I recently needed to acquire a list of all the security patches installed on a group of servers within the last year. I discovered that there is a WMI class for this which makes it super easy to retrieve this info.
get-wmiobject win32_quickfixengineering -ComputerName $CompName | ? { $_.InstalledOn -gt (get-date).addyears(-1) }
Within the win32_quickfixengineering class, you’ll find all the security patches installed on a system. One of the properties is the InstalledOn attribute which more recent than a year ago.
If you have a list of servers to do this for, this is still really easy.
$svrs = @"
server1
server2
server3 "@
$svrs.split("`n") | % { get-wmiobject win32_quickfixengineering -ComputerName $_.trim() | ? { $_.InstalledOn -lt (get-date).addyears(-1) } }
Simply paste them into a here-string and execute this for each of them.
