PowerShell script to get all Windows Updates from all computers

About a year ago I’ve published a post describing how to get a list of installed updates using PowerShell (and some other ways):

Last week I’ve received an email from one of the blog followers:

I read your blog all the time, and I’m trying to come up with a posh script that will give me all the Windows Updates and also the “hotfixes” on a server or multiple servers.
Based on what I’ve read the command you posted below doesn’t return “hotfixes”, I haven’t read exactly why as I’m searching for a good answer, but it’s apparently due to the way they are installed/registered on the system.  So the cmdlet get-hotfix is supposed to provide the hotfixes, but I haven’t found “1” script that will pull all updates and hotfixes.
I was also trying to get the command you have which I had found myself as well to accept the contents of a text file for the list of servers, then output the results to an excel file.  I’ve only done export-csv, never excel, so csv would work but I can’t figure out how to combine the 2 commands, not include duplicates if the commands do pick up the same item, and then export the info. Would you mind pointing me in the right direction?


I have been investigating it since and here’s what I came up with.

Basically, he’s right – get-hotfix returns only QFE’s (Quick Fix Engineering) updates registered in the system. The PowerShell command actually accesses the same WMI table suggested in the original blog post.

Unfortunately there is no PowerShell command to get a list of all the Windows updates installed on a system – not PowerShell nor WMI query. The reason is that updates are registered in different places on the computer depending on how you install them. You can read more in this nice Microsoft KB – Identifying installed updates on Microsoft products.

I did find a PowerShell script posted by Oscar Morales. This script queries the computer for all the programs installed on it – programs, updates and QFE’s. You can find the script here. The script save’s its output to an xml file.

To answer the second question asked previously (how to run it on several computers) I did the following.

I’ve changed the following lines in the script:

## Setting the save location - this can be updated to save it to a passed in parameter

$Invocation = (Get-Variable MyInvocation -Scope Script).Value $ScriptPath = Split-Path -Parent


$SavePath = $ScriptPath + "\Programs.xml";

Sorry for the bad format, working on how to solve that.

I removed the first two lines and changed the 3rd to:

$SavePath = "\\Network\Share\"+ [System.Net.Dns]::GetHostName() + "-Programs.xml"

[System.Net.Dns]::GetHostName() – simply represents the name of the computer.

Please note you have to provide a shared local with appropriate permissions (to create files).

The script will create an xml file for each computer with COMPNAME-Programs.xml file name.

I than copied the script to my workstation and run it with the following command:

Inovke-Command –ComputerName (Get-Content .\Computers.txt) –FilePath C:\Script.Ps1

Please note the Computers.txt file which contains a list of all the computer I want to run the script on.


I know its not a CSV or Excel format but I think that xml is a pretty good solution.


One Comment

  1. Looking for Powershell script to identify if an agent is intalled on a Windows Server

What do you think about this post?