Is there a way to check what was the successful OS patch installed on a machine - I am specifically targeting CU or Security Monthly roll up. Need to know for which month and on which date this patch was installed.
Example April Month “kb4549951” was installed on a server in May and after that my server is not patched till now.
There are various server’s like this - So I would like to fetch a report for these machines so that I can let client know that your server was compliant till April 2020 and after that it was never patched.
I created various relevance to check patches installed in last 2 months but it list out all patches which were installed in that span of time. So is there a way to know this. I might sound silly, but this is my ask here.
(minimum of source release dates of items 1 of (item 1 of it , elements of item 0 of it)
whose (relevant (item 0 of it, item 1 of it)), name of item 1 of it)
of
(item 1 of it, elements of item 0 of it)
of ( set of applicable computers of elements of it, it) of
set of bes fixlets whose (id of site of it = 2 and (it contains “Monthly Rollup” OR it contains “Cumulative Update”) of name of it)
This will give you the oldest CU or Monthly Rollup relevant on the machine. The logic behind this can be problematic though, because in theory a client could have missed a patch in January but patched everything else since then.
The flip side of it would be to look when was the last CU or Monthly Rollup patch applied on the system:
((it as string) of minimum of source release dates of items 1 of (item 1 of it , elements of item 0 of it) whose (remediated flag of result (item 0 of it, item 1 of it)) | “n/a”, name of item 1 of it)
of(item 1 of it, elements of item 0 of it)
of ( set of applicable computers of elements of it, it) of
set of bes fixlets whose (id of site of it = 2 and (it contains “Monthly Rollup” OR it contains “Cumulative Update”) of name of it)
(Please note that this second query has to be evaluated in Web Reports and not the Console)