powershell check windows update on a server


Solution 1

With 1000+ servers I assume you have a WSUS instance in your environment? You can get a lot of information from that with powershell. This is a snippet I use on our WSUS server (or via remote ps):

$wsus = Get-WsusServer
$servers = @("server1","server17","pol-server3","pol-server4")

$servers | % {
   $servername = $_
   $server = $wsus.GetComputerTargets() | ? { $_.FullDomainName -imatch $servername }
   If ($server) {
      New-Object PSObject -Property @{
         Server = $servername
         Installed = $server.GetUpdateInstallationSummary().InstalledCount
         NotInstalled = $server.GetUpdateInstallationSummary().NotInstalledCount
} | ft -auto


Server        Installed NotInstalled
------        --------- ------------
server1             144           21
server17            144           21
pol-server3         149           21
pol-server4         100           37

So this checks if patches are installed or still needed, but will not advise which patches are still needed for each server. Hope this helps.

Solution 2

WMI used to be able to query them via QuickfixEngineering class but I have a feeling this does not work so well on Vista or later:

Get-WMIObject -Class "Win32_QuickFixEngineering" -Computer <computername>

For this though I would probably suggest using WSUS, assuming you have centralised patch management through that. You can add the column for MSRC Number to the "All Updates" view and the report will tell you which systems have it installed. Seeing as this is just an SQL database you may be able to construct some calls via Powershell to pull this data out but thats a touch beyond me at present.

Solution 3

get-hotfix | WHERE {$_.hotfixID -eq 'KB******'}

Will get you the update with installed time etc.


Related videos on Youtube

Author by


Updated on September 18, 2022


  • karthick
    karthick almost 2 years

    We have some 1000 + servers, we are doing monthly patching activity. i need to check the patches are updated on the servers or not, is it possible to check based on the Microsoft Security Bulletin numbers (eg. MS14-40.) by powershell.

    Regards, Karthick V

    • jscott
      jscott almost 10 years
      What have you written so far? Please edit your question to include any code you're working with. Which parts are not working? Any error messages?