I'm trying to get information about how up-to-date is windows systems. Information from systemstatus or wmic qfe list sometimes don't give full list of installed hostfixs. So I want to make powershell script which checks if there is available updates for system. My scripts looks like this:
[CmdletBinding()]
Param ()
Begin {
$UpdateSession = New-Object -ComObject 'Microsoft.Update.Session'
}
Process {
$UpdateSearcher = $UpdateSession.CreateUpdateSearcher()
$SearchResult = $UpdateSearcher.Search("IsInstalled=0 and Type='Software' and IsHidden=0")
if ($SearchResult.Updates.Count -ne 0) {
$SearchResult.Updates |Select-Object -Property Title, Description |Format-List
}
else {
Write-Host 'There are no applicable updates'
}
}
My question is: Do this script checks for new updates from local WSUS or from Microsoft's servers? My goal is: Check updates from Microsoft's servers to omit situation, when WSUS's administrator will drop some important updates.
After a search like yours i found this... if it helps
Function Get-PendingUpdate {
<#
.SYNOPSIS
Retrieves the updates waiting to be installed from WSUS
.DESCRIPTION
Retrieves the updates waiting to be installed from WSUS
.PARAMETER Computername
Computer or computers to find updates for.
.EXAMPLE
Get-PendingUpdates
Description
-----------
Retrieves the updates that are available to install on the local system
.NOTES
Author: Boe Prox
#>
#Requires -version 3.0
[CmdletBinding(
DefaultParameterSetName = 'computer'
)]
param(
[Parameter(ValueFromPipeline = $True)]
[string[]]$Computername = $env:COMPUTERNAME
)
Process {
ForEach ($computer in $Computername) {
If (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
Try {
#Create Session COM object
Write-Verbose "Creating COM object for WSUS Session"
$updatesession = [activator]::CreateInstance([type]::GetTypeFromProgID("Microsoft.Update.Session",$computer))
}
Catch {
Write-Warning "$($Error[0])"
Break
}
#Configure Session COM Object
Write-Verbose "Creating COM object for WSUS update Search"
$updatesearcher = $updatesession.CreateUpdateSearcher()
#Configure Searcher object to look for Updates awaiting installation
Write-Verbose "Searching for WSUS updates on client"
$searchresult = $updatesearcher.Search("IsInstalled=0")
#Verify if Updates need installed
Write-Verbose "Verifing that updates are available to install"
If ($searchresult.Updates.Count -gt 0) {
#Updates are waiting to be installed
Write-Verbose "Found $($searchresult.Updates.Count) update\s!"
#Cache the count to make the For loop run faster
$count = $searchresult.Updates.Count
#Begin iterating through Updates available for installation
Write-Verbose "Iterating through list of updates"
For ($i=0; $i -lt $Count; $i++) {
#Create object holding update
$Update = $searchresult.Updates.Item($i)
[pscustomobject]@{
#Computername = $Computer
KB = $($Update.KBArticleIDs)
Title = $Update.Title
Categories = ($Update.Categories | Select-Object -ExpandProperty Name)
SecurityBulletin = $($Update.SecurityBulletinIDs)
MsrcSeverity = $Update.MsrcSeverity
IsDownloaded = $Update.IsDownloaded
Url = $($Update.MoreInfoUrls)
BundledUpdates = @($Update.BundledUpdates)|ForEach{
[pscustomobject]@{
Title = $_.Title
DownloadUrl = @($_.DownloadContents).DownloadUrl
}
}
}
}
}
Else {
#Nothing to install at this time
Write-Verbose "No updates to install."
}
}
Else {
#Nothing to install at this time
Write-Warning "$($c): Offline"
}
}
}
}
thanks to Boe Prox... it is a great script!