Windows update! – Patching Tuesday!
The 2 words any system admin would not love to hear 😛 the process of installing the updates is no the hardest job. it’s that random compliance check from the Security team which make you run like headless chickens.
Below script will save the time by getting the Machines in an OU and cross check it against the given KB######## and will let you know if the machine is compliant or not.
$machines= Get-ADComputer -Filter * -Searchbase "Specific OU" -Properties *| Select name | sort asc
$UpdateNo = 'Update number KB######'
foreach ($machine in $machines) {
if (test-Connection -ComputerName $machine -Count 2 -Quiet ) {
$PatchCheck = Get-Hotfix -computername $machine | where {$_.HotfixID -eq $UpdateNo} | Select-Object HotfixID
Try{
$ErrorActionPreference = 'stop'
if($PatchCheck.HotfixID.Contains($UpdateNo)-eq $true){
write-Host "$machine is Alive and Updated with $UpdateNo patch." -ForegroundColor Green
}
}catch{
$ErrorActionPreference = 'continue'
Write-Host "$machine Is Up and Not Patched!!" -ForegroundColor Red
}
}else{
Write-Warning "$machine seems dead not pinging"
}
} If you have only a handful of machines that needs a quick check the script will still be able to help you with that
$machines= Get-content -path "list of machine names.txt"
$UpdateNo = 'Update number KB######'
foreach ($machine in $machines) {
if (test-Connection -ComputerName $machine -Count 2 -Quiet ) {
$PatchCheck = Get-Hotfix -computername $machine | where {$_.HotfixID -eq $UpdateNo} | Select-Object HotfixID
Try{
$ErrorActionPreference = 'stop'
if($PatchCheck.HotfixID.Contains($UpdateNo)-eq $true){
write-Host "$machine is Alive and Updated with $UpdateNo patch." -ForegroundColor Green
}
}catch{
$ErrorActionPreference = 'continue'
Write-Host "$machine Is Up and Not Patched!!" -ForegroundColor Red
}
}else{
Write-Warning "$machine seems dead not pinging"
}
} 
YooAdmin 