Get a report of the patch for ms08-067

for /f "delims=\ " %i in ('net view ^| findstr "\\"') do @echo %i >> patch.txt & @wmic /node:%i qfe where hotfixid="KB958644" list full 2>&1 | findstr "InstalledOn Description Instance" >> c:\patch.txt

Let's start in the slightly in middle and work outwards. The net view command gets a list of computers in your domain. The output contains some header and footer junk that we don't want, so we use the findstr command to just get a list of the computers. The output of just net view | findstr "\\" looks like this

 \\computer1    Description1
 \\computer2    Description2
 \\computer3    Description3

In order to run the command inside the for loop we have to put singe quotes around it. The problem is that pesky pipe messes things up, so we have to delimit it with a carrot.

We just want the computer name, so we have to parse it with a for loop. We set the delimiters to be the backslash and a space. By default the for loop only returns the first token, in our case the computer name. We could explictly select the first token by adding "tokens=1", but brievity is what we want. So now we have a variable %i that contains just the computer name. If we just run the first portion we get this.

 for /f "delims=\ " %i in ('net view ^| findstr "\\"') do @echo %i
 computer1
 computer2
 computer3

So we now have a list of all computers in our domain. Now we want to see if they have the patch. Using Ed Skoudis's command line kung fu we can use that to generate a report from all the computers. You can check out the clkf blog for a good description of the the wmic command. http://blog.commandlinekungfu.com/2009/03/episode-16-got-that-patch.html

We then use &2>1 so send the error to standard out. This is done so we can filter on it and we can save it to our file. This way we can get a list of the computers that we can't contact and use that to find out another way. The options from the wmic command look like this.

c:\>wmic /node:%i qfe where hotfixid="KB958644" list full

Output options:
From a computer we can query:
 Caption=
 CSName=Computer1
 Description=Security Update for Windows Server 2003 (KB958644)
 FixComments=Update
 HotFixID=KB958644
 InstallDate=
 InstalledBy=jholmbo
 InstalledOn=10/28/2008
 Name=
 ServicePackInEffect=SP3
 Status=

From a computer we can't query:
 Node - Computer2
 ERROR:
 Code = 0x800706ba
 Description = The RPC server is unavailable.
 Facility = Win32

From an unpatche computer
 No Instance(s) Available.

Finally, we use the findstr to take the relevant output and append it to our report. We could filter the resultes from the wmic query by using wmic qfe where hotfixid="KB958644" get InstalledOn but it splits the results into two lines, makes it harder to use findstr, and we are already using findstr so who cares.

We get a report that looks like this

computer1
InstalledOn=10/28/2008
computer2
Description = The RPC server is unavailable.
computer3
No Instance(s) Available.

Hope you guys find this useful!