[PS]Remotely Check Installed Software Versions

Whichever solution you are using for your third party patching, it’s always good to have live data that you know you can rely on.

Last time I changed companies, I ran into a peculiar issue of having my compliance at 36% which was unacceptable. After some digging, of course, I realized that the damn environment had a gazillion of old versions or two versions installed, etc. SCCM would patch the proper versions but it would still return a weird error about the certificate not being recognized.

So let’s take for an example Chrome patching, seeing that Chrome’s got a new version popping up every month almost.

Instead of UNC-ing to check the chrome.exe file version in the Details Property tab, I wrote a few lines that actually shows me any exe that is not of the latest version.

In the below example I’ve group the patches for Flash player, and Notepad++ that were failing on some device.

$list = get-content C:\Temp\list.txt
 
$export = Foreach($C in $list){
 
$Path1 = "\\$C\C$\Windows\System32\Macromed\Flash\Flash.ocx"
$Path2 = "\\$C\C$\Program Files\Notepad++\notepad++.exe"
$Path3 = "\\$C\C$\Program Files (x86)\Notepad++\notepad++.exe"
$Path4 = "\\$C\C$\Windows\System32\Macromed\Flash\FlashUtil*.exe"
 
    
        get-childitem -File $path1 -ErrorAction SilentlyContinue | Select DirectoryName, @{label="File Name";expression={$_.versioninfo.OriginalFilename}}, @{label="ProductVersion";expression={$_.versioninfo.productversion}}
         
         
        get-childitem -File $path2 -ErrorAction SilentlyContinue | Select DirectoryName, @{label="File Name";expression={$_.versioninfo.OriginalFilename}}, @{label="ProductVersion";expression={$_.versioninfo.productversion}}
         
 
        get-childitem -File $path3 -ErrorAction SilentlyContinue | Select DirectoryName, @{label="File Name";expression={$_.versioninfo.OriginalFilename}}, @{label="ProductVersion";expression={$_.versioninfo.productversion}}
 
        get-childitem -File $path4 -ErrorAction SilentlyContinue | Select DirectoryName, @{label="File Name";expression={$_.versioninfo.OriginalFilename}}, @{label="ProductVersion";expression={$_.versioninfo.productversion}}
}
 
$export | Export-Csv C:\Temp\export.csv -NoTypeInformation

Of course, the above needs some snooping first. You have to know exactly what directory this software is installed on.

The script exports the UNC path into a csv sheet, showing the File name and the Product Version that is installed. This is basically the powershell equivalent of right-clicking an app, going to Properties and then the details tab:

Example:

$Path = "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
 
    if (test-path $path){
 
        get-childitem -File $path -ErrorAction SilentlyContinue | Select DirectoryName, @{label="File Name";expression={$_.versioninfo.OriginalFilename}}, @{label="ProductVersion";expression={$_.versioninfo.productversion}}
         }
        else{
 
        Write-Host "Path is unreachable" -ForegroundColor Red
     
 
        }