none
How do i write a query to show if a specific KB is installed? RRS feed

  • Question

  • Background: I am trying to uninstall a KB (2823324) that went out to some devices and wanted to target a specific collection that has the KB installed. I tried using Add/Remove Programs for my query but it returned 0 results even though I know for certain almost 200 devices recieved the update.

    Any help is greatly appreciated.

    Tuesday, April 16, 2013 3:05 PM

Answers

  • Updates are generally not displayed in Add/Remove programs.  While you CAN inventory this information on all you computers, in general you shouldn't because it is a lot of data that will not get used.  You would end up collecting hundreds of datapoints from every computer when you really only care about this 1 particular update.

     

    For this scenario, most people recommend using Compliance Settings to evaluate whether or not the one update you care about is installed.  A simple WMI query can be used to evaluate the state of the update, such as:  

    Select * from Win32_QuickFixEngineering where HotFixID = "KB2823324"

     

    I would then use that compliance information to create a collection, and target that collection with a package/program that runs something like:

    WUSA /uninstall /kb:2823324 /quiet /norestart

     

    I hope that helps,

     

     

    Nash 


    Nash Pherson, Senior Systems Consultant
    Now Micro - My Blog Posts
    <-- If this post was helpful, please click "Vote as Helpful".

    Tuesday, April 16, 2013 3:27 PM

All replies

  • Updates are generally not displayed in Add/Remove programs.  While you CAN inventory this information on all you computers, in general you shouldn't because it is a lot of data that will not get used.  You would end up collecting hundreds of datapoints from every computer when you really only care about this 1 particular update.

     

    For this scenario, most people recommend using Compliance Settings to evaluate whether or not the one update you care about is installed.  A simple WMI query can be used to evaluate the state of the update, such as:  

    Select * from Win32_QuickFixEngineering where HotFixID = "KB2823324"

     

    I would then use that compliance information to create a collection, and target that collection with a package/program that runs something like:

    WUSA /uninstall /kb:2823324 /quiet /norestart

     

    I hope that helps,

     

     

    Nash 


    Nash Pherson, Senior Systems Consultant
    Now Micro - My Blog Posts
    <-- If this post was helpful, please click "Vote as Helpful".

    Tuesday, April 16, 2013 3:27 PM
  • Updates are generally not displayed in Add/Remove programs.  While you CAN inventory this information on all you computers, in general you shouldn't because it is a lot of data that will not get used.  You would end up collecting hundreds of datapoints from every computer when you really only care about this 1 particular update.

    For this scenario, most people recommend using Compliance Settings to evaluate whether or not the one update you care about is installed.  A simple WMI query can be used to evaluate the state of the update, such as:  

    Select * from Win32_QuickFixEngineering where HotFixID = "KB2823324"

    I would then use that compliance information to create a collection, and target that collection with a package/program that runs something like:

    WUSA /uninstall /kb:2823324 /quiet /norestart

    I hope that helps,

    Nash 


    Nash Pherson, Senior Systems Consultant
    Now Micro - My Blog Posts
    <-- If this post was helpful, please click "Vote as Helpful".


    This seems helpful; however I am unsure how to build a query off of the WMI classes.
    Tuesday, April 16, 2013 5:06 PM
  • You would create a new Configuration Item under Assets and Compliance > Compliance Settings > Configuration Items.  When you create the Setting, it will allow you to pick a "Setting type" of "WQL Query".

      

     

    For the Compliance rule, I would just use an existential rule.  In this case, a device is compliant if the setting does not exist.

      

     

    You need to add the Configuration Item to a Configuration Baseline.  Then, create a deployment for that Configuration Baseline targeting a Collection.  Once those devices update policy, evaluate their compliance, and report their compliance status, you can use that information to generate collections.  For example, you can right click on the Configuration Baseline's Deployment object in the console, and select Create New Collection > Non-compliant.

     

    Be sure that your Client Settings have compliance evaluation enabled on the Compliance Settings page.

     

    The Compliance Settings product documentation is here if you need more detailed information:

    http://technet.microsoft.com/en-us/library/gg681958.aspx

     

    And here is a good little walkthrough for using Compliance Settings:

    http://blogs.msdn.com/b/scom_2012_upgrade_process__lessons_learned_during_my_upgrade_process/archive/2012/09/21/compliance-settings-sccm-2012.aspx

     

    I hope that helps!

     

     

    Nash


    Nash Pherson, Senior Systems Consultant
    Now Micro - My Blog Posts
    <-- If this post was helpful, please click "Vote as Helpful".




    • Edited by NPherson Tuesday, April 16, 2013 5:20 PM
    • Proposed as answer by i3laze_ Wednesday, July 19, 2017 10:48 AM
    Tuesday, April 16, 2013 5:16 PM
  • Thanks NPherson!
    Tuesday, April 16, 2013 7:40 PM
  • From Windows Powershell run 

    get-hotfix -id KB283324

    Tuesday, May 23, 2017 10:15 PM
  • From Windows Powershell run 

    get-hotfix -id KB283324


    what is wrong with running the default report for thia info?

    Garth Jones

    Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx

    Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased

    Tuesday, May 23, 2017 10:58 PM
    Moderator
  • Thanks for that information, but it is a little much.  As one KB is usually quick and dirty info, I would just want to write a simply WQL query.  For example:
    select distinct SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from  SMS_R_System inner join SMS_G_System_QUICK_FIX_ENGINEERING on SMS_G_System_QUICK_FIX_ENGINEERING.ResourceID = SMS_R_System.ResourceId where SMS_G_System_QUICK_FIX_ENGINEERING.HotFixID like "KB971033"

    Your answer is far, far more elegant and cool, but 99% of the time when we have an issue because a KB creates issues, this is the query we need to give Mgmt. quick answers as to who has it installed.  I did use this article to turn on the qfe classes in HW inventory.  My understanding is that hardware inventory is pretty light weight.  I think the bigger issue is the amount of data it will return to the SCCM db.  Anyway, thanks for your information and a greater understanding.

    ~Chris

    Thursday, January 10, 2019 4:19 PM