Two step process to export a list of installed patches using PowerShell

desk-office-workspace-coworking

Building on the previous post Easy Server Inventory!

Not all businesses can afford expensive patch management solutions. Some organizations may have WSUS but not know how to use it properly or its outdated. Some of you may think SCCM can produce reports. SCCM is great when you have staff that can take advantage of it; for some its not a viable solution, because no one on staff has the skill set, price tag or a combination of time and/or money it takes to send someone to train on SCCM.

Scenario

The auditors, boss, corporate folks, etc. request a list or sample list of servers, they want to see  installed patches on each server with dates. A hefty proposition if you do not have one of these fancy applications that handle all of these things for you! No worries! Below is a quick way to keep things under control and provide the necessary information quickly and effectively.

Step 1

You can either gather a list of all servers in the domain via the AD Users and Computers, PowerShell or any other preferred method. You will use this to populate a txt file that will be used to feed the script.

Below is a script I like to use which can be useful for inventory, etc.

Export all servers to a friendly csv by running the following in PowerShell

Get-ADComputer -Filter {(OperatingSystem -Like "Windows *Server*")-and (Enabled -eq "True")} -Property * | Select Name,OperatingSystem,OperatingSystemServicePack,IPv4Address | export-csv Servers.csv -notypeinformation

*Added the (Enabled -eq "True") to filter only enabled Severs, thanks to the comment posted on Reddit by Master_apprentice .  -Thank you again

Step 2

Populate a file name servers.txt with the requested selection of servers.  Store this file in the same directory as the script below. The script below simply needs to be copied into either the PowerShell ISE or a notepad and saved as a ps1.

$ErrorActionPreference= 'silentlycontinue' # Allows the script to run in case of an error.

$servers = Get-Content -path Servers.txt  # Pulls the servers in question.

# The foreach below run the commands as the commands states for each server in the txt file.

# It then exports them to a useful csv.

foreach ($server in $servers)

{

(Get-Hotfix -ComputerName  $server | sort InstalledOn)| select CSName, Description, HotFixID, InstalledOn, RebootRequired | export-Csv -Path export.csv -append -notypeinformation

}

Once the report runs you will have a CSV with the information needed.

Easy Server Inventory using PowerShell – Minor Update

Easy Inventory with PowerShell

Ever need a quick inventory, well the following script pulls servers directly from AD. It cannot get easier than this. There is no need for fancy software or databases. Once the data is exported you can give it a facelift in excel and turn it in to the C level folks, share it with the team, your boss or perhaps you simply need a copy for yourself.

Export all servers to a friendly csv by running the following in PowerShell:

Get-ADComputer -Filter {(OperatingSystem -Like "Windows *Server*")-and (Enabled -eq "True")} -Property * | Select Name,OperatingSystem,OperatingSystemServicePack,IPv4Address | export-csv Servers.csv -notypeinformation

*Added the (Enabled -eq "True") to filter only enabled Severs, thanks to the comment posted on Reddit by Master_apprentice .  -Thank you again!

It can be saved as a script and set to automatically run as a scheduled task or use the script to feed a dataset somewhere with Power Bi, SQL, Access, etc.