none
Manualy updating Windows security updates out of scope to WSUS RRS feed

  • Question

  • I noticed when installing a patch manually it can not retrieve infromation of patches using gethotfix or win32_ or Mictrosoft.Update.session. Is there a way I could be able to pull out this information using powershell?

    I heard Get-MSIPatchInfo which uses Windows Installer COM interfaces. I'm not allow to down load this script..... I can not find the documentation on how to use Windows Installer COM interface.  Do someone know a good source for this interface?


    michael john ocasio



    • Edited by mjocasio23 Tuesday, February 5, 2013 6:23 PM
    Tuesday, February 5, 2013 3:47 PM

Answers

  • MBSA gets the information from one of two sources:

    • If the client is configured as a WSUS client, MBSA will use the WSUS repository.
    • MBSA can also use the offline catalog: WSUSSCN2.CAB

    You might be able to leverage the offline catalog for your purposes.

    Also see How to use the Microsoft Baseline Security Analyzer.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    • Marked as answer by mjocasio23 Wednesday, February 20, 2013 8:30 PM
    Thursday, February 14, 2013 2:49 PM

All replies

  • Just find out the tool MBSA will provide you with this information of patches install manally or outside WSUS scope. Does any one knows the code behind? Powershell or C++

    michael john ocasio

    Tuesday, February 5, 2013 6:22 PM
  • Hi Michael,

    It seems a thread related to WSUS. If yes, please ask for help from:

    http://social.technet.microsoft.com/Forums/en-US/winserverwsus/threads

    Best regards,


    Ego [MSFT]
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.


    Thursday, February 7, 2013 6:22 AM
    Moderator
  • No, this is not a WSUS question.

    First, michael is installing the patch manually.

    Second, he's trying to use PowerShell to interface with the WUAgent COM+.

    While it's definitely not a VS Setup & Install question, it's not a WSUS question either. I would suggest a PowerShell or COM+ forum.

    I suspect, though, that the answer as to why it can't pull "information of patches" is because that information is contained in the WU/MU/WSUS databases, or in the WUAgent datastore if the update was detected/downloaded from WU/MU/WSUS. But in the case of a manual patch, there's no metadata source to query.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Friday, February 8, 2013 1:33 PM
  • Good answer..... I had an idea but not certain.... I will had to poke the registry to get the history for patches install manually.  

    Windows Update object model will give me the software updates that does not correspond to CBS (hot patches), but it will for MSI and Windows Update installation.... So updates information deploy by WSUS comes from its database or WUAgent datastore metadata. Any idea how MBSA retrieves the information of patches..... I believe it does detect manual installations and I was curious the name of the interface develop by Microsoft to this unless I missed the KB number when I implemented Windows Update Object Model. It looks for a good example to consolidate and create a cmdlet which allows to retrieve both CBS and Windows Update and MSI patches from a single command.


    michael john ocasio

    Saturday, February 9, 2013 8:05 AM
  • MBSA gets the information from one of two sources:

    • If the client is configured as a WSUS client, MBSA will use the WSUS repository.
    • MBSA can also use the offline catalog: WSUSSCN2.CAB

    You might be able to leverage the offline catalog for your purposes.

    Also see How to use the Microsoft Baseline Security Analyzer.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    • Marked as answer by mjocasio23 Wednesday, February 20, 2013 8:30 PM
    Thursday, February 14, 2013 2:49 PM