Hacking WSUS #2 of 5 -- Create Missing Patches Report
Aha! Knowing the patches installed on your computers is only so useful. Its great for handing to auditors. But what should really interest you is a report that will show you what patches are not installed on a particular computer.
What's interesting about this report is how it determines which patches are and are not installed. If the computer you scan is connected to a local WSUS server for its patches, it will compare itself against the patches set to "Install" on that WSUS server. If, however, this computer is not attached to a WSUS server, it will do the comparison against update.microsoft.com, and assume all patches there are considered approved.
Like with yesterday's script, you'll need to create a text file with a list of computer names -- one per line -- and reference that file when you run the script. An example: wsusDetectNotInstalled.vbs computers.txt.
Click the link below for the code:
strComputerList = WScript.Arguments.Item(0)
Set fso = CreateObject("Scripting.FileSystemObject")
Set f = fso.OpenTextFile(strComputerList, 1, True)
Set objTextFile = fso.OpenTextFile("OUTPUT.csv", 2, True)
objTextFile.WriteLine("Computer Name,Update Title")
Do While f.AtEndOfLine <> True
strComputer = f.ReadLine
Set objSession = CreateObject("Microsoft.Update.Session", strComputer)
Set objSearcher = objSession.CreateUpdateSearcher()
Set objResults = objSearcher.Search("Type='Software'")
Set colUpdates = objResults.Updates
For i = 0 to colUpdates.Count - 1
If colUpdates.Item(i).IsInstalled = FALSE Then
objTextFile.WriteLine(strComputer & "," & colUpdates.Item(i).Title)
End If
Next
Loop
WScript.Echo "Done!"