Obtaining software versions of Windows servers

418 views
Skip to first unread message

lift...@gmail.com

unread,
Jan 21, 2022, 11:22:46 AM1/21/22
to Ansible Project
Occassionally, at my office, we get security alerts for vulnerabilities.  I have a playbook that will get run "rpm -q" on the package name and it returns the version installed.  For example, google-chrome-stable.

How can I accomplish this on our Windows servers?  I have Ansible working for them and have done basic stuff such as win_ping, win_command, etc.  But I'd like to be able to check the software versions without using RDP to connect to each server and check the version manually.

Thanks for any thoughts,
Harry

Oleg Galushko

unread,
Jan 21, 2022, 3:41:10 PM1/21/22
to Ansible Project
you need something like this:
- ansible.windows.win_shell: 'Get-WmiObject -Class Win32_Product | Select-Object Name, Version'
пятница, 21 января 2022 г. в 19:22:46 UTC+3, lift...@gmail.com:

lift...@gmail.com

unread,
Jan 21, 2022, 3:51:00 PM1/21/22
to Ansible Project
Would I be able to specify a specific program/application, such as Google Chrome for example, using that?

Thanks,
Harry

Oleg Galushko

unread,
Jan 21, 2022, 4:03:54 PM1/21/22
to Ansible Project

Not all software but most of installed. Just add filter ' Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -like 'vagrant*' } | Select-Object Name, Version'

Chrome is specific, and in this case you can use:
- ansible.windows.win_shell: '[System.Diagnostics.FileVersionInfo]::GetVersionInfo("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe").FileVersion'
пятница, 21 января 2022 г. в 23:51:00 UTC+3, lift...@gmail.com:

Zoredache

unread,
Jan 24, 2022, 3:04:52 PM1/24/22
to Ansible Project
On Friday, January 21, 2022 at 12:41:10 PM UTC-8 inorang...@gmail.com wrote:
you need something like this:
- ansible.windows.win_shell: 'Get-WmiObject -Class Win32_Product | Select-Object Name, Version'

Querying Win32_product isn't a good idea. It can take a long amount of time because it will result in basically every software package revalidating itself, in some rare cases, it can break things.


You might want to query the registry instead, which is a more verbose, but has fewer side-effects.

    ---
    - hosts:  windows_hosts
      tasks:
      - name: installed software
        win_shell: |
          $items=New-Object System.Collections.ArrayList

          Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* |
            Select-Object DisplayName, DisplayVersion, Publisher, InstallLocation,
                          @{Name='Arch' ; Expression={'x64'}} | ForEach-Object {
              $items.Add($_) | Out-Null
            }

          Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* |
            Select-Object DisplayName, DisplayVersion, Publisher, InstallLocation,
                          @{Name='Arch' ; Expression={'x86'}} | ForEach-Object {
              $items.Add($_) | Out-Null
            }

          $items | Select-Object DisplayName, DisplayVersion, Publisher,
                                Arch, InstallLocation | ConvertTo-JSON
        args:
          no_profile: yes
        register: installed_software
      - name: display installed software
        debug:
          var: installed_software.stdout
 
 
Reply all
Reply to author
Forward
0 new messages