VMware Cloud Community
JawidKaderi
Contributor
Contributor
‎01-26-2023 07:48 AM
Jump to solution

How to get the latest installed Windows patche on every VM

I am trying to write a PowerShell script to extract the latest Windows patch installed on every VM.
I hope someone can help.

Thanks in advance 🙂

0 Kudos
3 Solutions

Accepted Solutions
maksym007
Expert
Expert
‎01-26-2023 01:21 PM
Jump to solution

Oh really? Have you heard smth about WSUS? or SCCM or GPO? 

 

 

View solution in original post

0 Kudos
scott28tt
VMware Employee
VMware Employee
‎01-26-2023 01:28 PM
Jump to solution

If you did mean PowerShell, you would be better asking on a Microsoft forum.

If instead you meant PowerCLI, post what you have and I can ask the moderators to move your post to a better area.

 


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog

View solution in original post

0 Kudos
GeoPerkins
Enthusiast
Enthusiast
‎01-27-2023 06:35 AM
Jump to solution

The question is unclear. Sounds like you just want to run reports of what updates have been installed.

You are in the wrong forum for this type of question. There are Windows and PowerShell forums describing techniques to do what you are asking for.  In a nutshell, you need to export all VMs, pipe the output to a Get-Hotfix cmdlet.

If you are using VMware Horizon VDI, then you just need to update/report the "golden" image computer and restart all of the child computers, they will be patched.

If your question is really, how do I get all VMs patched or run reports on what is patched by which updates, that's another subject entirely. WSUS, SCCM, InTune all attempt to address this problem, none of them are 100% reliable. Windows patching is problematic. Microsoft has failed us pretty hard on this.

If you are attempting to identify missed security updates, then you need a vulnerability scanner. There are many, many security products on the market and some open source. For example a leader is Nessus. Use it to scan every node on the network for signatures, open ports, etc. It is more than what you asked, but is the only complete way to report on security updates for Windows, non-Windows (Linux variants), IoT, printers, other network endpoints, network infrastructure (APs, switches, routers, firewalls, etc.)

 

View solution in original post

4 Replies
maksym007
Expert
Expert
‎01-26-2023 01:21 PM
Jump to solution

Oh really? Have you heard smth about WSUS? or SCCM or GPO? 

 

 

0 Kudos
scott28tt
VMware Employee
VMware Employee
‎01-26-2023 01:28 PM
Jump to solution

If you did mean PowerShell, you would be better asking on a Microsoft forum.

If instead you meant PowerCLI, post what you have and I can ask the moderators to move your post to a better area.

 


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos
GeoPerkins
Enthusiast
Enthusiast
‎01-27-2023 06:35 AM
Jump to solution

The question is unclear. Sounds like you just want to run reports of what updates have been installed.

You are in the wrong forum for this type of question. There are Windows and PowerShell forums describing techniques to do what you are asking for.  In a nutshell, you need to export all VMs, pipe the output to a Get-Hotfix cmdlet.

If you are using VMware Horizon VDI, then you just need to update/report the "golden" image computer and restart all of the child computers, they will be patched.

If your question is really, how do I get all VMs patched or run reports on what is patched by which updates, that's another subject entirely. WSUS, SCCM, InTune all attempt to address this problem, none of them are 100% reliable. Windows patching is problematic. Microsoft has failed us pretty hard on this.

If you are attempting to identify missed security updates, then you need a vulnerability scanner. There are many, many security products on the market and some open source. For example a leader is Nessus. Use it to scan every node on the network for signatures, open ports, etc. It is more than what you asked, but is the only complete way to report on security updates for Windows, non-Windows (Linux variants), IoT, printers, other network endpoints, network infrastructure (APs, switches, routers, firewalls, etc.)

 

JawidKaderi
Contributor
Contributor
‎01-28-2023 04:49 AM
Jump to solution

I appreciate the response. I think you gave me more than I asked for. You are right, I can do it with PowerShell. I was actually looking for latest patch installed in any Windows VM. I wasn't sure if VMWare had a thing that I could run or if there is a CLI script that I can use. In ant case, now I know what to do.

0 Kudos