Hi everyone
We need to check particular KB number based patch is installed on endpoints.
NOTE: currently we are using filter condition and get KB no based report,
But we need to check For eg: KB2511455 this KB number based patches installed on which endpoints or what are all the system not installed the following KB number based patches KB2511455.
Kindly share any analysis for this
Thanks & Regards
Vicky
If you wanted to know which machines do not have this KB installed, it would be the following relevance:
not exists (string values of properties "HotFixID" of it) whose(it starts with "KB2511455") of select objects "HotFixID from Win32_QuickFixEngineering" of wmis
This topic/post is a duplicate of: KB number based analysis report
Thanks a lot … its working fine
will it show this patch completly installed. I mean patch installed and server rebooted.
how to identify patch installed and patch status is pending ?
There are a few options that might work. There might be a pending flag in the registry. There might be a way to get the effective install time in the registry and compare that to the uptime / boottime of the OS.
The easiest way is likely to check the versions of the files that the patch replaces for each OS for a minimum version.
One option to figure stuff like this out is take a utility that can take a snapshot of the system state before applying the patch, then again after applying the patch, and then again after rebooting and then compare the diff of each along the way to see what changed, paying particular attention to the registry to look for clues to follow. This is the brute force way to look for the locations of interest to write relevance against.
I managed to create relevance to check particular KB installed or pending. below code give where the particular patch installed and success. hope this will help someone.
(exists descriptions of records whose (event id of it = 2 AND description of it contains “KB4012215 was successfully changed to the Installed state”) of event log “Setup” ) or (exists descriptions of records whose (event id of it = 2 AND description of it contains “KB4012212 was successfully changed to the Installed state”) of event log “Setup” ) or (exists descriptions of records whose (event id of it = 2 AND description of it contains “KB4012214 was successfully changed to the Installed state”) of event log “Setup” ) or (exists descriptions of records whose (event id of it = 2 AND description of it contains “KB4012217 was successfully changed to the Installed state”) of event log “Setup”) or (exists descriptions of records whose (event id of it = 2 AND description of it contains “KB4012213 was successfully changed to the Installed state”) of event log “Setup” ) or (exists descriptions of records whose (event id of it = 2 AND description of it contains “KB4012216 was successfully changed to the Installed state”) of event log “Setup”)