Searching for a Windows Update

waldoWhen I was a kid, I use to love the “Where’s Waldo?” books.  If you were a child of the 80’s or 90’s, then I’m sure you had a couple of these books on your self as well.  Each page contained hundreds of cartoon characters doing a variety of entertaining things.  Your job was to search the pages looking for a man wearing a red-and-white-striped shirt, bobble hat, and glasses.  Yes, Waldo had style.

In the beginning of the book, Waldo was easy to find.  However as the book went on, trying to find Waldo was a huge challenge.  I remember at the end of one book, they dressed every character in the same red-and-white-striped shirt.  I hated that page!  It took forever to find him.

So why I’m I rambling about Waldo?  Well in our adult IT Careers, we have the same challenges when it comes to Windows Updates.  How many times have you been asked, “Is update something something whatever installed on server who cares”?  You then answer with, I don’t know let me look.  Then it’s a trip to the Start, Control Panel, Add or Remove Programs, (Programs & Features with 2008+), View Installed Updates.  Finally then, you get to search for Waldo, I mean the update.  And just like the book, in the beginning updates are easy to find with a new server.  However the longer you have the server, the harder it becomes.

So what can be done to speed up the process?  Well you have a couple choices.

If your on a Windows 2003 server you can run the following command.

 dir /ad %systemroot%\*KB2503665* 

You would change “*KB2503665*”  to whatever update you are looking for.  This will work as long as you didn’t delete the uninstall folder.  You should see the results below if the update is installed.


You could also just run the command without the “d” switch and pull the log file as well.

 dir /a %systemroot%\*KB2503665* 


Okay, that is great if we were living in the year 2003, but it’s 2013, and we now can harness the power of PowerShell.  All you have to do now is open up your PowerShell prompt and type Get-HotFix and the update your looking for.

 Get-HotFix –ID KB2488113 


You could even leave off the “-id” switch and it will still work.

The great thing about this command is, you can search not only for the Hot Fix ID, but for the description, who installed it, or when it was installed.

 Get-HotFix | where { $_.installedon -eq "5/9/2012"} 


On top of that, you can scan multiple computers.

  Get-HotFix -id KB2488113 -ComputerName ADDC03, ADDC04 


Before we go in further with the Get-HotFix cmdlet, I do have to warn you about one catch.  Since the introduction of Windows Vista, this cmdlet only returns updates supplied by Component Based Servicing (CBS).  This is due to the Get-HotFix cmdlet using the Win32_QuickFixEngineering WMI Class.  These updates are also not listed in the registry.

It also means any update installed by the Microsoft Windows Installer (MSI) or the Windows update site ( are not returned by this cmdlet.  “What Up with That?”  Instead to view everything, you will need to use a combination of the Get-Hotfix and something like the two commands below.  

$Installed = "hklm:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall","hklm:\software\microsoft\windows\currentversion\uninstall"

Get-ChildItem $Installed | ForEach-Object {Get-ItemProperty $_.pspath} | select DisplayName


Running the extra two commands will scan your registry, and give you a list of everything installed on your computer.  You can then manipulate the data to your liking.  Create reports to show Service Packs, Installed updates, Office Updates, or even applications that are installed.

Simple right?

Well this article isn’t ground breaking by any means, but if it saves you some time, and gets you out of the office a little earlier on a Friday afternoon, then I think I’ve done my job.  Maybe you will even have time to look through that old Where’s Waldo book again!  Nah…Go get a beer instead, you deserve it!

1 Comment. Leave new

Well written, Brandon. Thanks for the reg scan. This is so lame on MS part to only give us a half of the stick.


Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.