Friday, May 12, 2017

Pull All WU Patches from Servers

With all the concern in the news lately, we went through all our on-premise servers and reviewed the patching. This script reads all of our Exchange servers (you could replace that for a CSV of server names) and does a remote call for the Windows Update patching. The script will return an object containing each installed patch and if it was successful or not.
$scriptBlock = {
 $Session = New-Object -ComObject "Microsoft.Update.Session"
 $Searcher = $Session.CreateUpdateSearcher()
 $historyCount = $Searcher.GetTotalHistoryCount()
 $Searcher.QueryHistory(0, $historyCount) | ?{$_.title -notlike "*definition update for*"} |Select-Object Title, Description, Date,
 @{name="Operation"; expression={switch($_.operation){
    1 {"Installation"}; 2 {"Uninstallation"}; 3 {"Other"}
 @{name="Status"; expression={switch($_.resultcode){ 1 {"In Progress"}; 2 {"Succeeded"}; 3 {"Succeeded With Errors"};4 {"Failed"}; 5 {"Aborted"} }}}

$serverList = get-exchangeserver
$Patching = @();$serverCount = $serverList.count;$index=1

forEach ($server in $ServerList ) {
    write-progress -activity "reading Windows Update" -Status $ -percentcomplete (($index/$serverCount)*100);$index++
    $LastUpdates = Invoke-Command -ScriptBlock $scriptBlock -ComputerName $ -ErrorVariable $failedWINRM
    $Patching+= $lastupdates
return $Patching

.\report-WindowsUpdatePatching.ps1 | ?{$_.title -like "*4012212*" -and $_status -eq "Failed"}

No comments:

Post a Comment