0

I'm working on a remote administration app which needs to be able to obtain a list of patches which have been applied to an application. This Support article suggests there are two ways they could be stored:

https://support.microsoft.com/en-us/kb/888535
The ones installed via Update.exe are trivially obtained from the registry.

However, patches installed with Windows Installer are kept in the MSI and MSU(?) files. I can read them locally by invoking the Windows Installer method MsiEnumPatches with the app's GUID.

However, I need to do this remotely. I have an Admin account on the target machine. For other processes, I can use the Win32_* types and WMI to access functions remotely. However, there appears to be no equivalent function in the WMI interface for Windows Installer.

The API classes provide are at https://msdn.microsoft.com/en-us/library/windows/desktop/aa394523
There don't appear to be any from which I can obtain a list of patches applied to a specific app.

Can anyone point me in the right direction? Running msiexec.exe as a remote command would be a possibility, but the CLI switches don't seem to provide the needed functionality.

user3587642
  • 1
  • 1
  • 1

1 Answers1

0

Can you use Event Viewer? You could also use get-winevent

This is using Get-CimInstance -ClassName Win32_NTLogEvent

Category         : 1
CategoryString   : Windows Update Agent
EventCode        : 43
EventIdentifier  : 43
TypeEvent        : 
InsertionStrings : {Update for Windows 8.1 for x64-based Systems    (KB3118401), {a9405868-c0fb-44dd-b13b-ab595d85d6df}, 201}
LogFile          : System
Message          : Installation Started: Windows has started installing the following update: Update for Windows 8.1 for x64-based Systems (KB3118401)
RecordNumber     : 17648
SourceName       : Microsoft-Windows-WindowsUpdateClient
TimeGenerated    : 13/03/2016 4:31:09 PM
TimeWritten      : 13/03/2016 4:31:09 PM
Type             : Information
UserName         :
Tim Haintz
  • 486
  • 1
  • 3
  • 8
  • I don't think this gets me the info I'm after. There are actually (at least) 3 ways patches in Windows are recorded. 1: QuickFixEngineering patches, which I can obtain via Win32_QuickFixEngineering. 2: Windows Update patches, which can be read from a registry key. 3: Windows Installer patches, which have to read the .msi and .msp files for individual applications, using MsIEnumPatches. Its the last I need; I think (correct me if I'm wrong) you're giving me #2. And to top things off, I need to do it remotely, via WMI or Powershell, prefereably without installing new apps on the target. – user3587642 Oct 27 '16 at 15:16
  • https://blogs.technet.microsoft.com/heyscriptingguy/2013/11/15/use-powershell-to-find-installed-software/ may also be able to help. – Tim Haintz Oct 27 '16 at 20:15
  • Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*' If you look at Problem #3 from the link above, you can use invoke-command to run it on multiple remote machines. – Tim Haintz Oct 27 '16 at 20:16
  • Tim: Try looking on a live system - that article is, I think, out of date. In practice, I found the updates under. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Updates\' – user3587642 Nov 03 '16 at 18:25
  • Hi User358, did you need all 3 methods put together to get it to work correctly? – Tim Haintz Nov 16 '16 at 10:28