Make sure KB2863058 is installed in the domain’s servers with PowerShell

August 26, 2013

Hello everyone!

Last week, Microsoft has released an update that changes the operating system’s time zone change in certain countries.

In the past, the time zone here in Israel would change in around the month of September. our ministry of the interior decided that it would change the time zone in October 27th, which forced Microsoft to release a new update – the last update was released in December 2012, and that update referred to the time zone shift in September, which isn’t relevant.

I was assigned by the head of IT to write a script that checks if the update is installed on our Windows servers, and log the data in 2 files – the first,  on which server it is installed, and on the second, on which servers it is not installed.

Of course, I could have done it with a killer one liner, but I wrote a script, although quick and dirty, I thought folks could find it helpful, so feel free change it and adjust.

### Make sure AcitveDirectory PowerShell module is installed and available, otherwise,
###use Get-Content with a text file that contains server names.
Import-Module activedirectory
New-Item -Path c:\KB2863058.txt -Type file -Force
New-Item -Path c:\KB2863058_FAILED.txt -Type file -Force
$servers = Get-ADComputer -Filter 'operatingsystem -like "*server*"' | 
select -ExpandProperty name
foreach ($server in $servers) {
if (Test-Connection $server -Quiet -Count 1) {
   try {
    Get-HotFix -Id KB2863058 -ComputerName $server -ErrorAction Stop
    Add-Content -Path C:\KB2863058.txt -Value "$(Get-Date)`t $server`t $($update.InstalledOn)"
   }
   catch {
    "$(Get-Date)`t $server`t`t NO UPDATE" | Out-File c:\KB2863058_FAILED.txt -Append
   }
}
else {
   "$(Get-Date)`t NO CONNECTION`t`t NO CONNECTION" | Out-File c:\KB2863058_FAILED.txt -Append 
}

}

The script creates 2 files. first is C:\KB2863058.txt, which contains all server names where the update was applied. the second, C:\KB2863058_FAILED.txt, contains all server names that wasn’t reached, or whether the update wasn’t applied.
I could use PowerShell Remoting to query the servers in parallel, but WINRM is not enabled in most of them, and writing a workflow is a bit of an overkill for this kind of a task (on my opinion).

Keep on smiling 🙂