20 January, 2013

Compare hotfixes on two computers - OS

In an enterprise environment, inevitably, you will find high availability systems. A typical solution to reach a relatively high availability is to setup a cluster. A cluster usually consists of two or more identical computers (nodes), ideally in different physical locations and they are capable of running exactly the same service, some of them have shared disks to be able to run database engines...etc. If one of the nodes in a cluster goes down for whatever reason, another one can pick up the services and run them (a service can be an IP address, a network name, database engine or any custom service which supports clustering).

In the definition of these systems, there's is a very important word: identical nodes. The computers which are part of a cluster of some sort should be very similar. Ideally same hardware model, same operating system, same applications installed, same OS, network, disk...etc configuration. And not least, same hotfixes installed.

Because Microsoft hotfixes are supposed to be installed at least once a month, a quick tool is always helpful which can tell you the differences between the list of installed hotfixes on two computers. You can get the list of Microsoft patches installed to a host with one line:
$hotfixes = gwmi -query "select HotFixID from Win32_quickfixengineering where hotfixID like 'KB%'" -computer $fsrv | select hotfixid

If you want to compare two lists, PowerShell offers you and easy way with Compare-Object, however, to make the output a bit better and more readable, you can feed the data into an object collection and then make it as the output of the script (see compareHotfixes function in the script below).

Example output:


Some of the interesting parts of the script:
#### Function for enumerating hotfixes

function gethotfixes ([string]$fsrv){
   writelog 0 "$fsrv, reading hotfixes data from Win32_quickfixengineering......" "nonew"
   $hotfixes = gwmi -query "select HotFixID from Win32_quickfixengineering where hotfixid like 'KB%'" -computer $fsrv | select hotfixid
   $strHotfixes = $hotfixes | %{$_.hotfixid.tostring()}
   writelog 1 "[done]" "extend"
   return $strHotfixes
This function reads the list of hotfixes from a remote host (has some logging as well) and returns the results in $strHotfixes variable.

#### Function for comparing hotfixes between 2 hosts
function compareHotfixes ($fobjColl, $fullreport){
   writelog 0 "Comparing hotfixes between the 2 hosts......" "nonew"

# compare the list of hotfixes from the 2 hosts

   if($fullreport) {$comparedHotfixes = compare-object $fobjColl[0].hotfixes $fobjColl[1].hotfixes -SyncWindow 500 -IncludeEqual} #we need the equals for the host details output
   else {$comparedHotfixes = compare-object $fobjColl[0].hotfixes $fobjColl[1].hotfixes -SyncWindow 500}

   # going through the output of compare-object's output and feed the data into an object collection

   foreach ($c in $comparedHotfixes) {
      $fsObj = new-Object -typename System.Object
      $hotfixId = $c.InputObject
      switch ($c.SideIndicator)
         "=>" {

               $fsObj | add-Member -memberType noteProperty -name "Item" -Value $hotfixId
               $fsObj | add-Member -memberType noteProperty -name $($fobjColl[0].ComputerName) -Value "Missing"
               $fsObj | add-Member -memberType noteProperty -name $($fobjColl[1].ComputerName) -Value "OK"
"<=" {

               $fsObj | add-Member -memberType noteProperty -name "Item" -Value $hotfixId
               $fsObj | add-Member -memberType noteProperty -name $($fobjColl[0].ComputerName) -Value "OK"
               $fsObj | add-Member -memberType noteProperty -name $($fobjColl[1].ComputerName) -Value "Missing"
"==" {

               $fsObj | add-Member -memberType noteProperty -name "Item" -Value $hotfixId
               $fsObj | add-Member -memberType noteProperty -name $($fobjColl[0].ComputerName) -Value "OK"
               $fsObj | add-Member -memberType noteProperty -name $($fobjColl[1].ComputerName) -Value "OK"


         $script:ReturnObjColl += $fsObj
writelog 1 "[done]" "extend"

This is the main part of the script where we take the list of hotfixes on each node (first and second element of the $fobjcoll object collection, which is basically an array of objects and we take the hotfixes property of them: $fobjColl[0].hotfixes, $fobjColl[1].hotfixes.) and then we use the compare-object command to compare the lists. Then there's a bit of data processing with a switch case.

if($hostlistlength -eq 2){
   foreach ($srv in $hostlist) {
      $sObjHotfixes = new-Object -typename System.Object
      $sObjHotfixes | add-Member -memberType noteProperty -name ComputerName -Value $srv
      $sObjHotfixes | add-Member -memberType noteProperty -name hotfixes -Value ""
      $sObjHotfixes.hotfixes = gethotfixes $srv
      $objColl += $sObjHotfixes

The script checks how any nodes were specified, if 2 then we are good to go. Then we just go through the list and create and object for each which will contain the name of the computer and the hotfixes enumerate from it.

