Tom Talks Microsoft Teams and Microsoft 365 Collaboration news and opinions

List All Microsoft/Windows Updates with PowerShell Sorted by KB/HotFixID : Get-MicrosoftUpdate

 

Update 17/8/2014:  I have found that new-object -com “Microsoft.Update.Searcher” only lists updates installed by windows update, not all updates (including manually installed updates), I’m still looking for a method that gives 100% of updates.

I recently came across a scenario where I needed to check if certain Hotfixes for Microsoft Office were installed. Easy, Get-HotFix right?

Get-HotFix | Sort-Object HotFixID | Format-Table –AutoSize

Unfortunately this only shows Windows Updates, not all *Microsoft Updates* for example Microsoft Application Updates, Drivers etc..

A quick search lead me here: http://blogs.technet.com/b/tmintner/archive/2006/07/07/440729.aspx, which shows how to get a list of updates, but unfortunately the HotFixID/KB isn’t held as a property, so the output isn’t much better than just scrolling through the endless list of Installed Updates in the GUI

image

 

However with a little Regex and Select-String magic this script grabs the HotfixID/KB and sorts the output by it.

# Gives a list of all Microsoft Updates sorted by KB number/HotfixID

# By Tom Arbuthnot. Lyncdup.com

 

$wu = new-object -com “Microsoft.Update.Searcher”

 

$totalupdates = $wu.GetTotalHistoryCount()

 

$all = $wu.QueryHistory(0,$totalupdates)

 

# Define a new array to gather output

 $OutputCollection=  @()

             

Foreach ($update in $all)

    {

    $string = $update.title

 

    $Regex = “KB\d*”

    $KB = $string | Select-String -Pattern $regex | Select-Object { $_.Matches }

 

     $output = New-Object -TypeName PSobject

     $output | add-member NoteProperty “HotFixID” -value $KB.‘ $_.Matches ‘.Value

     $output | add-member NoteProperty “Title” -value $string

     $OutputCollection += $output

 

    }

 

# Oupput the collection sorted and formatted:

$OutputCollection | Sort-Object HotFixID | Format-Table -AutoSize

Write-Host $($OutputCollection.Count) Updates Found”

 

# If you want to output the collection as an object, just remove the two lines above and replace them with “$OutputCollection”

 

# credit/thanks:

# http://blogs.technet.com/b/tmintner/archive/2006/07/07/440729.aspx

# http://www.gfi.com/blog/windows-powershell-extracting-strings-using-regular-expressions/

Latest Version will always be on Github: https://github.com/tomarbuthnot/Get-MicrosoftUpdate

image

From this script, if you wanted you could modify the script to output the proper object for you to manipulate as you require, but since I’m betting most people just want a sorted list I’ve made that the default.

Tom

About the author

Tom Arbuthnot

A Microsoft MVP and Microsoft Certified Master, Tom Arbuthnot is Principal Solutions Architect at Microsoft Collaboration specialists Modality Systems.

Tom stays up to date with industry developments and shares news and his opinions on his blog, Microsoft Teams Podcast and email list. He is a regular speaker at events around the world.

53 comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Nice script!

    Q.How can this be modified to run against a list of computers? And also to only get updates after a certain date rather than list all.

  • thanks for posting this! Great script. I am looking to filter the results to a specific KB, namely ‘KB2837618’. How would I go about this – then removing it?

  • I’m excited to try the script but I get an error. Any thoughts?

    Exception calling “QueryHistory” with “2” argument(s): “Exception from HRESULT: 0x80240007”
    At T:\scripts\sysadm\Get-MicrosoftUpdate-0.1.ps1:8 char:24
    + $all = $wu.QueryHistory <<<< (0,$totalupdates)
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ComMethodTargetInvocation

  • worked like a charm…thanks for taking the time to create this script…much appreciated and saved me the trouble of doing it. :-)

  • Hi !! Great work !! Helped me a lot !! Can we anyway display installed on date . Have been trying bur hard luck !! IF you could help !

  • add this at the end to have excel file and change your filename

    $filename = “c:\TEST.csv”
    $OutputCollection | Export-Csv $filename -NoTypeInformation -UseCulture
    ii $filename

  • “Update 17/8/2014: I have found that new-object -com “Microsoft.Update.Searcher” only lists updates installed by windows update, not all updates (including manually installed updates)”

    WOOhohoho! Quite a huge limitation, right? I nearly made myself look like an idiot in front of the whole project team a couple of days ago, when I checked a server where the WUAU listed “no patches applied”. So I (somehow confidently) judged quickly that the OS was running the RTM release without any single patch. But then I realized if I go to Programs & features –> uninstall updates: TADA!, there were 200 patches visible there. So those must have been integrated into the image already. I was so pissed off that such easy topic as “show me all damn updates that have been installed on that windows” is actually to fricking convolutedly complicated!

