SCCM How to find the list of patches installed Via Quick Fix Engineering. I’ve seen people requesting reports of a list of Software Updates (patches) installed on a system along with the Installed dates.
Latest Post-SCCM CB – SCCM CMPivot Query Patches Installed In Last 90 Days | ConfigMgr HTMD Blog (anoopcnair.com)
SCCM How to find the list of patches installed Via Quick Fix Engineering
ConfigMgr is not collecting the list of Software Updates (patches) for Window 7/Vista/ 2008/ 2008 Core operating systems. Because on these operating systems, this information is stored in the “Win32_QuickFixEngineering” WMI class (it’s not anymore listed in Add Remove Programs), and the inventory of this class is NOT enabled in SMS_DEF.MOF (by default). Hence ConfigMgr. The report won’t provide these details unless and until you’ve enabled the appropriate WMI class in SMS_DEF.MOF.
Whereas, in Windows XP, Windows 2003, etc., operating systems, the list of Software Updates (patches) is stored in Add Remove Programs, and the WMI class for Add Remove program is enabled by default SMS_DEF.MOF. Hence you will get these details from ConfigMgr reports for Windows XP, Windows 2003, etc.
It’s not recommended to enable the “Win32_QuickFixEngineering” WMI class. Refer to the warning given in the SMS_DEF.MOF file below.
“DO NOT: Enable the Win32_QuickFixEngineering class unless you have installed the QFE for Q279225. Enabling this class without the QFE will result in inventory cycles taking a very long time to complete on the client and the WINMGMT service using 99% to 100% CPU time and leaking memory.”
The easiest way to get details from a single system is given below.
One liner command to list down the patch details (applicable only for Window 7/Vista/ 2008/ 2008 Core operating systems).
Wmic qfe list >c:\list.txt
This will provide you the list of Software Update (patches) applied on a system along with Caption, CSName (Hostname of the system – computer name), Description (category of the software update – Update, Hotfix, Security Update, etc.…), HotFixID, InstalledBy, InstalledOn (Date of Installation)
11 Days Of Free Intune Training Course By HTMD Community – HTMD Blog #2 (howtomanagedevices.com)
Author
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…
Awesome information. Thanks Anoop for sharing it
Hi Anoop ,
So the report’s like Enforcement States for a deployment and other related reports are also giving the same info like what systems are compliant ,failed deployments etc .
So what about that information . Is that information not legitimate . I believe since its fetching data from SQL database it would be the information that client has sent after giving it’s status against a particular deployment .
Please advice …
Thanks in advance…
Please advice on this coz we are using sql reporting to fetch the data and i guess we are getting correct data on compliance of WIn7 machines .coz it also fetches data from SQL database .
hai anoop c nair
iam learning sccm2012 i want list of error codes iam search in google it show different error codes pls share it
Hi ! – What kind of error codes you’re looking for ? Please let me know. Windows error codes?
These is nothing called SCCM 2012 error codes. Windows error codes can be found here http://msdn.microsoft.com/en-us/library/windows/desktop/ms681381(v=vs.85).aspx
also, you can use > “net helpmsg” from cmd to get more details.
Any way to get the list of patches that are missing?
Hi ! MBSA is the best tool to find out missing patches.
Good article.
On another note, to find out the list of patches that are missing on machines, a custom report can be created against view v_Update_ComplianceStatusAll with condition status=2
Great article Anoop. I don’t know if you have approached a software update report from this angle. But to emulate the “product” column in the software update list in the console. That way you can get metrics on how many updates are missing by the OS and what those updates are. Going against the System table and aggregating the OS Version does not seem to have the same values as the product column.
Thanks,
Jim
Great article. Was struggling for a while to do this. Just a question, if my environment does not have any Win 2000, 2003, XP, do I still need to worry about the caution and install the hotfix?
Hi Anoop,
I am looking to create a dynamic collection which will add machines to it once a particular patch is installed. Can you help me with this please.
Thanks,
Piyush
So if we enable the Win32_QuickFixEngineering WMI class for hardware inventory, in which view is that data stored?
Excellent article Anoop, thanks a lot.
Fantastic! ! Thanks for sharing.
here is an sql query that direcly queries the hotfixes and related hostnames from SCCM database
https://bestitsm.wordpress.com/2018/07/12/how-to-get-list-of-installed-hotfixes-from-sccm-database/
HI Anoop,
how can we check, list of server and server names for which latest windows patches installed in SCCM and also how to generate server list which is pending of windows patch update in SCCM
and
also how can we trigger patch updates from SCCM console for a perticular client server