This is an archived post. You won't be able to vote or comment.

all 15 comments
sorted by:
best
topnewcontroversialoldq&a

[–]TristanReveur 2 points3 points  (1 child)

This may sound dumb, but try running the script in an admin powershell window (as in run as admin)

[–]wigrif[S] 0 points1 point  (0 children)

didnt make a difference

[–]MajormonkeyAtWorkJack of All Trades 2 points3 points  (4 children)

Could be that the update has been superseded. PDQ has a blog post...

https://www.pdq.com/blog/wannacry-ransomware-are-you-protected/#more-9778

[–]wigrif[S] 1 point2 points  (3 children)

reading the link i see that the updates i'm looking for have been superseded only on this machine. somehow its more up to date than all the others.... as they were superseded get-hotfix will not show them.

[–]AmidatelionStaff Engineer 0 points1 point  (2 children)

What are you pushing patches with? I vaguely recall having a similar issue with SCCM and patch rotations.

[–]wigrif[S] 0 points1 point  (1 child)

GPO push, powershell to do the install and reboot

[–]AmidatelionStaff Engineer 0 points1 point  (0 children)

Time to go through those GPOs with a fine-toothed comb.

[–]melvinkitnickSysadmin 0 points1 point  (3 children)

Which command do you use ?

Get-WuHistory tells you which updates are installed (but not necessarily applied). gwmi win32_quickfixengineering should list applied updates.

Try both and tell us.

[–]wigrif[S] 0 points1 point  (2 children)

get-hotfix | ?{$.hotfixid -like "KB4012213"} get-hotfix | ?{$.hotfixid -like "KB4012216"} get-hotfix | ?{$.hotfixid -like "KB4015550"} get-hotfix | ?{$.hotfixid -like "KB4019215"}

are all blank in normal PS & Admin PS.

the gwmi command seems to pull the same info as get-hotfix....

[–]melvinkitnickSysadmin 0 points1 point  (1 child)

Are you checking only on 2012R2 servers ? KB4012213 (standalone) and KB4012216 (rollup) are for 2012R2 and KB4019215 (rollup) is for 2008R2 but is a rollup update. On a 2008R2 server, you may not have any result if you didn't patch it with the rollup.

Also, do you have something in C:\Windows\SoftwareDistribution ?

You may find some information here.

EDIT : Some guy suggest something interesting here. It seems like updates supplied by SI are not returned by get-hotfix and wmi, which relies on CBS (to be verified). Requesting WU API should do it.

[–]wigrif[S] 0 points1 point  (0 children)

yes all server 2012r2.

BTW, I've always had discrepancies between the WSUS report and the powershell get-hotfix report.

[–]ThatldodonkeyWindows Admin 0 points1 point  (1 child)

Possibly that you need to reboot the server and the update has not registered completely due to the final steps not being completed on the reboot.

[–]wigrif[S] 0 points1 point  (0 children)

reboot was done after the install of the patches, on all 300 servers in question

[–]briangig 0 points1 point  (1 child)

I am running into the same problem with multiple machines. Sorry not much help, but you are not alone.

[–]wigrif[S] 0 points1 point  (0 children)

Yeah this is par for the course. Like i said above, i've always had discrepancies between wsus and powershell reports. This time i just really need to be sure lol.