Determine Patch Level on Servers

  • Maybe someone has already done the legwork so I thought I would check here first.

    How is everyone checking their servers are up to date?  We can't really do the server is missing over X amount of patches any more and with the way Kaseya handles missing patches and installed patches its a lot of work to stay up to date on.  Looking for a way to find servers that are maybe a month or two behind on monthly roll-ups.

    Was thinking something like a powershell script to find a version (not sure on this part) and write it to a custom field.  Assuming the version numbers are consistent, then filter based on greater than XYZ version number to know what patch level you are at (Mar, Apr, May, etc).

    Anyone got any workarounds?

  • What's wrong with K patch management? it works fine for us and is self-maintaining...we do nothing manual except occasionally deny the odd patch, and everything stays up to date by itself. This works for all server OS's.

    Struggling to understand your issue....

  • Version numbers aren't meaningful for anything before Server 2016. For Server 2016 onwards combine these two registry keys to get you the version number which you can compare against Microsoft's update history at support.microsoft.com/.../4000825

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentBuild

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\UBR

    Same concept also works for Windows 10, though there are a few more version numbers to deal with.

  •  K patch management works fine.  What I am trying to do is find an easy way to verify everything is up to date.  For instance, if I have a server that tries to install the May update and fails, then next month the June update shows as missing.  Without some work, I don't really know the May update didn't install.  With that, I don't necissarily care that the May update failed, but if the April update AND May update failed, then I probably want to take a look at it but I can't use a view because the May update or April update don't show as missing, only June now.

    Good info.  Thanks.