top of page

PowerShell Windows Patch Check Tool

This was created because I had all the server patching passed onto me and the software we use never seems to report what I need. This script and CSV file allow me to import servers from a list, then query AD and then query each server to see if they have a specific patch installed. I am looking for the most recent cumulative patch for that operating system.  

<#

    !-----READ ME FIRST-------!

    Remove Comment on Line 41 to Make new Directory

    Execute Lines 37-41 first to create folder Path

    Comment Out Line 41 Then Run the full sceipt

       

   

    |-------Update For Next Month----------|

    Simply just update the PatchList.csv with corresponding Cumm Windows Update KB, Month_Patched

 

 

    |-----------Other Concepts-------------|

    This can be used for other Windows patch lookups too

    I found some of my 2012 Standard Servers only got Securrty Rollup not the Cumm.

 

  

    |------Add New Operating System--------|

    If you need to add a new OS just copy and past to another tab and replace the following.

    Copy and paste back within the Foreach Loop and you are Done.

 

    Replace 2012 with the number that matches your OS version.

    Replace [3] with the next line in the file array which would be [4]

    Append the PatchList.csv with Cumm updates KB, Month and New OS

 

 

      If($ComputerOS -like "*$($ImportPatches.OS[3])*"){

        $2012=$NULL

        $2012=Get-HotFix -ComputerName $Computer $ImportPatches.Patch[3] -ErrorAction SilentlyContinue

        If($2012 -eq $NULL){$Computer | Out-File "C:\PatchChecker\$($ImportPatches.OS[3])-SystemsFailedx.txt" -Append}

        $2012 | select PSComputerName,InstalledOn,HotFixID |  Export-csv "C:\PatchChecker\$($ImportPatches.OS[3])-Passed.csv" -Append -NoTypeInformation

        $2012      

    }

 

   

#>

 

#Imports KB, OS, Patch Month from CSV File

$ImportPatches = Import-csv 'C:\PatchChecker\PatchList\PatchList.csv'

 

#Created Folder for this Months Output

#New-Item "C:\PatchChecker\$($ImportPatches.Month_Patched[0])" -ItemType Directory

 

#Get Computer List From File

$ComputerList = Get-Content 'C:\PatchChecker\All.txt'

 

#Loop Through All Patched Systems and Check for KB Install

Foreach($Computer in $ComputerList){

 

    #Gets Single Comptuer OS Name

    $ComputerOS = Get-ADComputer $Computer -Properties * | Select -ExpandProperty OperatingSystem  

    

    #Executes If OS IS 2019

    If($ComputerOS -like "*$($ImportPatches.OS[0])*"){

        $2019=$NULL

        $2019=Get-HotFix -ComputerName $Computer $ImportPatches.Patch[0] -ErrorAction SilentlyContinue

        If($2019 -eq $NULL){$Computer | Out-File "C:\PatchChecker\$($ImportPatches.Month_Patched[0])\$($ImportPatches.OS[0])-SystemsFailedx.txt" -Append}

        $2019 | select PSComputerName,InstalledOn,HotFixID |  Export-csv "C:\PatchChecker\$($ImportPatches.Month_Patched[0])\$($ImportPatches.OS[0])-Passed.csv" -Append -NoTypeInformation

        $2019      

    }

 

    #Executes If OS IS 2016

    If($ComputerOS -like "*$($ImportPatches.OS[1])*"){

        $2016=$NULL

        $2016=Get-HotFix -ComputerName $Computer $ImportPatches.Patch[1] -ErrorAction SilentlyContinue

        If($2016 -eq $NULL){$Computer | Out-File "C:\PatchChecker\$($ImportPatches.Month_Patched[0])\$($ImportPatches.OS[1])-SystemsFailedx.txt" -Append}

        $2016 | select PSComputerName,InstalledOn,HotFixID |  Export-csv "C:\PatchChecker\$($ImportPatches.Month_Patched[0])\$($ImportPatches.OS[1])-Passed.csv" -Append -NoTypeInformation

        $2016      

    }

 

    #Executes If OS IS 2012 R2

    If($ComputerOS -like "*$($ImportPatches.OS[2])*"){

        $2012R2=$NULL

        $2012R2=Get-HotFix -ComputerName $Computer $ImportPatches.Patch[2] -ErrorAction SilentlyContinue

        If($2012R2 -eq $NULL){$Computer | Out-File "C:\PatchChecker\$($ImportPatches.Month_Patched[0])\$($ImportPatches.OS[2])-SystemsFailedx.txt" -Append}

        $2012R2 | select PSComputerName,InstalledOn,HotFixID |  Export-csv "C:\PatchChecker\$($ImportPatches.Month_Patched[0])\$($ImportPatches.OS[2])-Passed.csv" -Append -NoTypeInformation

        $2012R2      

    }

 

    #Executes If OS IS 2012 Standard

    If($ComputerOS -like "*$($ImportPatches.OS[3])*"){

        $2012=$NULL

        $2012=Get-HotFix -ComputerName $Computer $ImportPatches.Patch[3] -ErrorAction SilentlyContinue

        If($2012 -eq $NULL){$Computer | Out-File "C:\PatchChecker\$($ImportPatches.OS[3])-SystemsFailed.txt" -Append}

        $2012 | select PSComputerName,InstalledOn,HotFixID |  Export-csv "C:\PatchChecker\$($ImportPatches.Month_Patched[0])\$($ImportPatches.OS[3])-Passed.csv" -Append -NoTypeInformation

        $2012      

    }

 

}

bottom of page