Skip to main content

Microsoft Patches - How to check via Command Line or VBS?

More
19 years 11 months ago #6157 by gl0bal
Hi all

I want to check what Microsoft patches have been installed on PCs. I want to be able to do this either by the command line or by a vbs script.

I do not want to install any additional software to perform this. For example I am aware of the HFNetChk app but do not want any additional software as I am trying to minimise additional software on the systems..

My purpose is to run a batch or script on target machines to check their patch status. I would use this to verify / cross check results from the Microsoft Baseline Security Analyzer.

I have searched google, google groups, and firewall.cx, I may be doing poor searches but I have found nothing to meet my exact requirements.

Can anyone help? Your time would be most appreciated.
:wink:
More
19 years 11 months ago #6171 by FallenZer0
I'm not sure what OS you are running. Windows Management Instrumentation Command -Line[WMIC], should help you in displaying installed Patches and Hot Fixes.

Check the below link.

www.microsoft.com/technet/prodtechnol/wi...tusability/wmic.mspx

In the link, look for the Verb *Assoc*. Underneath is *os assoc* that displays, information about the OS and installed Patches and Hot Fixes.

Hope it helps.

-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
More
19 years 11 months ago #6173 by gl0bal
FallenZero

Cheers for the information. That is definitely a path worth exploring. Unfortunately the OS I have is Windows 2000 (at my workplace anyway) so ideally I will need something that is supported on Windows 2000.

Having said that I am going to do some research on a test box at work that runs Windows XP as this WMIC gig looks interesting.

Thanks and any other suggetions would be most welcome.
More
19 years 11 months ago #6189 by sahirh
In Windows XP the command 'systeminfo' can be used. It even works remotely..

Don't know bout 2K though.. but if the command is not there, just copy it over from an XP box and check -- it will probably work..

You'll need to do some scripting to cut the data and automate your patching.. I would suggest you chuck the output of systeminfo to a file, and then use a little perl to clean it all up..


Cheers,

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
19 years 11 months ago #6220 by gl0bal
Thanks for the tip Sahrih. I'll have a play with that in conjunction with FallenZero's WMIC.

Off for a workshop/site visit at McAfee's virus reserach labs tomorrow. Should be interesting. I might have to start a thread discussing people's favourite AV and in what environment eg desktop/server/firewall etc - I'm keen to know what the corporate lads are using.
More
19 years 11 months ago #6227 by sahirh
Ooh, vendor workshop trip !
Have fun.....

Don't forget to tell us all what you learned there ;)

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.128 seconds