With WSUS you are able to document the updates status of your computers. But what to do if there is no WSUS available? In this article I describe how to get a list of all installed updates of all Domain Computers using PowerShell.
Get-Hotfix
With this useful command you can show all installed Updates on the localhost.
Get-Hotfix
To display only hotfixes you are looking for you can limit the result using Where-Object.
Get-Hotfix | Where-Object HotfixID -like KB31*
Get-Hotfix | Where-Object HotfixID -eq "KB3186568"
Getting a list of all installed Hotfixes on all Domain Computers
For this, we need a list of all Domain Computers by name. We can achieve this by using Get-ADComputer. Note: The disadvantage of this method is that we do not know whether the computers are turned on or not. If you want to know which computers are not reachable remove the parameter ErrorAction SilentlyContinue. To make it more user-friendly, I recommend to use Out-GridView.
Invoke-Command -ComputerName (Get-ADComputer -Filter *).Name {Get-HotFix} -ErrorAction SilentlyContinue | Select-Object PSComputername, HotfixID, InstalledOn | Out-GridView
Finding Computers that haven’t installed a special Hotfix
Make sure that all computers are turned on. To find all Computers, which haven’t installed hotfix KB4444 run
(Get-ADComputer -Filter *).Name | Foreach-Object {If (!(Get-Hotfix -ID "KB4444" -ComputerName $_ -ErrorAction SilentlyContinue)) {Add-Content $_ -Path C:\Temp\missing4444.txt}}
Once completed run notepad and review your list.
Related Links
Find more about Get-Hotfix in the Microsoft Docs: https://docs.microsoft.com/de-de/powershell/module/Microsoft.PowerShell.Management/Get-HotFix?view=powershell-5.1
See also
For documenting and managing your remote systems see also my articles:
PowerShell: Documenting your environment by running systeminfo on all Domain-Computers
How to schedule software installation with PowerShell
Windows Server: List all installed Roles and Features using PowerShell
PowerShell: My top 10 commands for documenting and monitoring Active Directory
Restart all Domain Computers by using PowerShell
Categories: PowerShell, Windows Server
My name is Patrick Gruenauer. From Austria.
SID-500.COM 
{Get-HotFix | Where ………}
LikeLike
Hi Patrick,
Thanks for this useful article.
I’ve tried a version of this script to check if a set of updates is installed on domain controllers.
I pass the updates list through a text file, but it doesn’t work! I missed something for sure.
I’ll appreciate if you could help.
Here is the code:
$Patches = Get-Content -Path .\Patches.txt
Invoke-Command -ComputerName (Get-ADDomainController -Filter *).Name {Get-HotFix} | Where-Object HotfixID -In $Patches -ErrorAction SilentlyContinue | Select-Object PSComputername, HotfixID, InstalledOn | Out-GridView
Thanks.
LikeLike
Hi, the braces are wrong.
LikeLike