none
How to Quickly Determine Whether or not Specific Hotfixes or Updates are Installed? RRS feed

  • Question

  • I have a handful of applications that require specific hotfixes or updates to be installed.  An excellent example of this is Internet Explorer 11 which has 9 prerequisites. (well only 6 are required, the remaining 3 prerequisites provide a better experience.)

    Is there a reliable & fast way of checking for whether or not a specific hotfix and/or patch/update has been installed? 

    I am aware of `wmic qfe` but

    1. According to this, it will only "retrieve updates for Windows OS itself and its components (such as Windows Internet Explorer (IE) or Windows Server roles and features)"
    2. Even if I'm checking for just 1 hotifx, it takes roughly 6 seconds to retrieve that information.  When we're checking for dozen or two hotfixid's that quickly adds up. `Measure-Command {wmic qfe where "hotfixid='kb982018'"}`  So for IE11, we're looking at nearly 1 minute of waiting.  Nonsense.


    Note: I'm not asking "is my system patched?" nor am I asking for a report of installed patches.  I could use WSUS, SCCM, MBSA and a multitude of other solutions for that.  I need something scriptable that will install a specific prerequisite at runtime, so I'm looking for a batch/vbscript/powershell solution that'll be quick, like 1 second quick, not 5+ per KB.
    Monday, June 9, 2014 1:34 AM

Answers

  • Get-Hotfix can look at an array of names.

    Unfortunately your wquestions and contentions are hard to address because they are a bit vague.

    Here is how to use Get-HotFix

    Get-hotfix KB2913152,KB2916036,KB2916036 

    This takes way  less than one second on a slow system.

    Perhaps you are not using the correct queries to get what you are looking for.


    ¯\_(ツ)_/¯


    • Edited by jrv Tuesday, June 10, 2014 3:35 AM
    • Marked as answer by JuliusPIV Friday, June 27, 2014 6:38 PM
    Tuesday, June 10, 2014 3:34 AM

All replies

  • What you are asking for is arbitrary.

    What prerequisites to IE 11 are you referring to?  There are none.  IE will upgrade to the latest available version for the platform.

    I think what you are looking for is someone who is trained and certified in Windows.  If you are a home user than you should post in the http://answers.microsoft.com for assistance.

    If you are using PowerShell you would not use WMIC. PowerShell has built in methods for finding hot fixes.

    To put it more simply; it is not possible to understand what you are asking because you are not trained in Windows technologies and are using a lot of terms that are being used somewhat incorrectly.  A consultant can help you sort out what it is you are asking and show you how to install IE 11.

    If your system is compatible then IE 11 will just install and it will add any updates you need.

    IE 11 can be automatically upgraded by WSUS if that is your environment.


    ¯\_(ツ)_/¯

    Monday, June 9, 2014 1:54 AM
  • This uses Powershell's Get-Hotfix to check for the presence of 10 random patches.

    On my laptop, it takes about 250ms.

    $RequiredPatches = Get-HotFix |
     select -ExpandProperty HotfixID | 
     Get-Random -Count 10
    
    Measure-Command {
    $AllHotfixes = Get-HotFix |
     select -ExpandProperty HotfixID
    
    $IsPatched = 
    ($RequiredPatches | where {$AllHotfixes -notcontains $_}) -eq $null
    }
    
    $IsPatched
    


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    Monday, June 9, 2014 2:13 AM
    Moderator
  • I will repeat:  upgrading to IE 11 will install all missing hotfixes and requirements.  It will only fail on systems that IE 111 cannot beinstalled on.

    I have installed a couple of hundred and have never seen an issue on a supported platform.

    If you have a specific KB that says a hotfix MUST be installed before yo install IE11 then post the KB.

    If you know third party software that ewquires patching then you cannot use QFE to detect this.  You will need to work with the vendor to resolve the detection of their patches.

    There is no stock script or method to address your concerns.  you will need to research this and come up with a solution.  If it is critical thenyou should contact a consultant.


    ¯\_(ツ)_/¯

    Monday, June 9, 2014 2:25 AM
  • Thanks.  I'm no expert.  I don't have a slew of characters before or after my name.  This isn't an I'm right/you're wrong situation.  I don't claim to know everything - just trying to mitigate the questions I know I'm going to be asked.

    Prior to posting, I saw your post here (which is great I might add) which works, and it will work for determining whether or not a machine has a specific update/hotfix installed.  But it consistently took 6 seconds to retrieve a single result on our assets.  This was on a Core i7 with 8GB and an SSD running Windows 8.1 Pro.  This doesn't bode well for our day-to-day systems which are Core 2 Duo's with 4GB and spindle disks.  Unless my math is wrong, if I'm checking for all 6 possible required IE11 prereqs thats 36 seconds of wait time just for WMI queries.  I'm just shocked it takes so long which made me wonder whether or not there was a faster retrieval method.

    Why would I think there's a faster method?  The closest example I can think of might be a software install.  Sure, I can query WMI, but that too takes a while.  But I could a `reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{product code}` or `reg query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 29.0.1 (x86 en-US)` then check errorlevel to determine if the product was installed, right?  Or take it a step further & check the `/v Version` to make sure it matches what I expect it to be, right?   We don't have fancy tools here like Altiris or SCCM :(  Reg query just appears to be significantly faster than wmic/gwmi in that specific scenario.  That gave me hope there might be a faster option for checking for installed updates & hotfixes.

