[PS][DOS] Quick SCCM patching status

All you SCCM riders roll your eyes whenever it’s patching week. Not just because of worrying what the compliance will be like, but also because it gets tedious to check what KBs got installed and what didn’t seeing that there’s at least 40 KBs downloaded for servers and likewise for desktops.

Essentially, you’d remote into a server, check Software Center and see what failed, then you’d check the logs, etc.

I got my servers pretty cleaned up so I usually just get one or two servers with failed installation that is easy to fix. Logging into them is okay and checking but I prefer the good ol’ cmd.exe and powershell.exe talking to me instead.

STEP 1

You’re obviously going to check what’s installed on the server and when. Seeing that powershell reads the timestamp in a funky way, which results in not showing the dates properly, I prefer to run this command in cmd.exe:

wmic /node:'SERVER1' qfe where "InstalledOn like '10/%/2019'" GET description, hotfixid,
 installedon

The above checks a remote server for KBs installed only during October 2019 and will should you exactly which date it was installed. Let’s say we got 4 updates for our server that are installed. We’ll run the same for SERVER2 and now we know what KB as do both have.

STEP 2

Sure, now you can filter your Security Updates Group and sniff out the updates needed for SERVER1, but SCCM already did the scan and downloaded what SERVER1 needed in the ccmcache. And sure, you can try the UNC remote or actual logon to the server but there’s a faster, cleaner way.

$list = Get-Content C:\Temp\list.txt
 
foreach($PC in $list){

$path = "\\$PC\C$\Windows\ccmcache"
 
if(Test-Path -Path $path){
 
Get-ChildItem -Path $path -File -Recurse | Select Directory, PSchildName, LastWriteTime, Extension | Sort-Object LastWriteTime -Descending
}
  
Else{
Write-Host "Path or Asset is unreachable" -ForegroundColor red
}
}

The above will test the connectivity to the path (or server) and if it’s true, then it will show you the contents of the ccmcache folder sorted by latest downloaded (created on).

This way by comparing the CMD.exe list we ran in Step 1 and this list, we’ll know what’s missing for both Servers and this way we might notice a pattern if there’s a bugger KB that is acting hard to get.