Normally the optimal and quickest way to determine if a patch has definitely been installed on a system is to use WMI. That’s where the SCCM client primarily gets its information from to report back to its parent. There are several ways you can go about but the ways i’ve found to be ideal for me are described below: Through the command prompt:
- On the system which you wish to query, open up command prompt
- Run “Wmic /namespace:rootccmsoftwareupdatesupdatesstore path CCM_UpdateStatus get status, Article, Bulletin, UniqueId”
- This will show you ALL updates on the particular system. I’ve added additional information for reference but you can always play around with what you wish to see returned.
- This is best for an overview and you can quickly do a find or filter to determine a patch status if you pipe it to a txt file.
Through the Wbemtest User Interface:
- Start “WBEMTEST” from a run prompt
- Connect to the namespace “<computername>rootccmsoftwareupdatesupdatesstore
- Select the Query button and using WQL, create a statement that suits your needs. Some examples are below:
-
- Searching for a Missing Patch that is for Web Components would be:
- select * from ccm_updatestatus where status = “missing” and title like “%web%”
- Searching for all installed patches would be:
- select * from ccm_updatestatus where status = ‘installed’
- Searching for a Missing Patch that is for Web Components would be:
-
Depending on your requirements / needs, have fun! Wbemtest is very useful for quick references to WMI to determine patch statuses whenever you are suspecting the integrity of data received from SCCM due to possible sync issues.