Get List of Installed Windows Updates

This post falls into the category of note to self posts. A while back I researched the Internet for a way to get the list of installed updates on a computer.
This is useful for those of us still using Microsoft WSUS without SCCM or some other Reporting Tool, because WSUS reports only the number of computers having or not having a patch installed/applicable, but not which ones.
As of this date there are no Powershell cmdlets that let you get this information, no WMI query no nothing. You have to get it programatically, so I went along and created the following powershell code that creates a report.

$InputObject = Read-host -Prompt "Insert Computername to get list of installed updates"
$Report = @()
$filename = "$env:Temp\Report_$(get-date -Uformat "%Y%m%d-%H%M%S").csv"
If ($Computer -eq $null -and $InputFile -eq $null) {
	Write-Host -ForegroundColor Yellow "No Computer or ComputerList given, assuming value is localhost"
	$InputObject = $env:COMPUTERNAME
	}
$InputObject | % {
   $objSession = [activator]::CreateInstance([type]::GetTypeFromProgID("Microsoft.Update.Session",$_))
   $objSearcher= $objSession.CreateUpdateSearcher()
   $HistoryCount = $objSearcher.GetTotalHistoryCount()
   $colSucessHistorvy = $objSearcher.QueryHistory(0, $HistoryCount)
   Foreach($objEntry in $colSucvessHistory | where {$_.ResultCode -eq '2'}) {
       $pso = "" | select Computer,Title,Date
       $pso.Title = $objEntry.Title
       $pso.Date = $objEntry.Date
       $pso.computer = $_
       $Report += $pso
       }
   $objSession = $null
   }
$Report | where { $_.Title -notlike 'Definition Update*'} | Export-Csv $filename -NoTypeInformation -UseCulture
ii $filename

Once you run this report and have an csv viewer installed (excel for example( it will open up the file so you can review it. When exporting I did a filter to remove MS Forefront definition updates as it is pretty irrelevant most of the time, you use other tools to manage Forefront definitions.

Learning Points

Line 05 – This line creates and instance of the Windows Update API. What is neat about this function is the fact that can create an instance of the API and connect to a remote computer, notice the “$_” at the end of the line.

Line 09 – In this line after searching the entire history we filter out all but successful updates. Yes it would be nice to do that in the actual search, but I don’t know if it is possible. So I resorted to filtering out only successful result codes.

Below is a table with possible values. This can be useful if you want to generate a report based on the result code

Result Code Update Status
0 Not Started
1 In Progress
2 Successful
3 Incomplete
4 Failed
5 Aborted

That’s about it with getting the list of installed updates, the bit of code above can be easily integrated to run across a large number of computers. Thanks for reading and feedback.

Update1: Feb 2013 – i’ve modified the code to account for when you are trying to copy paste the data into a command line. Also I’ve discovered, that at least in my case, it doesn’t run on Windows 2012 machines.