Sunday, October 02, 2011

Obtain Windows Update (Quick Fix) History in CMD

Windows Malicious Software Removal Tool

Obtaining patch information is critical while performing an audit on windows system. Windows Management Instrumentation allows obtain these information in command line in descriptive way.

command is should be run administrative command line. Out put can be sent to a text file.



  • 'wmic qfe' will shows the all out put.
  • 'wmic qfe > C:\updates.txt' will send all out put to text file in C:\ with name of updates.txt
  • 'wmic qfe list brief' will out put brief description
  • 'wmic qfe list brief | find "2011"' will shows updates installed on 2011

Here is a sample out for 'wmic qfe list brief | find "2011" > C:\updates.txt' in Windows Server 2003.

Security Update for Windows Internet Explorer 8 (KB2510531)  Update        KB2510531-IE8      
            Administrator  9/29/2011          SP0                          

Security Update for Windows Internet Explorer 8 (KB2544521)  Update        KB2544521-IE8
            Administrator  9/29/2011          SP0                          

Security Update for Windows Internet Explorer 8 (KB2559049)  Update        KB2559049-IE8
            Administrator  9/29/2011          SP0                          

Security Update for Windows Internet Explorer 8 (KB982381)   Update        KB982381-IE8   
            Administrator  9/29/2011          SP0                          

Update for Windows Internet Explorer 8 (KB982632)            Update        KB982632-IE8       
            Administrator  9/29/2011          SP0                          

Windows Server 2003 Service Pack 2                           Service Pack  KB914961               
            Administrator  9/28/2011          SP2                          

Security Update for Windows Server 2003 (KB2079403)          Update        KB2079403         
            Administrator  9/29/2011          SP3                          

Security Update for Windows Server 2003 (KB2115168)          Update        KB2115168                    
            Administrator  9/29/2011          SP3                          

Security Update for Windows Server 2003 (KB2229593)          Update        KB2229593          
            Administrator  9/29/2011          SP3                          

Security Update for Windows Server 2003 (KB2296011)          Update        KB2296011       
            Administrator  9/29/2011          SP3                          

Update for Windows Server 2003 (KB2345886)                   Update        KB2345886        
            Administrator  9/29/2011          SP3                          

Security Update for Windows Server 2003 (KB2347290)          Update        KB2347290        
            Administrator  9/29/2011          SP3

(Note that text are wraped)

Other than 'qfe' option following options are available in wmic.

  • ALIAS                    - Access to the aliases available on the local system
  • BASEBOARD                - Base board (also known as a motherboard or system board) management.
  • BIOS                     - Basic input/output services (BIOS) management.
  • BOOTCONFIG               - Boot configuration management.
  • CDROM                    - CD-ROM management.
  • COMPUTERSYSTEM           - Computer system management.
  • CPU                      - CPU management.
  • CSPRODUCT                - Computer system product information from SMBIOS. 
  • DATAFILE                 - DataFile Management.  
  • DCOMAPP                  - DCOM Application management.
  • DESKTOP                  - User's Desktop management.
  • DESKTOPMONITOR           - Desktop Monitor management.
  • DEVICEMEMORYADDRESS      - Device memory addresses management.
  • DISKDRIVE                - Physical disk drive management. 
  • DISKQUOTA                - Disk space usage for NTFS volumes.
  • DMACHANNEL               - Direct memory access (DMA) channel management.
  • ENVIRONMENT              - System environment settings management.
  • FSDIR                    - Filesystem directory entry management. 
  • GROUP                    - Group account management. 
  • IDECONTROLLER            - IDE Controller management.  
  • IRQ                      - Interrupt request line (IRQ) management. 
  • JOB                      - Provides  access to the jobs scheduled using the schedule service. 
  • LOADORDER                - Management of system services that define execution dependencies. 
  • LOGICALDISK              - Local storage device management.
  • LOGON                    - LOGON Sessions.  
  • MEMCACHE                 - Cache memory management.
  • MEMLOGICAL               - System memory management (configuration layout and availability of memory).  
  • MEMORYCHIP               - Memory chip information.
  • MEMPHYSICAL              - Computer system's physical memory management. 
  • NETCLIENT                - Network Client management.
  • NETLOGIN                 - Network login information (of a particular user) management. 
  • NETPROTOCOL              - Protocols (and their network characteristics) management.
  • NETUSE                   - Active network connection management.
  • NIC                      - Network Interface Controller (NIC) management.
  • NICCONFIG                - Network adapter management. 
  • NTDOMAIN                 - NT Domain management.  
  • NTEVENT                  - Entries in the NT Event Log.  
  • NTEVENTLOG               - NT eventlog file management. 
  • ONBOARDDEVICE            - Management of common adapter devices built into the motherboard (system board).
  • OS                       - Installed Operating System/s management. 
  • PAGEFILE                 - Virtual memory file swapping management. 
  • PAGEFILESET              - Page file settings management. 
  • PARTITION                - Management of partitioned areas of a physical disk.
  • PORT                     - I/O port management.
  • PORTCONNECTOR            - Physical connection ports management.
  • PRINTER                  - Printer device management. 
  • PRINTERCONFIG            - Printer device configuration management.  
  • PRINTJOB                 - Print job management. 
  • PROCESS                  - Process management. 
  • PRODUCT                  - Installation package task management. 
  • QFE                      - Quick Fix Engineering.  
  • QUOTASETTING             - Setting information for disk quotas on a volume. 
  • RDACCOUNT                - Remote Desktop connection permission management.
  • RDNIC                    - Remote Desktop connection management on a specific network adapter.
  • RDPERMISSIONS            - Permissions to a specific Remote Desktop connection.
  • RDTOGGLE                 - Turning Remote Desktop listener on or off remotely.
  • RECOVEROS                - Information that will be gathered from memory when the operating system fails. 
  • REGISTRY                 - Computer system registry management.
  • SCSICONTROLLER           - SCSI Controller management.  
  • SERVER                   - Server information management. 
  • SERVICE                  - Service application management. 
  • SHADOWCOPY               - Shadow copy management.
  • SHADOWSTORAGE            - Shadow copy storage area management.
  • SHARE                    - Shared resource management. 
  • SOFTWAREELEMENT          - Management of the  elements of a software product installed on a system.
  • SOFTWAREFEATURE          - Management of software product subsets of SoftwareElement. 
  • SOUNDDEV                 - Sound Device management.
  • STARTUP                  - Management of commands that run automatically when users log onto the computer system.
  • SYSACCOUNT               - System account management.  
  • SYSDRIVER                - Management of the system driver for a base service.
  • SYSTEMENCLOSURE          - Physical system enclosure management.
  • SYSTEMSLOT               - Management of physical connection points including ports,  slots and peripherals, and proprietary connections points.
  • TAPEDRIVE                - Tape drive management.
  • TEMPERATURE              - Data management of a temperature sensor (electronic thermometer).
  • TIMEZONE                 - Time zone data management. 
  • UPS                      - Uninterruptible power supply (UPS) management. 
  • USERACCOUNT              - User account management.
  • VOLTAGE                  - Voltage sensor (electronic voltmeter) data management.
  • VOLUME                   - Local storage volume management.
  • VOLUMEQUOTASETTING       - Associates the disk quota setting with a specific disk volume. 
  • VOLUMEUSERQUOTA          - Per user storage volume quota management.
  • WMISET                   - WMI service operational parameters management.
Posted by at
Labels: , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)