How to check Patch compliance on Windows OS to compare with result of Patch Me IntelliRollup ?
search cancel

How to check Patch compliance on Windows OS to compare with result of Patch Me IntelliRollup ?

book

Article ID: 233847

calendar_today

Updated On:

Products

CA Client Automation - IT Client Manager CA Client Automation CA Client Automation - Patch Manager

Issue/Introduction

How to check Patch compliance on Windows OS to compare with result of Patch Me IntelliRollup ?

Environment

Client Automation - All Versions.

Resolution

Following method to check the Microsoft Patch compliance on a computer :
 
This method is based on these Microsoft Articles :

https://docs.microsoft.com/en-us/windows/security/threat-protection/mbsa-removal-and-guidance
https://docs.microsoft.com/en-us/windows/win32/wua_sdk/using-wua-to-scan-for-updates-offline
 
 
1- Download Wsusscn2.cab
http://download.windowsupdate.com/microsoftupdate/v6/wsusscan/wsusscn2.cab

2- Copy the file Wsusscn2.cab on the computer in a temp directory (ex: c:\temp\wsus-scan)

3- Create the file wsus-scan.vbs with this content  :

Set UpdateSession = CreateObject("Microsoft.Update.Session")
Set UpdateServiceManager = CreateObject("Microsoft.Update.ServiceManager")
Set UpdateService = UpdateServiceManager.AddScanPackageService("Offline Sync Service", "c:\temp\wsus-scan\wsusscn2.cab", 1)
Set UpdateSearcher = UpdateSession.CreateUpdateSearcher()

WScript.Echo "Searching for updates..." & vbCRLF

UpdateSearcher.ServerSelection = 3 ' ssOthers

UpdateSearcher.ServiceID = UpdateService.ServiceID

Set SearchResult = UpdateSearcher.Search("IsInstalled=0")

Set Updates = SearchResult.Updates

If searchResult.Updates.Count = 0 Then
    WScript.Echo "There are no applicable updates."
    WScript.Quit
End If

WScript.Echo "List of applicable items on the machine when using wssuscan.cab:" & vbCRLF

For I = 0 to searchResult.Updates.Count-1
    Set update = searchResult.Updates.Item(I)
    WScript.Echo I + 1 & "> " & update.Title
Next

WScript.Quit
 

Remark : adapt the following line with correct path for wsusscn2.cab file

Set UpdateService = UpdateServiceManager.AddScanPackageService("Offline Sync Service", "c:\temp\wsus-scan\wsusscn2.cab", 1)


4- Execute the vbs script :
cscript wsus-scan.vbs
 
It could take several minutes
 
 
Output Examples :
 
https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=kfEuhvf2tZGLshpytNvVAg==
 
or
 
https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=Ho6OFXBWZDSNcclQQ4w1SQ==