Q. How can I have a script check if a certain patch is installed?

A. PowerShell 2.0 contains the get-hotfix cmdlet, which is an easy way to check if a given hotfix is installed on the local computer or a remote computer. An example of the basic syntax is

get-hotfix -id KB974332

On my machine, that command returns

Source       Description  HotFixID  InstalledBy         InstalledOn------       -----------  --------  -----------         -----------SAVDALWKS01  Update       KB974332  NT AUTHORITYSYSTEM 9/23/2009 12:00:00 AM

If the fix isn't installed, an error will be returned.

To check a remote computer, add the -computername parameter. For example,

get-hotfix -id KB974332 -computername savdalvs01

produces the following output.

Source       Description  HotFixID  InstalledBy          InstalledOn------       -----------  --------  -----------          -----------SAVDALVS01   Update       KB974332  SAVILLTECHAdmini... 1/16/2010 12:00:00 AM

You can even add an action to perform if the fix isn't installed, such as writing the computer name to a text file:

if (!(get-hotfix -id KB974332 -computername savdalvs01)) { add-content $_ -path Missing-KB974332.txt }

If you have a list of computer names, you can pass it to a command to check multiple machines. For example:

get-content computers.txt | foreach { if (!(get-hotfix -id KB974332-computername $_)) { add-content $_ -path Missing-KB974332.txt }}

would produce the following:

Get-HotFix : This command cannot find hot-fix on the machine 'savdaldc11'.Verify the input and Run your command again.At line:1 char:55+ get-content computers.txt | foreach { if (!(get-hotfix <<<<-id KB974332 -computername $_)) { add-content $_ -path Missing-KB974332.txt }}+ CategoryInfo : ObjectNotFound: (:) [Get-HotFix], ArgumentException+ FullyQualifiedErrorId : GetHotFixNoEntriesFound,Microsoft.PowerShell.Commands.GetHotFixCommand

Note in the above that I received an error that the fix is missing from savdaldc11, because that server is missing the update.

My computers.txt file has the following content (nothing but computer names).

savdalwks01savdaldc10savdaldc11savdalvs01savdalvs02savdalvs03

Obviously, you can manipulate the commands to do any combination that you want, including checking for multiple hotfixes.

Related Reading:

Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.