W7 KB2862330 - Query for systems that need this patch

Script allows the identification of W7 x64 systems that need KB2862330. When needed, USB ports may be nonfunctional, as the system is now requiring signed drivers. If the patch is installed and not needed, the system may go into a BSOD loop. Booting to "disable signed driver enforcement" mode should allow uninstallation of the patch.

Script will prompt for a hostname pattern. use an asterix for all systems.




W7. Requires RSAT, PSRemoting

Adam Sailer


Import-Module ActiveDirectory -ea SilentlyContinue

$server = 'dc.domain.edu' ## FQDN of your Domain Controller
$properties = @('Name', 'OperatingSystem')

Function Process
    $proc = gwmi win32_Processor
    $os = gwmi win32_OperatingSystem
    $cs = gwmi win32_ComputerSystem | select-object *

    $hotfix = get-hotfix | select-object * | ? { $_.HotFixID -ieq 'KB2862330' }

    $out = new-object –typeName PSObject

    $out | add-member -MemberType NoteProperty -Name System -Value $env:COMPUTERNAME
    $out | add-member -MemberType NoteProperty -Name SystemSerial -Value (gwmi win32_Bios).SerialNumber
    $out | add-member -MemberType NoteProperty -Name SystemAsset -Value (gwmi win32_SystemEnclosure).SMBIOSAssetTag
    $out | add-member -MemberType NoteProperty -Name SystemModel -Value $cs.Model
    $out | add-member -MemberType NoteProperty -Name OperatingSystem -Value $os.Caption
    $out | add-member -MemberType NoteProperty -Name ServicePack -Value $os.CSDVersion
    $out | add-member -MemberType NoteProperty -Name OperatingSystemVersion -Value $os.Version
    $out | add-member -MemberType NoteProperty -Name Architecture -Value $(if (($proc.AddressWidth -eq 64) -and ($proc.DataWidth -eq 64)) { 'x64' } else { 'x86' })
    $out | add-member -MemberType NoteProperty -Name CurrentUser -Value $cs.UserName

    $out | add-member -MemberType NoteProperty -Name KB2862330 -Value $(if ($hotfix) { $true } else { $null })
    $out | add-member -MemberType NoteProperty -Name InstalledOn -Value $hotfix.InstalledOn
    $out | add-member -MemberType NoteProperty -Name KB2862330_Needed -Value $(if (gwmi win32_PNPEntity | ? { ($_.Caption -imatch 'USB') -and ($_.ConfigManagerErrorCode -eq 52) }) { $true } else { $false })
    $out | add-member -MemberType NoteProperty -Name IE -value $((Get-ItemProperty -path 'HKLM:\Software\Microsoft\Internet Explorer').svcVersion)    

    write-output $out



ipconfig /flushdns

$cn = @(get-adcomputer -Filter 'Name -like $pattern' -Properties $properties -Server $server | ? { $_.OperatingSystem -imatch 'windows 7' } | % { $_.Name } | sort-object); $cn; $cn.Count

invoke-command -cn $cn -scriptblock ${Function:Process} | ogv -title (get-date)


This post is locked
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