Run it like this:
PS C:\> "host1","host2" | compare-hotfixes.ps1

Clipboard friendly code:
 param (     [string] $log = "",
            [switch] $fullreport = $false)
 if (!$log){
      $date = get-date -uformat "%Y-%m-%d-%H-%M-%S"
      $log = "c:\temp\$scriptname-$date.log"
      write-host -foregroundcolor 'yellow' "No logfile is specified, $log will be used." 
 $logfile = New-Item -type file $log -force
 ##################################################### Functions ##################################################### 
 # ================== Logging and reporting functions ==================
 #### Function for creating log entries in a logfile and on standard output
 function writeLog ([int]$type, [string]$message, [string]$modifier) { #usage: writeLog 0 "info or error message"
      # $modifier: <nonew | extend>
      # Value nonew: writes the output the the console and the logfile without carriage return
      # Value extend: writes the message to the output without date and 
      # both values can be used e.g. for writting to the console and logfile and put a status message at the end of the line as a second step
      $date = get-date -uformat "%Y/%m/%d %H:%M:%S"
      if($modifier -eq "extend"){
           switch ($type) {
                "0"     {$color = "Green"}
                "1"     {$color = "Yellow"}
                "2"     {$color = "Red"}
           switch ($type) {
                "0"     {$message = $date + ", INF, " + $message; $color = "Green"}
                "1"     {$message = $date + ", WAR, " + $message; $color = "Yellow"}
                "2"     {$message = $date + ", ERR, " + $message; $color = "Red"}
      if($modifier -eq "nonew"){
           write-host $message -ForegroundColor $color -NoNewLine
           $bytes = [text.encoding]::ascii.GetBytes($message)
           $bytes | add-content $logfile -enc byte
           write-host $message -ForegroundColor $color
           Add-Content $logfile $message
 #### Function for enumerating hotfixes
 function gethotfixes ([string]$fsrv){
      writelog 0 "$fsrv, reading hotfixes data from Win32_quickfixengineering......" "nonew"
      $hotfixes = gwmi -query "select HotFixID from Win32_quickfixengineering where hotfixid like 'KB%'" -computer $fsrv | select hotfixid
      $strHotfixes = $hotfixes | %{$_.hotfixid.tostring()}
      writelog 1 "[done]" "extend"
      return $strHotfixes
 #### Function for comparing hotfixes between 2 hosts
 function compareHotfixes ($fobjColl, $fullreport){
      writelog 0 "Comparing hotfixes between the 2 hosts......" "nonew"
      # compare the list of hotfixes from the 2 hosts
      if($fullreport)     {$comparedHotfixes = compare-object $fobjColl[0].hotfixes $fobjColl[1].hotfixes -SyncWindow 500 -IncludeEqual} #we need the equals for the host details output
      else               {$comparedHotfixes = compare-object $fobjColl[0].hotfixes $fobjColl[1].hotfixes -SyncWindow 500}
      # going through the output of compare-object's output and feed the data into an object collection
      foreach ($c in $comparedHotfixes) { 
           $fsObj = new-Object -typename System.Object
           $hotfixId = $c.InputObject
           switch ($c.SideIndicator) 
                "=>" {
                     $fsObj | add-Member -memberType noteProperty -name "Item" -Value $hotfixId
                     $fsObj | add-Member -memberType noteProperty -name $($fobjColl[0].ComputerName) -Value "Missing"
                     $fsObj | add-Member -memberType noteProperty -name $($fobjColl[1].ComputerName) -Value "OK"
                "<=" {
                     $fsObj | add-Member -memberType noteProperty -name "Item" -Value $hotfixId
                     $fsObj | add-Member -memberType noteProperty -name $($fobjColl[0].ComputerName) -Value "OK"
                     $fsObj | add-Member -memberType noteProperty -name $($fobjColl[1].ComputerName) -Value "Missing"
                "==" {
                     $fsObj | add-Member -memberType noteProperty -name "Item" -Value $hotfixId
                     $fsObj | add-Member -memberType noteProperty -name $($fobjColl[0].ComputerName) -Value "OK"
                     $fsObj | add-Member -memberType noteProperty -name $($fobjColl[1].ComputerName) -Value "OK"

                $script:ReturnObjColl += $fsObj
      writelog 1 "[done]" "extend"
##################################################### Body #####################################################
 writelog 0 "Syntax: $($MyInvocation.MyCommand.Path)$($myinvocation.line.substring(($myInvocation.InvocationName).length ))"
 writelog 0 "Invoked by: $([Security.Principal.WindowsIdentity]::GetCurrent().Name)"
 $hostlist = @($Input)
 $objColl = $script:ReturnObjColl = @()
 $hostlistlength = $hostlist.length
 if($hostlistlength -eq 2){
      foreach ($srv in $hostlist) {
           $sObjHotfixes = new-Object -typename System.Object
           $sObjHotfixes | add-Member -memberType noteProperty -name ComputerName -Value $srv
           $sObjHotfixes | add-Member -memberType noteProperty -name hotfixes -Value ""
           $sObjHotfixes.hotfixes = gethotfixes $srv
           $objColl += $sObjHotfixes
 compareHotfixes $objColl $fullreport

Have a look and let me know what you think.

  1. Why don't you use the built-in cmdlet Get-Hotfix? It does the same thing but helps to reduce the number of lines needed for scripts like yours.

  2. You are right, get-hotfix does the same thing. I wrote this originally when only PS 1.0 was available where you had to write your own function for almost everything, especially when you wanted to handle remoting, so either way, you achieve the same thing.
