

 PS C:> gwmi Win32_QuickFixEngineering | ? {$_.InstalledOn} | where { (Get-date($_.Installedon)) -gt (get-date 10/31/2009) }

Query for a specific hotfix by providing hotfix ID(KB12345 format):

PS C:> gwmi Win32_QuickFixEngineering | ? {$_.HotfixID -match ” KB975025″ }

List all hotfixes installed by administrator account:

PS C:> gwmi Win32_QuickFixEngineering | ? {$_.InstalledBy -match “administrator” }

You can adopt the above queries and run against remote machine by passing the computer name shown like below.
 PS C:> gwmi Win32_QuickFixEngineering -Computer remotecomp | ? {$_.InstalledOn} | where { (Get-date($_.Installedon)) -gt (get-date).adddays(-30) }

Happy Learning,
Sitaram Pamarthi

Comments on this entry are closed.

  • Shaik October 8, 2011, 12:40 pm

    How can I get the details of last patch installed

    • Sitaram Pamarthi October 14, 2011, 4:30 pm

      Use this command to see last installed five patches.

      Get-HotFix | sort installedon -Descending | select -First 5

  • Robert April 19, 2012, 12:49 am

    This came in handy when working with vendor support today – thanks!

  • Mubarak February 26, 2013, 6:18 am

    Hi,

    how to use this same command to pull list of servers, I tired but couldnt get exactly

    Get-HotFix | sort installedon -Descending | select -First 5

  • Gregory October 30, 2014, 3:36 pm

    Any feedback regarding a list of servers?

  • Bobby November 21, 2014, 5:52 am

    This code segment will loop over a list of servers and compare what’s patched with a list of KB#####s. Probably a more elegant way to do this, but I’m new at PS. But this works.
    #*************************************************
    # Search Patches
    # SearchPatch.txt
    #
    #*************************************************
    $date = get-date -UFormat %m%d%Y
    $log = “.\patched$date.log”
    “Serach Patches” | Out-File $log
    $hosts = gc .\complist.txt
    $compares = gc .\Q3-2014.txt
    foreach ($h in $hosts){
    $patches = gwmi Win32_QuickFixEngineering -ComputerName $h
    foreach ($p in $patches){
    foreach ($c in $compares){
    if($c -match $p.hotfixID){
    “$c matched on host $h”
    “$c matched on host $h” | Out-File $log -Append
    }
    }
    }
    }