I am trying to write a PowerShell script to extract the latest Windows patch installed on every VM.
I hope someone can help.
Thanks in advance 🙂
If you did mean PowerShell, you would be better asking on a Microsoft forum.
If instead you meant PowerCLI, post what you have and I can ask the moderators to move your post to a better area.
The question is unclear. Sounds like you just want to run reports of what updates have been installed.
You are in the wrong forum for this type of question. There are Windows and PowerShell forums describing techniques to do what you are asking for. In a nutshell, you need to export all VMs, pipe the output to a Get-Hotfix cmdlet.
If you are using VMware Horizon VDI, then you just need to update/report the "golden" image computer and restart all of the child computers, they will be patched.
If your question is really, how do I get all VMs patched or run reports on what is patched by which updates, that's another subject entirely. WSUS, SCCM, InTune all attempt to address this problem, none of them are 100% reliable. Windows patching is problematic. Microsoft has failed us pretty hard on this.
If you are attempting to identify missed security updates, then you need a vulnerability scanner. There are many, many security products on the market and some open source. For example a leader is Nessus. Use it to scan every node on the network for signatures, open ports, etc. It is more than what you asked, but is the only complete way to report on security updates for Windows, non-Windows (Linux variants), IoT, printers, other network endpoints, network infrastructure (APs, switches, routers, firewalls, etc.)
Oh really? Have you heard smth about WSUS? or SCCM or GPO?
If you did mean PowerShell, you would be better asking on a Microsoft forum.
If instead you meant PowerCLI, post what you have and I can ask the moderators to move your post to a better area.
The question is unclear. Sounds like you just want to run reports of what updates have been installed.
You are in the wrong forum for this type of question. There are Windows and PowerShell forums describing techniques to do what you are asking for. In a nutshell, you need to export all VMs, pipe the output to a Get-Hotfix cmdlet.
If you are using VMware Horizon VDI, then you just need to update/report the "golden" image computer and restart all of the child computers, they will be patched.
If your question is really, how do I get all VMs patched or run reports on what is patched by which updates, that's another subject entirely. WSUS, SCCM, InTune all attempt to address this problem, none of them are 100% reliable. Windows patching is problematic. Microsoft has failed us pretty hard on this.
If you are attempting to identify missed security updates, then you need a vulnerability scanner. There are many, many security products on the market and some open source. For example a leader is Nessus. Use it to scan every node on the network for signatures, open ports, etc. It is more than what you asked, but is the only complete way to report on security updates for Windows, non-Windows (Linux variants), IoT, printers, other network endpoints, network infrastructure (APs, switches, routers, firewalls, etc.)
I appreciate the response. I think you gave me more than I asked for. You are right, I can do it with PowerShell. I was actually looking for latest patch installed in any Windows VM. I wasn't sure if VMWare had a thing that I could run or if there is a CLI script that I can use. In ant case, now I know what to do.