Using WMI to implement system patch detection and analysis _vbs

WMI is the core of Windows 2000/xp Management system, and WMI is a useful plug-in for other WIN32 operating systems. WMI is based on CIMOM, CIMOM is the common Information Model object Manager (Common Information Model object manager), an object database that describes the operating system's constituent units. Provides a common interface for MMC and scripting programs to access the operating system constituent unit. Windows Management Instrumentation (WMI) is a scalable system management architecture that employs a unified, standards-based, extensible object-oriented interface. When I first started to understand WMI, I always assumed that WMI was the Windows Management Interface (INTERFACE).

Let's take a look at how to use WMI to implement the patch detection process. Figure 1 is a flowchart for the entire detection process.

Figure 1. A flowchart to implement patch detection using WMI

       The first step is to set the patch number you want to detect. We know that every patch in Microsoft will have a standard number (such asKB828741For the latest patches, we can get them from Microsoft's website. Then, put the patch number you want the user to install into an array. According to differentWindowsOperating system we need to set different detection patch numbers. Based on the currentWindowsSystem usage, I'm only onWindows 2000/2003/xpFor testing.
Figure 1. Flowchart for patch Detection using WMI
The first step is to set the patch number you want to detect. We know that every patch in Microsoft will have a standard number (such as KB828741), and for the latest patches, we can get them from Microsoft's website. Then, put the patch number you want the user to install into an array. Depending on the Windows operating system we need to set different detection patch numbers. Based on the current Windows system usage, I only detect Windows 2000/2003/XP.
' For Windows 2000
Arrfixed_win2k=array ("KB840315", "KB870669", "KB828741", "KB835732",
"KB840987", "KB841356", "KB885835", "KB885836",
"KB842526", "KB841872", "KB841873", "KB889293")
' For Windows 2003 systems
Arrfixed_win2k3=array ("KB834707", "KB840374", "KB867801", "KB833987",
"KB873376", "KB885835", "KB885836")
' For Windows XP SP1
Arrfixed_xp1=array ("KB840987", "KB833987", "KB839645", "KB840315", "KB841873", "
KB873376 "," KB841356 "," KB889293 "," KB885835 "," KB885836 ")
' For Windows XP SP2
Arrfixed_xp2=array ("KB834707", "KB885835", "KB885836")
The second step is to create a WMI object and establish a connection with the target host.
Dim objWMIService//WMI Object
Dim strComputer = "."//address as current host
Set objWMIService = GetObject ("winmgmts:{impersonationlevel=impersonate}!\\" & StrComputer & "\root\cimv2")
First, define two variables objWMIService and strcomputer, the first to locate the object for the service we are creating, and the second to target host IP address (if the current host is "."). ）。 The third sentence creates a service object that is connected to the target host, defining the namespace parameter as "root\cimv2". In this name space there is the system information we need to use next.
Socket: Detailed code see the CD-ROM attached to the Check_patch.txt, change the file name extension txt to VBS, under Windows can double-click to run, if the current system detects not patched, then the prompt window, otherwise none.
The third step is to read the current user's operating system information and its installation patches. Under the name space "Root/cimv2", the instance "Win32_OperatingSystem" provides us with detailed current operating system information. We use WQL (SQL for WMI) to read the instance, and a friend who is familiar with SQL syntax can see what it is doing.
' First judge the host system Information: OS,SP Patch version situation
' Get System Information
Dim Objosinfo//Get operating System Information
Dim INTOSVER,INTOSTYPE,INTCURRENTSP//Current system version, type, Service pack number
Set objosinfo = Osvcremote.execquery ("Select Servicepackmajorversion,version,ostype from Win32_OperatingSystem")
For each colosinfo in Objosinfo
INTCURRENTSP = Colosinfo.servicepackmajorversion ' SP Security patch version
Intosver = Colosinfo.version ' Operating system version number
Intostype = Colosinfo.ostype ' operating system type
Next
Socket: How do I know which namespace to connect to and what objects to get? A large number of commonly used objects are listed in the WMI Technology Guide [3]. Unfortunately, it does not have a corresponding ebook, you can only find it in the bookstore. You can also use the Wmitools WMI CIM Studio tool's search capabilities to easily find the objects you want. After the object is found, WMI CIM Studio can list its properties and methods, and then go to MSDN for specific help.
The fourth step is to get the patch information that the current system has installed. Under "root\cimv2", the "Hotfixid" attribute under instance "win32_quickfixengineering" holds the patch information that is installed on the current system.
'*******************************************************************
' * Read target host installed patch list to string strfixedlist
'*******************************************************************
Dim COLQFE, OBJQFE
Dim Strhotfixid, Strfixedlist, Strfind, strnofixed
Set COLQFE = Osvcremote.execquery ("Select Hotfixid from Win32_QuickFixEngineering")
The fourth step is to save the read user patch number to an array variable and then match the corresponding array we defined in the first step to find the patch number that is not installed on the current system. This part of the implementation is relatively simple, please refer to the following code.
The fifth step shows the final test results.
At this point, the entire patch detection process is completed, as long as the script file to run the click, you can complete the patch check. Especially for network administrators who have established acitve directory domains in the enterprise, as long as this script is added to the domain controller's Group Policy, the user who log on to the domain will be patched to detect, prompt the user the latest patch information, no longer not to install the latest patches to the user is distressed, Greatly improve the enterprise internal network security management.