Report Showing What Patches Are NOT Installed
I'm working on creating a report that shows a list of computers with what Microsoft patches are NOT installed. I copied the premade report that shows what patches are applied and modified it as shown:
Select MACHINE.NAME AS MACHINE_NAME,
P.TITLE AS DISPLAY_NAME, P.IDENTIFIER as KB_ARTICLE from PATCHLINK_MACHINE_STATUS S, MACHINE, KBSYS.PATCHLINK_PATCH P
MACHINE.NAME = S.MACHINE_ID and
S.PATCHUID = P.UID and
S.STATUS = 'NOTPATCHED' and
P.VENDOR = 'Microsoft Corp.' and
P.TITLE LIKE '%Windows 7%'
group by P.TITLE ASC
For my computer, this brings up 57 patches. However, when I manually run a Windows update check through the built-in application in Windows, it only brings back 17 results. I'm basically trying to match the results that come up when you manually check a computer for Windows updates using the Windows applications. Any suggestions on how to do this? Thanks.
The link posted by jverbosk led to some SQL reports that I modified for my own use.
Community Chosen Answer
Check out the reports at the end of this blog:
There are some things you could add to your report, such the severity rating (Impact - AND PP.IMPACTID = ('Critical')) and whether they are active or not (AND PPS.STATUS in (0)) that could help you get a bit closer to the numbers you are seeing with the MS patch scan.