There are lots of ways to find if some windows update KB installed via SCCM, such as compliance report( Console > Monitoring > Reporting > Reports > Software Updates – A Compliance > Compliance 2 – Specific Software Update ), but it needs to enable Win32_QFE.
Thanks to powershell and compliance settings, we can find specific KB installed quickly.
Here what I do:
Discover script:
$error.clear()
try {$status = get-hotfix -id KB2871997}
catch { “Cannot find” }
if (!$error) {
Write-Host “Compliant”
}
else {Write-Host “Non-Compliant”}
and in the Compliance Rules, I specified is equals to “Compliant”.
The key here is just using powershell's command get-hotfix -id to find out if the machine has specific KB installed.