Make sure KB2863058 is installed in the domain’s servers with PowerShell

Hello everyone!

Last week, Microsoft has released an update that changes the operating system’s time zone change in certain countries.

In the past, the time zone here in Israel would change in around the month of September. our ministry of the interior decided that it would change the time zone in October 27th, which forced Microsoft to release a new update – the last update was released in December 2012, and that update referred to the time zone shift in September, which isn’t relevant.

I was assigned by the head of IT to write a script that checks if the update is installed on our Windows servers, and log the data in 2 files – the first,  on which server it is installed, and on the second, on which servers it is not installed.

Of course, I could have done it with a killer one liner, but I wrote a script, although quick and dirty, I thought folks could find it helpful, so feel free change it and adjust.

### Make sure AcitveDirectory PowerShell module is installed and available, otherwise,
###use Get-Content with a text file that contains server names.
Import-Module activedirectory
New-Item -Path c:\KB2863058.txt -Type file -Force
New-Item -Path c:\KB2863058_FAILED.txt -Type file -Force
$servers = Get-ADComputer -Filter 'operatingsystem -like "*server*"' | 
select -ExpandProperty name
foreach ($server in $servers) {
if (Test-Connection $server -Quiet -Count 1) {
   try {
    Get-HotFix -Id KB2863058 -ComputerName $server -ErrorAction Stop
    Add-Content -Path C:\KB2863058.txt -Value "$(Get-Date)`t $server`t $($update.InstalledOn)"
   }
   catch {
    "$(Get-Date)`t $server`t`t NO UPDATE" | Out-File c:\KB2863058_FAILED.txt -Append
   }
}
else {
   "$(Get-Date)`t NO CONNECTION`t`t NO CONNECTION" | Out-File c:\KB2863058_FAILED.txt -Append 
}

}

The script creates 2 files. first is C:\KB2863058.txt, which contains all server names where the update was applied. the second, C:\KB2863058_FAILED.txt, contains all server names that wasn’t reached, or whether the update wasn’t applied.
I could use PowerShell Remoting to query the servers in parallel, but WINRM is not enabled in most of them, and writing a workflow is a bit of an overkill for this kind of a task (on my opinion).

Keep on smiling 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: