With all the concern in the news lately, we went through all our on-premise servers and reviewed the patching. This script reads all of our Exchange servers (you could replace that for a CSV of server names) and does a remote call for the Windows Update patching. The script will return an object containing each installed patch and if it was successful or not.
#Report-WindowsUpdatePatching.ps1
$scriptBlock = {
$Session = New-Object -ComObject "Microsoft.Update.Session"
$Searcher = $Session.CreateUpdateSearcher()
$historyCount = $Searcher.GetTotalHistoryCount()
$Searcher.QueryHistory(0, $historyCount) | ?{$_.title -notlike "*definition update for*"} |Select-Object Title, Description, Date,
@{name="Operation"; expression={switch($_.operation){
1 {"Installation"}; 2 {"Uninstallation"}; 3 {"Other"}
}}},
@{name="Status"; expression={switch($_.resultcode){ 1 {"In Progress"}; 2 {"Succeeded"}; 3 {"Succeeded With Errors"};4 {"Failed"}; 5 {"Aborted"} }}}
}
$serverList = get-exchangeserver
$Patching = @();$serverCount = $serverList.count;$index=1
forEach ($server in $ServerList ) {
write-progress -activity "reading Windows Update" -Status $server.name -percentcomplete (($index/$serverCount)*100);$index++
$LastUpdates = Invoke-Command -ScriptBlock $scriptBlock -ComputerName $Server.name -ErrorVariable $failedWINRM
$Patching+= $lastupdates
}
return $Patching
.\report-WindowsUpdatePatching.ps1 | ?{$_.title -like "*4012212*" -and $_status -eq "Failed"}
No comments:
Post a Comment