To discover Patch on the Windows servers

Suman21
Tera Expert

We have requirement to Discovery the Patches(cmdb_ci_patches) table. However, I would like to know

if the discovery will be able to give us the information like.. what is the patch installed, Patch version, last installed patch.

There are some postings in community regarding this but it's almost 3 years back.. I am expecting Servicenow might have upgraded it in new versions.

If not, what is the best way to scan the patches and update to CMDB.

1 ACCEPTED SOLUTION

Robin J_
Tera Guru

Hello Suman21,
Came across this thread and what you can do is create an extension for Windows* pattern to catch this using "win32_quickfixengineering" - for reference: https://powershell.one/wmi/root/cimv2/win32_quickfixengineering

Example from a demo environment we have:

RobinJ__1-1671017352350.png

 

We have created an extension for "Windows OS - Servers" pattern:

RobinJ__2-1671017441934.png

 
Step "Get HotFixID":

RobinJ__3-1671017468048.png


Step "Set HotFixID":

RobinJ__4-1671017497730.png


Also referring to the earlier link, there is a lot of other values from "win32_quickfixengineering" which probably cover your use case(s)/need(s):

RobinJ__5-1671017550536.png



Kind regards,
Robin

View solution in original post

15 REPLIES 15

Fabian Kunzke
Kilo Sage
Kilo Sage

Hey,

ServiceNow does not discover installed patches per ootb. There is however a KB article regarding this topic:

Link

If you would like to discover these patches, follow the "Additional Information" in above mentioned KB article.


Regards

Fabian

ps.: I would personally not recommend looking for all patches, but rather the ones useful to you/your customer. Otherwise you will get a lot of useless data out of the registry. (e.g. only look for the most recent patch levels)

Suman21
Tera Expert

Thanks for the reply.

If the patches is OOB does not discover.. then what is the cmdb_ci_patches table is for?

what does that table captures?

Also the KB0668792 does not show up anymore.. Hope SNOW has removed it.

 

We wanted only to capture latest patch updates done on the server.

What was the last patch installed and when.

 

I may have misphrased my comment a bit. ONLY security patches and hotfixes are not discovered. Everything else is.

Check under "Discovery Definition" -> "Configuration Console". You should find some configuration options regarding windows software. Per ootb. patches and hotfixes are blacklisted based on their prefix. If you remove that prefix, you should be able to collect patches.

 

Regards

Fabian

Thanks @Fabian Kunzke , its seems to be easiest way to get the patch details.

I poke around different ways as well such as by extending the Windows OS pattern using WMI query and also seen the KB0695180. but these ways need bit time to execute.

 

I have removed the filter keys on Configuration console and its done my work.

 

One question:  Will it be any impact on Discovery timeline ?