Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
How to know the installed patch has been applied or not without reboot.

Answered How to know the installed patch has been applied or not without reboot.

  • Monday, November 19, 2012 7:23 AM
     
     
    Sign In to Vote
    0

    Is there a way or any command to know whether the latest patch been applied to the server(2k3, 2k8)?

    We have multiple LOBs(Apps) that requires "no immediate reboot" after applying patches.

    We have to make sure that the patch been applied before handing off to Apps team. The idea is to reapply the patch if it is failed.
    • Edited by msk9 Monday, November 19, 2012 7:40 AM
    •  
     

All Replies

  • Monday, November 19, 2012 5:35 PM
    Moderator
     
     
    Sign In to Vote
    0

    Is there a way or any command to know whether the latest patch been applied to the server(2k3, 2k8)?

    It's reported as Installed on the WSUS server.

    It's displayed in the list of installed updates on the client system.

    We have multiple LOBs(Apps) that requires "no immediate reboot" after applying patches.

    We have to make sure that the patch been applied before handing off to Apps team. The idea is to reapply the patch if it is failed.

    How are you getting these patches to the WSUS infrastructure?

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

     
  • Wednesday, November 21, 2012 12:39 PM
     
     
    Sign In to Vote
    0

    Hi Lawrence,

    Thanks for the reply.

    We have Altiri deployment in our environment and there is a separate people called 'patch coordinators' created some jobs(e.g. 1.deploy patch 2. deploy patch_no reboot) for monthly patch cycle and they schedule all the servers as per the LOB requirements.

    I am one of the guy who monitor whether the patch been applied or not.

    For the case where there are deploy patches without reboot, Altiris tool is showing as Patches deployed even there is  failure of one patch among multiple patches.

    In such cases, I would like to know what are the failed patches, so that I can rerun the job or manually install the patches.

    For that is there any way to know how many patches are deployed and failed.

     
  • Wednesday, November 21, 2012 11:30 PM
    Moderator
     
     
    Sign In to Vote
    0

    This is the Microsoft TechNet WSUS Forum and the only thing appropriate for comment here is regarding a WSUS server.

    I know nothing about Altiris, and how you get the answers to those questions via Altiris probably should be directed to your "patch coordinators" and/or Symantec.

    From the standpoint of Microsoft Windows... my previous point is probably your best option: Installed updates are displayed on the list of installed updates on each system, but updates installed by the Altiris agent may not be populated into that list.

    Personally, it sounds to me like you've been assigned a task at your job, and you're not familiar with how to perform the task. For that I would suggest consulting with your supervisor.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin



     
  • Thursday, November 22, 2012 7:00 AM
     
     
    Sign In to Vote
    0

    Sir,

    In my 1st msg I haven't discussed any other things out of Microsoft.

    I am not talking about Altiris or any other tool. I am just giving a brief about the environment to have a better idea because of your 1st answer.

    The query is simple, how would I come know a patch status after installation, with out rebooting a server.

    I'm curious about how to know the patch status(installed/failed/etc) without reboot, its a doubt as I am a human-being who usually thinks & getting doubts naturally and

    I don't have much idea on WSUS/Patching as I recently started working on patching activities.

    I am not familiar with what I am doing may be, but that is not the discussion point.

    Please suggest me correct forum if this is not the correct forum to my question!



    • Edited by msk9 Thursday, November 22, 2012 7:07 AM
    • Edited by msk9 Thursday, November 22, 2012 7:08 AM
    • Edited by msk9 Thursday, November 22, 2012 8:24 AM
    • Edited by msk9 Thursday, November 22, 2012 8:34 AM
    •  
     
  • Friday, November 23, 2012 4:16 PM
    Moderator
     
     Answered
    Sign In to Vote
    0
    The query is simple, how would I come know a patch status after installation, with out rebooting a server.

    I've answered this question twice, now.

    I don't have much idea on WSUS/Patching as I recently started working on patching activities.

    Then I would suggest to begin by reading this section of the TechNet library, and learning how the basics of Windows Update works:

    http://technet.microsoft.com/en-us/library/bb466251.aspx

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

     
  • Friday, November 23, 2012 4:47 PM
     
     
    Sign In to Vote
    0

    HI

    Please use the command

    C:\>wmic qfe list >updates.csv

    Exports an excel sheet with list of updates installed when by whom. seearch for the required updates. This is what i follow every time.

    wmic qfe | find “123456" , this finds the required KB, 123456 KB number

    But this is after server reboot.

    Not sure this give info on installed updates before reboot for the updates which require reboot.

    Mallikarjuna YH, Windows / Exchange



     
  • Friday, November 23, 2012 6:37 PM
    Moderator
     
     Answered
    Sign In to Vote
    1

    Not sure this give info on installed updates before reboot for the updates which require reboot.

    It also presumes that the Microsoft stack (AU/WU/MU/WSUS/WUAgent) is being used to install the update. Unless I've misunderstood something, I believe that the source of that WMIC QFE LIST command is the WUAgent datastore (which is where Update History is conventionally stored on a Windows system).

    The O.P. has stated that they're using Symantec Altiris to update the systems. Altiris uses its own agent. Thus the activities of the Altiris agent are not likely being written to the WUAgent datastore, and may not be available from the standard OS list of installed updates.

    In addition, that command does not return a comprehensive list of all updates installed... it looks to me on my system that it's only a list of *OS* updates -- I'm not seeing any *application* updates in the returned results.

    This thread from last year discusses this question in more detail, and provides an alternate PowerShell cmdlet and PowerShell script that may provide more of what is needed (provided, of course, that the data is in the datastore to begin with).

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

    • Marked As Answer by msk9 Sunday, November 25, 2012 2:14 AM
    •  
     
  • Wednesday, November 28, 2012 7:11 AM
     
     
    Sign In to Vote
    0
    thanks a lot for the valuable information and link provided above. It opens a door to me to know more details and I'm getting into the subject what I am looking for.