The specifics of the request that I received were to grab the count of the following updates per machine (circled in the picture above): - SDK Components Security Updates
- SQL Server Security Updates
- Windows Security Updates
- BizTalk Server Security Updates
- Exchange Security Updates
- Office Security Updates
What a great opportunity to use PowerShell's XML capabilities! The following script iterates over each file in the directory, parses the file and looks for the count. This information is dynamically entered into an Excel spreadsheet.
- # grab our XML files
- $files = Get-ChildItem -path 'C:\SecurityScans'
- # Get Excel ready
- $Excel = New-Object -comobject Excel.Application
- $Excel.visible = $True
- $Workbook = $Excel.Workbooks.Add()
- $Info = $Workbook.Worksheets.Item(1)
- # Create our column headers
- $Info.Cells.Item(1,1) = "Server name"
- $Info.Cells.Item(1,2) = "SDK Components Security Updates"
- $Info.Cells.Item(1,3) = "SQL Server Security Updates"
- $Info.Cells.Item(1,4) = "Windows Security Updates"
- $Info.Cells.Item(1,5) = "BizTalk Server Security Updates"
- $Info.Cells.Item(1,6) = "Exchange Security Updates"
- $Info.Cells.Item(1,7) = "Office Security Updates"
- # Add a little formatting
- $Style = $Info.UsedRange
- $Style.Interior.ColorIndex = 19
- $Style.Font.ColorIndex = 11
- $Style.Font.Bold = $True
- $intRow = 2
- # iterate over each .mbsa file
- foreach ($file in $files)
- {
- [XML]$ScanResult = Get-Content $file
- $Scanned = $ScanResult.SecScan.Check | select Name, Advice
- $Server = $ScanResult.SecScan.Machine
- foreach($Scan in $Scanned)
- {
- # if Advice doesn't start with a numeric value then set it equal to 0
- if( $Scan.Advice -match '^(?<Cnt>[0-9]*)'){$Advice=$matches.cnt} else{$Advice=0}
- $Style.Cells.Item($intRow, 1) = $Server
- switch ($Scan.Name)
- {
- "SDK Components Security Updates" {$Style.Cells.Item($intRow, 2) = $Advice;break}
- "SQL Server Security Updates" {$Style.Cells.Item($intRow, 3) = $Advice;break}
- "Windows Security Updates" {$Style.Cells.Item($intRow, 4) = $Advice;break}
- "BizTalk Server Security Updates" {$Style.Cells.Item($intRow, 5) = $Advice;break}
- "Exchange Security Updates" {$Style.Cells.Item($intRow, 6) = $Advice;break}
- "Office Security Updates" {$Style.Cells.Item($intRow, 7) = $Advice;break}
- }
- }
- $intRow = $intRow + 1
- }
The result is a nicely formatted Excel spreadsheet that has the total number of updates. 
This script hopefully demonstrates a how to use few different PowerShell features:
- Creating a COM object
- Using Regular Expressions
- Using [XML] type
Enjoy
4 comments:
Thanks, this is a big help. I was wondering though how hard it would be to add an extra column that shows the number of critical updates?
I notice that Critical updates are all Severity="4" under UpdateData. Just can't quite seem to get the syntax right myself!
Thanks Mark. Here is a quick stab at getting the right info.
[xml]$a = Get-Content 'c:\temp\securityscans\OSUMC - CVM-MSFP-P01 (9-29-2009 1-56 PM).mbsa'
$a.SecScan.Check[20].Detail.UpdateData | where {$_.severity -eq 4 -and $_.IsInstalled -eq $false}
Hi Wes,
I´m trying to run the script but I keep getting the following error:
Get-Content : Access to the path 'D:\SecurityScans\Config' is denied.
At D:\SecurityScans\mbsa_excel.ps1:30 char:35
+ [XML]$ScanResult = Get-Content <<<< $file
+ CategoryInfo : PermissionDenied: (D:\SecurityScans\Config:String) [Get-Content], UnauthorizedAccessException
+ FullyQualifiedErrorId : GetContentReaderUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetContentCommand
I´ve checked the folder security and even set to Everyone/Full Control but I can´t find a solution. The script starts to run and fill the Excel spreadsheet with server names but no security data is filled.
Any help is appreciated.
Thanks,
JP
@ JPL:
i had the same error. just change line 2 from
$files = Get-ChildItem -path 'C:\SecurityScans'
to
$files = Get-ChildItem -path 'C:\SecurityScans\*.mbsa'
Thats all!
Post a Comment