  • How do you add a column with row numbers (enumerate) the rows (similar to the Excel row number) for MS Updates listed or at the end of an HTML output file add a row for the sum of all the updates installed.

      • Yes. Columns = HotfixID, Description, InstalledOn. For each row I would like to add a column named Number. So it would now be a column list of Number, HotFixID, Description, InstalledOn. Under the number column for each HF listed I would like to autonumber the rows 1-xxxx. Thank you.

        • Adding…the Sort-object HotFixID doesn’t appear that it is sorting correctly.

          Sample output (to html) top to bottom (rows 1-3) KB3178034, KB3115109, KB3167679,

  • Tom,

    Nice script…. suits my needs. I have a question though, once I generate the list of Updates, patches, etc. which by the way I removed the:

    $output | add-member NoteProperty “Title” -value $string

    Line because all I want is the KB article number to be used on a ConfigMgr Configuration Item and subsequently added to a Configuration Baseline, how do I place this result in a stored variable, to be used again as input for another function I want to add to the script? I need to evaluate from the result whether a value is found or not, if found render a “Compliant” statement, otherwise “Noncompliant” for this I plan to use this:

    if ($KBList -NotContains ‘KB3141511’)
    {
    Write-Output ‘NonCompliant’}
    else {
    Write-Output ‘Compliant’
    }

    The intention is to add the values found by your script into $KBList, any suggestions?

    Ed

    • Hi, Ed. I was certainly needing to modify this script in order to evaluate the accuracy of my WSUS server. So I quickcly search on microsoft MSDN and found a litter information ( examples: zero!) for microsoft.update.searcher, and i guess the line you are looking for is this:

      Foreach ($update in $all)
      {
      $string_1 = $update.title

      $string_N = $update.Description

      $Regex = “KB\d*”
      $KB = $string | Select-String -Pattern $regex | Select-Object { $_.Matches }

      $output = New-Object -TypeName PSobject
      $output | add-member NoteProperty “HotFixID” -value $KB.‘ $_.Matches ‘.Value

      $output | add-member NoteProperty “Description” -Value $string3

      # I changed -autosize for -wrap because Description is a long text field.
      $OutputCollection | Sort-Object HotFixID | Format-Table -wrap

      https://msdn.microsoft.com/en-us/library/windows/desktop/aa386400(v=vs.85).aspx

  • Thanks a lot, Tom. Very useful script. I have a question, I’m prety new in this theme, how could it be possible to know the installation status: succeeded, failed… thanks again

  • Hello tom

    Thanks for this script.

    Q. When i use it, Some results are missing.
    Do you have a suggestion ? I run under Windows 10 1607CB x64. i tried with powershell x86, same result.

    HotFixID Title
    ——– —–

    KB4013418 Update for Windows (KB4013418)
    KB4019472 Security Update for Windows (KB4019472)
    KB4020821 Security Update for Windows (KB4020821)

    49 Updates Found

  • how do I loop this for multiple computers listed in txt file? I saw your comment but it did not work for me.
    “You could just add a Foreach ($computer in $computerlist) and run the script in a loop”

    • Sorry, I don’t have much time to dedicate to this script at the moment. Best bet is to ask someone with Powershell skills or on a PowerShell forum. Logically you should be able to loop this.

  • what do i have to do to save this file and run it is it a bat file do i save in notepad
    does this work with windows 7

  • WMI service is disabled on my servers due to security reasons, is there any option to list the installed patches without windows update graphical view.

  • WMIC qfe list will give you the list of all installed Windows and software updates applied to that computer.
    WMIC stands for Windows Management Instrumentation Command.

    1. Open a command prompt and type command:

    – Open a command prompt as admin and run:
    wmic qfe list
    Example of output in the cli:
    http://support.microsoft.com/?kbid=9876543 COMPUTER Security Update
    KB9876543 COMPUTER\Admin123 6/8/2015…. full guide here https://www.action1.com/kb/getting-a-list-of-all-installed-Windows-updates.html

  • I would like to get a total of a particular KB from all the machines in my active directory.
    Is there any way to do this?

    • Hi, it’s controlled by user policy, Voicemail can be enabled/disabled via the AllowVoicemail setting in TeamsCallingPolicy.

Tom Talks Microsoft Teams and Microsoft 365 Collaboration news and opinions