Patch Remediation With PowerShell – Part 1

There are a lot of security topics that are absolutely fascinating but patch management is not one of them.  Even more horrific is patch management remediation.  Deploying patches isn’t so bad but getting that last 10% out of your compliance efforts is just a never ending brutal slog through the mud.


I wrote a quick script to take a list of non-compliant computers and give some basic information about their health and status so action can be taken.  Unfortunately, this script can’t make phone calls to find out why a computer is off or unplugged but it can at least get you started.

Computer List – To start, export a list of computers that need to be evaluated to ComputerList.txt and place in the same directory as the script.

Ping – The script will ping a computer and return a response.  This tells you whether or not the computer is on and responding.

DNS – Next, the script will query DNS for the computer.  This tells you if the computer is off temporarily or if it has been off long enough that the DNS record has been scavenged.  Check your local DNS aging and scavenging settings to learn what this means in your environment.  The default setting are around 2 weeks I think.

Active Directory – Finally, the script checks to see if the computer exists in Active Directory or if it has been deleted.

Output – All the results are written to a new line in ComputerTestResult.CSV file for easy use and filtering in Excel.

Here’s the script…

Continue reading