How to Programmatically Retrieve Installed Windows 2000 Patches with Installation Dates for Compliance Audits


2 views

html

For legacy Windows 2000 systems, the most reliable method is using Windows Management Instrumentation (WMI). This approach works even on outdated systems and provides structured data for compliance reports.


' VBScript to list installed patches with dates
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_QuickFixEngineering")

For Each objItem in colItems
    WScript.Echo "HotFixID: " & objItem.HotFixID & vbCrLf & _
                 "Description: " & objItem.Description & vbCrLf & _
                 "InstalledOn: " & objItem.InstalledOn & vbCrLf
Next

For systems with PowerShell remoting capabilities, this provides more modern output formatting:


# PowerShell command for Windows 2000 (requires PS 1.0/2.0 compatibility)
Get-WmiObject -Class Win32_QuickFixEngineering | 
Select-Object HotFixID, Description, @{Name="InstalledDate";Expression={$_.ConvertToDateTime($_.InstalledOn)}} |
Format-Table -AutoSize

To create compliance documentation, export the data to CSV format:


$reportPath = "C:\Audit\Windows2000_Patches_$(Get-Date -Format 'yyyyMMdd').csv"
Get-WmiObject Win32_QuickFixEngineering | 
Select-Object HotFixID, Description, @{Name="InstalledDate";Expression={$_.ConvertToDateTime($_.InstalledOn)}} |
Export-Csv -Path $reportPath -NoTypeInformation
  • The InstalledOn property format varies between early Windows versions
  • Some very old service packs may not appear in WMI results
  • Consider cross-referencing with %windir%\SoftwareDistribution\ReportingEvents.log
  • For air-gapped systems, use wmic.exe command-line output redirection

For critical compliance requirements, verify KB articles against Microsoft's security bulletins:


# Sample verification against Microsoft's catalog
$patches = Get-WmiObject Win32_QuickFixEngineering
foreach ($patch in $patches) {
    $kbUrl = "https://support.microsoft.com/en-us/help/" + $patch.HotFixID.Substring(2)
    Write-Output ("Verifying " + $patch.HotFixID + " at " + $kbUrl)
}

For Windows 2000 servers, WMI (Windows Management Instrumentation) provides the most reliable method to extract patch installation history. The Win32_QuickFixEngineering class contains exactly the data auditors need:


strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colQuickFixes = objWMIService.ExecQuery("SELECT * FROM Win32_QuickFixEngineering")

For Each objQuickFix in colQuickFixes
    WScript.Echo "HotFixID: " & objQuickFix.HotFixID
    WScript.Echo "Description: " & objQuickFix.Description
    WScript.Echo "InstalledOn: " & objQuickFix.InstalledOn
    WScript.Echo "InstalledBy: " & objQuickFix.InstalledBy
    WScript.Echo
Next

While Windows 2000 doesn't natively support PowerShell, you can run this from a modern management workstation:


$session = New-PSSession -ComputerName WIN2K-SERVER -Credential (Get-Credential)
Invoke-Command -Session $session -ScriptBlock {
    Get-WmiObject -Class Win32_QuickFixEngineering | 
    Select-Object HotFixID, Description, @{Name="InstalledOn";Expression={$_.ConvertToDateTime($_.InstalledOn)}}, InstalledBy
}
Remove-PSSession $session

To create auditor-ready CSV files directly from the server:


'HotFixID,Description,InstalledOn,InstalledBy' > patches.csv
wmic /output:"patches.csv" qfe list full /format:csv

Cross-reference with Microsoft's update catalog using the KB numbers:


# Example KB verification command (run on modern system):
Get-HotFix -Id "KB123456" -ComputerName WIN2K-SERVER