System patch Detection Using WMI

System patch Detection Using WMI

Transport: http://safe.zol.com.cn/2005/0427/167326.shtml

There are many articles about Microsoft's Windows Management specifications (Wmi), but few articles about Patch Management. Although many patch management software can be used in Windows systems, such as Microsoft's SMS, It is very troublesome for a company of several hundred people to operate, because you need to install related software on each client. This article introduces a simple method. Using the features provided by WMI, you can use Vbscript to write a script to detect patches for Windows.

WMI is the core of the Windows 2000/XP management system. WMI is a useful plug-in for other Win32 operating systems. WMI is based on cimom. cimom is the common information modelobject manager. It is an object database that describes the components of an operating system, provides a public interface for MMC and script programs to access the operating system components. Windows
WMI is a scalable system management structure that uses a unified, standard-based, and scalable object-oriented interface. When I first understood WMI, I always thought that WMI was "Windows Management Interface.

Next we will learn in detail how to use WMI to implement the patch detection process. Figure 1 shows the flowchart of the entire detection process.

Figure 1. flowchart of patch Detection Using WMI

Step 1: Set the patch number to be detected. We know that each patch of Microsoft has a standard number (such as kb828741). We can obtain the latest patch from Microsoft's website. Then, put the patch number you want to install into an array. We need to set different detection patch numbers for different Windows operating systems. Based on the current Windows system usage
2000/2003/XP.

'For windows protocol = array ("kb840315", "kb870669", "kb828741", "kb835732", "kb840987", "kb841356", "kb885835", "kb885836 ", "kb831626", "kb841872", "kb841873", "kb889293") 'for Windows 2003 system arrfixed_win2k3 = array ("kb83167", "kb840374", "kb867801 ", "kb833987", "kb873376", "kb885835", "kb885836") 'for Windows XP license = array ("kb840987", "kb833987", "kb8000045", "kb840315 ", "kb841873", "kb873376", "kb841356", "kb889293", "kb885835", "kb885836") 'for Windows XP license = array ("kb83167", "kb885835 ", "kb885836 ")

Step 2: Create a WMI Object and establish a connection with the target host.

Dim ob1_miservice // WMI Object dim strcomputer = "." // The address is set ob1_miservice = GetObject ("winmgmts :! \ "& Strcomputer &" \ Root \ cimv2 ")

First, define two variables: obw.miservice and strcomputer. The first is the service positioning object we want to create, and the second is the IP address of the target host (if it is "." For the current host). The third sentence is to create a service object connected to the target host and define the namespace parameter as "Root \ cimv2 ". In this namespace, we will use the following system information.

Socket: For details about the code, see check_patch.txt provided by the optical disk. Change the file extension TXT to vbs and double-click it in windows. If no patch is detected in the current system, a prompt window is displayed. Otherwise, no.

Step 3: Read the current user's operating system information and install patches. In the namespace "root/cimv2", the instance "win32_operatingsystem" provides us with detailed information about the current operating system. We use WQL (SQL
For Wmi) to read the instance. If you are familiar with SQL syntax, you will know what you are doing.

'First determine the host system information: OS, SP patch versions' obtain the system information dim objosinfo // obtain the OS information dim kernel sver, kernel stype, intcurrentsp // current system version, type, service Pack No. Set objosinfo = osvcremote. execquery ("select servicepackmajorversion, version, ostype from win32_operatingsystem") for each colosinfo in objosinfo intcurrentsp = colosinfo. servicepackmajorversion 'SP security patch version: intosver = colosinfo. version'operating system version number must stype = colosinfo. ostype 'operating system type next

Socket: How do I know which namespace to connect and what objects to obtain? WMI Technical Guide [3] lists a large number of common objects. Unfortunately, it does not have a corresponding e-book. You only need to find it in the bookstore. You can also use WMI in wmitools
The search function of CIM studio is easy to find the desired object. After finding the object, wmi cim studio can list its attributes and methods, and then go to msdn to find specific help.

Step 4: obtain information about patches installed on the current system. Under "Root \ cimv2", the "hotfixid" attribute under "win32_quickfixengineering" of the Instance stores the patch information installed by the current system.

'*************************************** * ****************************** Read the patch list installed on the target host to the string strfixedlist '*************************************** * *************************** dim colqfe, objqfedim strhotfixid, strfixedlist, strfind, strnofixedset colqfe = osvcremote. execquery ("select hotfixid from win32_quickfixengineering ")

Step 4: Save the user patch number to an array variable and match it with the corresponding array defined in step 1 to find the patch number that is not installed in the current system. The implementation of this part is relatively simple. Please refer to the code below.

Step 5: display the final detection result.

So far, the patch detection process has ended. You only need to click and run the script file to complete the patch check. Especially for network administrators who have established an acitve Directory domain in an enterprise, they only need to add this script to the Group Policy of the domain controller to perform patch detection for each user logging on to the domain, prompt users with the latest patch information, and no longer need to worry about the user's failure to install the latest patch, which greatly improves the enterprise's internal network security management.