--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


Recently Changed Pages:

View All Pages

View All Tags


WIKI Disclaimer: As with most other things on the Internet, the content on this wiki is not supported. It was contributed by me and is published “as is”. It has worked for me, and might work for you.
Also note that any view or statement expressed anywhere on this site are strictly mine and not the opinions or views of my employer.

Pages with comments

View All Comments


Script: Powershell Remoting: Check Windows Patch Status

The script below is to check Windows Server in an Active Directory environment using PowerShell Remoting.


Prepare the script by creating a variable containing the servername(s) and setting variables:

# Servervariable
$servers = "server01"
$servers = @("server01","server02","server03")
$servers = Get-ADComputer -Filter * -searchbase "OU=Servers,DC=shift,DC=local" | Select-Object -ExpandProperty Name | Sort-Object
# Credentials
$credentials = Get-Credential 

The Script

# Powershell remoting settings
$remotePort = 5986
$pso = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
$Culture = "en-US"
$pso.Culture = $Culture
$pso.UICulture = $Culture 
$sessionParams = @{}
$sessionParams.Add('UseSSL', $true) 
$sessionParams.Add('Port', $remotePort) 
$sessionParams.Add('Credential', $credentials) 
# Function
function PatchStatus {
    param (
        [array] $servers 
    ForEach ($server in $servers){
        Write-Host "`nName  : " -NoNewline; Write-Host "$server" -ForegroundColor Green
        if ((Test-Connection -computer $($server + "." + $domain) -count 1 -quiet) -AND ($session = New-PSSession -ComputerName $($server + "." + $domain) -EnableNetworkAccess -SessionOption $pso @sessionParams -ErrorAction SilentlyContinue)){
            try {
                Invoke-Command -Session $session -ScriptBlock {
                    Param($server, $domain);
                    # Check dor uptime
                    Write-Host "Uptime: $(((Get-Date) - (Get-CimInstance Win32_OperatingSystem).LastBootupTime).Days) days";
                    # Check for last 4 installed updates - note that patches with a pending reboot will not be shown due to a missing InstalledOn value
                    Write-Host "Last Patches: "
                    $patches = Get-HotFix | Sort-Object -Descending -Property InstalledOn -ErrorAction SilentlyContinue | Select-Object -First 4 -Property HotFixID,Description,InstalledOn
                    ForEach ($patch in $patches){Write-Host "$(($patch.InstalledOn).ToString("dd MMM yyyy")): $($patch.HotFixId) ($($patch.Description))"}
                    # Check for pending reboot
                    function Test-PendingReboot {
                        if (Get-ChildItem "HKLM:\Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" -EA Ignore) { return $true }
                        if (Get-Item "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired" -EA Ignore) { return $true }
                        if (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" -Name PendingFileRenameOperations -EA Ignore) { return $true }
                        try { 
                            $util = [wmiclass]"\\.\root\ccm\clientsdk:CCM_ClientUtilities"
                            $status = $util.DetermineIfRebootPending()
                            if (($null -ne $status) -and $status.RebootPending) {
                                return $true
                        catch { }
                        return $false
                    if (Test-PendingReboot){
                        Write-Host "Pending reboot: " -NoNewline; Write-Host "True" -ForegroundColor Red
                    }else {
                        Write-Host "Pending reboot: " -NoNewline; Write-Host "False" -ForegroundColor Green
                } -ArgumentList $server, $domain
            } catch {
                Write-Host "$server patch check failed"
                Write-Host $_.ScriptStackTrace
                Write-host $_.Exception.Message
            } finally {
                Remove-PSSession -Session $session
                $server = $null
        } else {
            Write-Host "$server cannot be reached or remote session failed" -ForegroundColor Red

Start the Script

Start with PatchStatus $servers


You could leave a comment if you were logged in.
scriptcheckwindowspatchstatus.txt · Last modified: 2022/01/24 12:27 by sjoerd