Report of all patches installed by worksheet

BatchPatch Forums Home Forums BatchPatch Support Forum Report of all patches installed by worksheet

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #9221
    greavette
    Participant

    Hello Forum,

    We’re really finding batchpatch to be very useful for our small office. One thing I’d like to be able to do is to confirm that we have everything we need installed patch wise. We still have a few Windows Serve 2003 in our office that we are actively working to remove….but it won’t be for a little while still. To ensure we are fully patched I want to use batchpatch to generate a report of all patches installed on these servers and compare them against a Microsoft spreadsheet I found listing all security bulletins:

    https://www.microsoft.com/en-us/download/details.aspx?id=36982.

    I know batchpatch can generate a report of everything installed. Is there a way to do this by worksheet perhaps? I see that the report generated is one big list with Column A being the hostname.

    Just wondering what others have done when generating this type of report for more than one computer.

    Thank you.

    #11287
    doug
    Moderator

    All you really need to do is highlight every computer in one grid/tab, and then run the report. This will give you a report for that entire grid/tab. Then go to your next grid and highlight every row, and then run the report. And so on.

    I hope this helps.

    -Doug

    #11288
    greavette
    Participant

    Thank you Doug for this response.

    I do run my reports how you’ve suggested. What I was attempting to do was to confirm that the updates that are installed (base on the report) are all the updates a server would need. I know my question goes above and beyond what batchpatch is but this community is very knowledgeable so I thought I would try and rephrase/change my question slightly to see what others are doing….

    Does anyone have advice on how to confirm that all the patches that are installed on a server encapsulates all the available patches that need to be installed? I’ve found a spreadsheet of Microsoft security bulletins which lists all KB and the O/S. Manually checking all the installed updates against this spreadsheet is a daunting task. Is there a better way to confirm that my server is protected and has all the patches it needs?

    Thanks in advance for any advice you can provide.

    #11291
    doug
    Moderator

    Thanks for clarifying. I had misunderstood your original question/request. That said, I would like to add my two cents now that I understand your question. What you’re asking to do, in my opinion, seems a bit odd and unnecessary. In fact, I suspect it will only cause you grief. The reason is because what you are trying to do is exactly what the Windows Update Agent already does. You don’t want to manually look through and compare every single installed update with the list of updates from Microsoft because that would be extremely tedious and time consuming. However, when you run Windows Update (either on the computer directly or through BatchPatch), the target machine compares what is currently installed on the machine to what updates are available. There is a lot of complex rule processing that occurs to deliver the final list of available updates. This ‘check for available updates’ action *IS* the verification, essentially. This is the process that does the comparison that you’re trying to do manually. The only caveat is that if you are using a local WSUS instead of Windows Update (or Microsoft Update), then it’s possible that you didn’t approve certain updates on the WSUS that should be installed on the target computer(s). If this is the case, then the best way to see what other updates would be available to the target computer(s) if you were not using a WSUS is to simply switch the ‘Server Selection’ in BatchPatch under ‘Tools > Settings > Windows Update’ to point to ‘Windows Update’ instead of ‘Default/managed.’ Then when you check for available updates in BatchPatch, the target computers will check against Microsoft’s servers instead of your local WSUS. The report of available updates that is generated will tell you what, if any, updates are needed by target computers. I hope this helps a bit.

    Good luck.

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.