Get-Hotfix returns installed hotfixes but really only is a wrapper around the Win32_QuickFixEngineering WMI class. It is not returning all installed updates.
A better way may be querying the event log:
Get-EventLog -LogName System -InstanceId 19 | ForEach-Object { [PSCustomObject]@{ Time = $_.TimeGenerated Update = $_.ReplacementStrings[0] } }
Even this may not be complete, and event log entries can always be cleared. The only authoritative answer can come from your Windows Update Client which takes an actual look at the files present on your system:
$pattern = 'KB\d{6,9}' $UpdateSession = New-Object -ComObject Microsoft.Update.Session $UpdateSearcher = $UpdateSession.CreateupdateSearcher() $Updates = @($UpdateSearcher.Search("IsInstalled=1").Updates) $Updates | ForEach-Object { $kb = 'N/A' if ($_.Title -match $pattern) { $kb = $matches[0] } [PSCustomObject]@{ KB = $kb Title = $_.Title } }
