J
Joe Morris
How can I design a procedure to inventory the Microsoft patches that have
been applied to Vista?
Although the process wasn't completely reliable, in XP you could get a good
idea of what had been installed by enumerating the Registry keys under
HKLM\SOFTWARE\Microsoft\Updates. Microsoft even published a small
command-line utility (QFECHECK) which would (usually) tell you what Windows
patches were installed and which had downleveled files that needed to be
reinstalled. (A real advantage of QFECHECK was that the help desk could
tell users to run it as part of their triage process.)
All of this has changed in Vista. The Registry path used in XP no longer
exists, and the data that was there seems to be scattered over various parts
of the Registy. Further, the Security Bulletin notices do not publish a
Registry key test for Vista.
What I'm trying to do is to be able to have an inventory program record an
enumeration of the installed patches, allowing downstream programs to
determine if the machine has the updates that are required by company
policy. With XP this could (with a few exceptions) be done by saving the
contents of the UPDATES key, but at this time I don't see any way to do it
except by including massive amounts of data from the HKCR hive, which will
(a) mean a huge increase in the size of the inventory files, and (b) take
longer to read and send from the user's machine.
Does anyone have a solution for this?
And if there is an RTFM answer, I'll be happy to accept it if you'll just
tell me which FM is appropriate.
Joe Morris
been applied to Vista?
Although the process wasn't completely reliable, in XP you could get a good
idea of what had been installed by enumerating the Registry keys under
HKLM\SOFTWARE\Microsoft\Updates. Microsoft even published a small
command-line utility (QFECHECK) which would (usually) tell you what Windows
patches were installed and which had downleveled files that needed to be
reinstalled. (A real advantage of QFECHECK was that the help desk could
tell users to run it as part of their triage process.)
All of this has changed in Vista. The Registry path used in XP no longer
exists, and the data that was there seems to be scattered over various parts
of the Registy. Further, the Security Bulletin notices do not publish a
Registry key test for Vista.
What I'm trying to do is to be able to have an inventory program record an
enumeration of the installed patches, allowing downstream programs to
determine if the machine has the updates that are required by company
policy. With XP this could (with a few exceptions) be done by saving the
contents of the UPDATES key, but at this time I don't see any way to do it
except by including massive amounts of data from the HKCR hive, which will
(a) mean a huge increase in the size of the inventory files, and (b) take
longer to read and send from the user's machine.
Does anyone have a solution for this?
And if there is an RTFM answer, I'll be happy to accept it if you'll just
tell me which FM is appropriate.
Joe Morris