Assuming you have an array of computers (be it from LDAP or otherwise) you can quickly enumerate them using the WMI Win32_QuickFixEngineering class to check the most recently installed HotFix.
Whilst WSUS will likely provide much of this functionality for those using it, this may still prove useful to some.
$compList = "LONDON", "BRISBANE"
$ErrorActionPreference = "Stop";
$tblResults = New-Object System.Data.DataTable "Results"
$colA = New-Object System.Data.DataColumn ComputerName, ([string])
$colB = New-Object System.Data.DataColumn LastHotFixID, ([string])
$colC = New-Object System.Data.DataColumn LastUpdated, ([string])
$tblResults.Columns.Add( $colA )
$tblResults.Columns.Add( $colB )
$tblResults.Columns.Add( $colC )
foreach ($computer in $compList)
{
try
{
$latestUpdate = Get-WMIObject -Class Win32_QuickFixEngineering -ComputerName $computer -Filter "HotFixID != 'File 1'"| ? {$_.InstalledON} |sort InstalledOn | select -last 1
$newRow = $tblResults.newrow()
$newRow.ComputerName = $computer
$newRow.LastHotFixID = $latestUpdate.HotFixID
$newRow.LastUpdated = "{0:dd/MM/yyyy}" -f [DateTime] $latestUpdate.InstalledOn.Date
$tblResults.Rows.Add( $newRow )
}
catch
{
$computer
}
}
$tblResults
Save the above to a file with the “ps1″ extension and adjust the $compList variable to contain the computers you wish to scan.
The only oddity in this I’ve discovered is if the updates are slipstreamed into the installation WIM they do not have an install date associated with them.
The post Get latest installed update with PowerShell appeared first on Damn Technology.