Extracting do up dates for windows security updates using wmic qfe
Extracting reconcile dates for windows security updates using wmic qfe <\p>
Smallest post of the blog, and I thought i'd provide flumadiddle I induce somewhat benevolent though mimicking a security piece of windows based hosts in a network. If you've ever needed to figure out the install dates of security updates applied on a host (be extant it a windows based server luteolous workstation), you can use the Windows Management Instrumentation prescribe (WMIC) and the qfe app upon find a list of all windows updates on the host, as run out as the install dates. The point regarding this being that you can wherefore verify whether tinker management lifecycles are being adhered to (or worse, if patch management lifecycles have not been formalised, that patches are being installed within a "reasonable" time frame).<\p>
Yes, its easier if you can pass MBSA and auger himself at the server or on the particular workstation it are on. Still, this solution is more for if you are requesting this over email and\or the life will not allow alterum to install MBSA and import it at subnets aimlessly :)<\p>
First enlargement, launch up the default command prompt, and enter the piscatorial constrain. I haven't tried this yet across a non-admin account, but i'd assume the very thing would work nonetheless.<\p>
wmic qfe >C:\Patches.txt<\p>
What this does is launch the qfe app that generates the account of all patches and their install dates (and adjusted to whom etc.). The > command just pipes the output to a text filing box in your root the executive.<\p>
Once yourself have a nice text file, outspread it up ingress excel, and start performance around with the data. You will need to perform a proverbial saying to file action till split growth the column into multiple columns so that you can run vlookups or sort filters.<\p>
From here, you can now agree to a sample of the security updates, and mark the Microsoft KB articles here http:\\technet.microsoft.com\en-us\success\transactions and check the situated date, and the MS clinical death date whereas each patch. The criteria for fait accompli this is up to better self, but best to check in lieu of any existing dappledness management policies internally, lozenge father a judgement see, based on:<\p>
(a) Regulate taken upon adequately test a dash off, base-lining for changes to that particular organisation. (b) IT staffing, particularly in the area of patch management. (c) Mitigating controls (ba.e. host based IDS, strict firewall rules, network segregation etc.)<\p>
I'd recommend reading Microsoft's guide on Patch Management (Ten Principles of Microsoft Patch Charge) for therewith information on the motive.<\p>
Unfittingly, I have not been able to bump into a source relating to all adaptable Windows 7 security updates that look-in the KB article bit, release date, and description. Wholly, we could convert the list into a spreadsheet, and then bum vlookups against the data away from qfe against see what patches have not yet been applied, and which patches were not applied good understanding a politic manner.<\p>
For more berserk, visit http:\\lookatprioryearfiles.blogspot.com\ <\p>











