How do I generate a list of windows patches and the date they were installed on a windows 2000 server? This is for compliance reports for auditors.
4 Answers
Option 1
Get psinfo from http://technet.microsoft.com/en-us/sysinternals/bb897550.aspx
Run psinfo -h
to get the list of hotfixes
Option 2
Another method that doesn't require 3rd party software using wmic
; just type:
wmic qfe
from the command line. The default output gives really long lines, so you might be better off redirecting to a file and viewing it in your favourite text editor.
Variations on a theme include:
wmic qfe list full
wmic qfe get HotfixID,ServicePackInEffect,InstallDate,InstalledBy,InstalledOn
wmic qfe where "HotfixID = 'KB973687'"
wmic qfe where "HotfixID = 'KB973687'" get HotfixID, InstallDate, InstalledBy, InstalledOn
wmic qfe where "HotfixID = 'KB973687'" list full
wmic /node:myserver qfe list full
Option 3
Use Powershell to do the same thing. This is simply:
- Local:
get-wmiobject -class win32_quickfixengineering
- Remote:
get-wmiobject -class win32_quickfixengineering -computername mysever
Again, this can take filters, for example:
get-wmiobject -class win32_quickfixengineering -filter "HotfixID = 'KB979683'"
...or as it's Powershell, just pipe through where-object
.
Option 4
It looks like recent versions of Windows don't use QFE in the same way. If it looks like you have an incomplete list, then you can try this instead:
$Session = New-Object -ComObject Microsoft.Update.Session
$Searcher = $Session.CreateUpdateSearcher()
$Searcher.Search("IsInstalled=1").Updates | ft -a Date,Title
(source for this brief script: an answer on Superuser for Why are “get-hotfix” and “wmic qfe list” in Powershell missing installed updates?).
- 1,218
- 18
- 32
-
A comment on piping versus filter: it will be significantly slower depending on the number of updates your system has installed. – Maximilian Burszley Nov 14 '17 at 21:25
Check out the "Microsoft Baseline Security Analyzer". I believe it is the tool that you are looking for. See http://www.microsoft.com/mbsa and the associated Wikipedia article.
"Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems."
- 1,343
- 4
- 14
- 29
Quick and Dirty method: Browse the hidden folders in C:\Windows - the $NTUninstallKBxxxxxx refer to the KB Article that discusses the patch. The date on the folder is when it was installed.
- 1,815
- 9
- 10
The
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3
keys contain subkeys in the registry that have the details you need.
On my box , sample dump looks thus: Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB915865 Class Name: Last Write Time: 8/17/2009 - 9:01 PM Value 0 Name: Description Type: REG_SZ Data: Hotfix for Windows XP (KB915865)
Value 1 Name: InstalledDate Type: REG_SZ Data: 8/17/2009
Value 2 Name: InstalledBy Type: REG_SZ Data: Aviral
Value 3 Name: UninstallCommand Type: REG_SZ Data: C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe
Value 4 Name: Type Type: REG_SZ Data: Update
or "WTF-y" (www.thedailywtf.com) solution:
Use the commandline program , "systeminfo". It outputs a "hotfixes" section ... when you pass it the "\FO CSV" option , it outputs data as a CSV file ... then it should be fairly easy to parse out...
- 135
- 6