Two step process to export a list of installed patches using PowerShell


Building on the previous post Easy Server Inventory!

Not all businesses can afford expensive patch management solutions. Some organizations may have WSUS but not know how to use it properly or its outdated. Some of you may think SCCM can produce reports. SCCM is great when you have staff that can take advantage of it; for some its not a viable solution, because no one on staff has the skill set, price tag or a combination of time and/or money it takes to send someone to train on SCCM.


The auditors, boss, corporate folks, etc. request a list or sample list of servers, they want to see  installed patches on each server with dates. A hefty proposition if you do not have one of these fancy applications that handle all of these things for you! No worries! Below is a quick way to keep things under control and provide the necessary information quickly and effectively.

Step 1

You can either gather a list of all servers in the domain via the AD Users and Computers, PowerShell or any other preferred method. You will use this to populate a txt file that will be used to feed the script.

Below is a script I like to use which can be useful for inventory, etc.

Export all servers to a friendly csv by running the following in PowerShell

Get-ADComputer -Filter {(OperatingSystem -Like "Windows *Server*")-and (Enabled -eq "True")} -Property * | Select Name,OperatingSystem,OperatingSystemServicePack,IPv4Address | export-csv Servers.csv -notypeinformation

*Added the (Enabled -eq "True") to filter only enabled Severs, thanks to the comment posted on Reddit by Master_apprentice .  -Thank you again

Step 2

Populate a file name servers.txt with the requested selection of servers.  Store this file in the same directory as the script below. The script below simply needs to be copied into either the PowerShell ISE or a notepad and saved as a ps1.

$ErrorActionPreference= 'silentlycontinue' # Allows the script to run in case of an error.

$servers = Get-Content -path Servers.txt  # Pulls the servers in question.

# The foreach below run the commands as the commands states for each server in the txt file.

# It then exports them to a useful csv.

foreach ($server in $servers)


(Get-Hotfix -ComputerName  $server | sort InstalledOn)| select CSName, Description, HotFixID, InstalledOn, RebootRequired | export-Csv -Path export.csv -append -notypeinformation


Once the report runs you will have a CSV with the information needed.

Author: J P

Azure, Azure AD, Office 365, Exchange, Exchange Online, Power BI, Data Science, Cloud in general and Power Shell are my passions. I love learning and staying current with technology.

Leave a Reply

Your email address will not be published. Required fields are marked *