When trying to detect whether updates have been installed or not, there were several places we investigated:
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall
- HKLM\Software\Microsoft\WindowsNT\CurrentVersion\HotFix
- HKLM\Software\Microsoft\Updates
Some updates still write to these locations to enable detection and they should be looked for. For instance, SQL Server 2005 SP4 for the database engine will be found at:
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB246332_SQL9
However, OS based updates to Vista and above don't tend to get written to a registry key. You could use MBSA or something of that sort to try and detect them all, but there is a simpler method that can be easily scripted. It's the PowerShell Get-Hotfix Cmdlet. If I want a list of all hotfixes, it's simply:
Get-Hotfix
If I know of a specific hotfix to find, I can use the -ID switch. For instance, to find out whether MS11-064 has been installed, I need to refer to its KB#.
Get-Hotfix -ID KB2563894
Do note that this detection isn't perfect. Updates don't necessarily register where Get-Hotfix is looking. For instance, this will throw an error, even if it's installed (SQL Server 2005 SP4):
Get-Hotfix -ID KB246332
Instead, you can use the provder to look for it:
gci HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall `| Where-Object {$_.name -match "KB2463332_.*"}
Given the multiple locations it may be easier to use a specialized tool, but if you're just looking for a handful of patches, then it should be fairly easy to use Powershell to do so.
