PowerShell Problem Solver: Creating a Hot Fix Reporting Tool

I think I’m long overdue in giving you an example of PowerShell in action. A few months ago, I followed a thread in a discussion forum about finding installed hot fixes and creating some type of report. Instead of jumping to the finished product, let’s spend some time going through the process to arrive at the final solution, or at least what I’m using. This process is just as important to learn and understand as the final result. We’ll be working with installed hot fixes, but it could be just about anything you need to manage.

To begin, we need a basic requirement or business need: “Find installed hot fixes on a remote computer.” In the forum, I believe the poster already knew what command to work with, but let’s say he didn’t. The first thing to do is ask PowerShell for help.

help hotfix

I’m not saying you will get a result the first time, although in this case, you’ll see there is a cmdlet, Get-HotFix that we can use. Sometimes you need to try a variety of terms and maybe even use wildcard characters. Once you have a basic cmdlet, read the complete help and examples.
With Get-HotFix, you can get a specific patch by its ID number or all of them. Since commands should work just fine locally, you should first test on your computer if you can.

While this cmdlet is pretty simple to use, others may require a combination of parameters. By testing locally, you can verify your syntax is correct without having to worry about any potential networking problems. In other words, you could get errors and not be able to tell if the problem is your syntax or something network related. Now that we know this works, we can try with a remote computer.

Since I’m just testing syntax right now, I don’t need all the results. That’s why I used the -First parameter with Select-Object to only retrieve a small sample. This is enough to understand what the data looks like. Of course, there may be more properties that aren’t displayed  by default. You could pipe the result to Get-Member, but I like this approach so that I can see the property name and value.

There are definitely some other properties we will want to incorporate into our report.

get-hotfix -ComputerName chi-web02 | select -first 5 -Property PSComputername,HotFixID,Description,InstalledBy,InstalledOn,Caption

Running this code verifies I get the information I want.

This is starting to look promising. We have a basic PowerShell expression that provides the information we want and writes it to the pipeline. This means the data could be exported to a CSV file.

get-hotfix -ComputerName chi-web02 |
select -Property PSComputername,HotFixID,Description,InstalledBy,InstalledOn,Caption |
Export-CSV -Path c:\work\chi-web02.csv -NoTypeInformation

Or formatted as a nice report.

get-hotfix -ComputerName chi-web02 |
Sort Description,HotFixID |
Format-Table -GroupBy Description -Property PSComputername,HotFixID,InstalledBy,InstalledOn,Caption

To check another computer, I can specify a different computername.

But keep in mind that the ultimate goal is to create a reusable tool, and we will need to query multiple remote computers. So before we start scripting, I need to know if Get-Hotfix will take multiple computer names. PowerShell help to the rescue!

The help shows that the parameter will take a collection of strings as indicated by []. That is easy enough to test.

At this point, we could probably put together a basic script to simplify this process.

#requires -version 3.0
#Basic-HotFixReport.ps1
Param([string[]]$Computername = $env:COMPUTERNAME)
Get-Hotfix -ComputerName $Computername |
Select-Object -Property PSComputername,HotFixID,Description,InstalledBy,InstalledOn,
@{Name="Online";Expression={$_.Caption}}

Note that the script doesn’t do any formatting or exporting. All we want it to do is write objects to the pipeline.

It works fine for a single computer. Let’s test for multiple computers and do something with the output.

C:\scripts\Basic-HotfixReport.ps1 -Computername chi-p50,chi-test02,chi-web02 | out-gridview -title "Report"

Terrific. Anyone could run the script to get the same results. But as you probably surmised, this is merely the first step. What we have now doesn’t take any errors into account. It doesn’t support the use of alternate credentials like Get-HotFix. The script also gets all hotfixes by default. Although Get-Hotfix has a parameter to limit the results to particular types of hot fixes, we’ll start looking at solutions for these issues next time.