The caveat is that not only do I need to get the list of combined NotCompliantPatches for all hosts in vCenter. I want to list each missing patch and then which host is needing this patch. I can't seem to figure out a way to write the powershell commands to accomplish this.
In essence I want to generate a report
Name: Patch1
Vendor ID:
KB URL: http://www.vmware.com/kb12345
NotCompliantHosts: esx01, esx02, esx04
Name: Patch2
Vendor ID:
KB URL: http://www.vmware.com/kb12345
NotCompliantHosts: esx02, esx03
Try something like this.
The script assumes you did a recent scan.
&{Get-VMHost | Get-Compliance -Detailed -PipelineVariable comp | %{
$_ | Select -ExpandProperty NotCompliantPatches -ErrorAction SilentlyContinue |
Select @{N='VMHost';E={$comp.Entity.Name}},Vendor,Name,
@{N='Description';E={$_.Description.Replace('For more information, see ','').TrimEnd('.')}}
}} | Group-Object -Property Vendor,Name,Description |
Select @{N='Patch';E={$_.Group[0].Name}},
@{N='Vendor';E={$_.Group[0].Vendor}},
@{N='KB URL';E={$_.Group[0].Description}},
@{N='NotCompliantHosts';E={($_.Group.VMHost | sort-Object) -join ','}}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Try something like this.
The script assumes you did a recent scan.
&{Get-VMHost | Get-Compliance -Detailed -PipelineVariable comp | %{
$_ | Select -ExpandProperty NotCompliantPatches -ErrorAction SilentlyContinue |
Select @{N='VMHost';E={$comp.Entity.Name}},Vendor,Name,
@{N='Description';E={$_.Description.Replace('For more information, see ','').TrimEnd('.')}}
}} | Group-Object -Property Vendor,Name,Description |
Select @{N='Patch';E={$_.Group[0].Name}},
@{N='Vendor';E={$_.Group[0].Vendor}},
@{N='KB URL';E={$_.Group[0].Description}},
@{N='NotCompliantHosts';E={($_.Group.VMHost | sort-Object) -join ','}}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Wow, that is awesome! Thank you!
Is there also a way to get the last timestamp of when the scan ran?