    IE11 tries to install the proper prerequisites.  If that fails, they'll have to be done manually.  And it just so happens that the IE11 install does fail in our environment when we don't install the manually.  Fortunately we're not ready to deploy IE11, so there's no rush to push IE11.  I was merely using IE11 as an example because by virtue of the articles existence, this is a possible real-world scenario.  If I know that we can safely regression test the 6 patches for IE11, and just have it be an optional installation for the users that want or need it, then I can add the prerequisite logic to the script to help ensure a successful installation.  Again, an IE11 deployment isn't the goal here.  IE11 is just the example.


    • Edited by JuliusPIV Tuesday, June 10, 2014 3:34 AM
    Tuesday, June 10, 2014 3:10 AM
  • I'll test this as time permits this week.  Thank you for sharing!
    Tuesday, June 10, 2014 3:15 AM
  • I will repeat:  upgrading to IE 11 will install all missing hotfixes and requirements.  It will only fail on systems that IE 111 cannot beinstalled on.

    I have installed a couple of hundred and have never seen an issue on a supported platform.

    If you have a specific KB that says a hotfix MUST be installed before yo install IE11 then post the KB.

    If you know third party software that ewquires patching then you cannot use QFE to detect this.  You will need to work with the vendor to resolve the detection of their patches.

    There is no stock script or method to address your concerns.  you will need to research this and come up with a solution.  If it is critical thenyou should contact a consultant.


    ¯\_(ツ)_/¯

    IE11 does not require a 'hotfix' but rather 6 specific updates: http://support.microsoft.com/kb/2847882/en-us

    "The following table lists the prerequisite updates for Internet Explorer 11 in Windows 7 Service Pack 1 (SP1) or Windows Server 2008 R2 Service Pack 1 (SP1). You must have the following updates installed before you can install Internet Explorer 11 in Windows 7 SP1 and Windows Server 2008 R2 SP1. "

    In case you read this post before my other one above: My objective isn't to deploy IE11 at the moment.  I am only using IE11 since its a possible real-world scenario: the automatic installation of the updates fails so the IE11 setup bombs.

    Will MBSA or WSUS report on hotfixes like: 2732673, 2728738, 2878378 & 2632149?

    Tuesday, June 10, 2014 3:25 AM
  • Get-Hotfix can look at an array of names.

    Unfortunately your wquestions and contentions are hard to address because they are a bit vague.

    Here is how to use Get-HotFix

    Get-hotfix KB2913152,KB2916036,KB2916036 

    This takes way  less than one second on a slow system.

    Perhaps you are not using the correct queries to get what you are looking for.


    ¯\_(ツ)_/¯


    • Edited by jrv Tuesday, June 10, 2014 3:35 AM
    • Marked as answer by JuliusPIV Friday, June 27, 2014 6:38 PM
    Tuesday, June 10, 2014 3:34 AM
  • If your issue is that you are installing IE11 from WSUS then you need to make sure you have approved of all pre-requisites.  This has nothing to do with scripting.  it is just how you need to run WSUS.

    Again; your questions are vague and hard to understand.  We cannot guess at you context.

    If you manually install IE11 all of the requied updates will be installed automatically.  If you try to automate the install you will have to attempt an install of the required updates unless you use the IE deployment tools.

    Again - if WSUS you will need to approve the required and optional updates.

    Now...what is your question?


    ¯\_(ツ)_/¯

    Tuesday, June 10, 2014 3:40 AM
  • IE11 does not require a 'hotfix' but rather 6 specific updates: http://support.microsoft.com/kb/2847882/en-us

    "The following table lists the prerequisite updates for Internet Explorer 11 in Windows 7 Service Pack 1 (SP1) or Windows Server 2008 R2 Service Pack 1 (SP1). You must have the following updates installed before you can install Internet Explorer 11 in Windows 7 SP1 and Windows Server 2008 R2 SP1. "

    In case you read this post before my other one above: My objective isn't to deploy IE11 at the moment.  I am only using IE11 since its a possible real-world scenario: the automatic installation of the updates fails so the IE11 setup bombs.

    Will MBSA or WSUS report on hotfixes like: 2732673, 2728738, 2878378 & 2632149?

    Hotfix, Update KB all are the same.

    Yes WSUS and MBSA report on all KBs. That is what they are for.

    Forums are not good places to ask broad questions about how to use Windows or any other technology.  The initial assumption here is that you are a trained Windows technician and that you have researched the issue.  We can answer direct question easily.  Questions that require a long dissertation on the fundamentals of a technology are much harder to answer.

    Your original question implies a need to understand many technologies.  You want to knowhow to identify prerequisites for a specific application but later you say you want a gernal purpose answer.  Why not just ask that one question.

    You mention performance.  Why?  6 seconds in not a long time for a report. Optimization of code is a specialty that is very complex. It does not have a one word answer.

    You will need to learn how to script. You will need to learn Workflow or Jobs.

    Throwing a smorgasbord of problems ont a forum is not a good way to solve problems.

    Try to focus on one specific thing.  Let time help you learn the basic technologies.  With patience you will become a seasoned technician.


    ¯\_(ツ)_/¯

    Tuesday, June 10, 2014 3:58 AM
  • What's provoking the question?

    What product is installing that requires what prerequisites?


    -- Bill Stewart [Bill_Stewart]

    Tuesday, June 10, 2014 2:03 PM
    Moderator