This script utilizes built in Windows tools and the wsusscn2.cab file provided my Microsoft here: https://learn.microsoft.com/en-us/windows/win32/wua_sdk/using-wua-to-scan-for-updates ofline to check what updates are missing on a Windows endpoint. The script will both display and log the available updates including: Update Name, Criticality and KB Number. The signing certificate is also verified for the wsusscn2.cab file to help ensure it is valid and from Microsoft to prevent potentially malicious cab files being used. Logs will be generated and added to the directory that the script is run from ex: C:\currentdirectory\logs\year\month\Results and C:\currentdirectory\logs\year\month\RunLogs
After you have a list of missing updates you can use the Microsoft update catalog to download the patches necessary. https://www.catalog.update.microsoft.com/Home.aspx
This script can also be used with Windows' built in Task Scheduler to automate these scans and all you would have to do is update the wsusscn2.cab file.
-cabpath {pathtocabfile}: Enter the path where you are storing the most recent wsusscn2.cab file. it's best to have this file local since it is relatively large.
-LogBackupPath {remotepathtobackuplogs}: if you want to backup your log files to a remote server for consolidation/review use this parameter
C:\Path\to\updatescript\OfflinePatchAudit.ps1 -cabpath c:\Updates\wsusscn2.cab In this example logs would be created here: C:\Path\to\updatescript\Logs\2024\01\Results and C:\Path\to\updatescript\Logs\2024\01\RunLogs
C:\Updates\OfflinePatchAudit.ps1 -cabpath c:\Updates\wsusscn2.cab -LogBackupPath \\server01\logs\UpdateScans
In this example logs would be created here: C:\Updates\logs\2024\01\Results\ and C:\Updates\logs\2024\01\RunLogs
Then logs will be backed up here: \\server01\logs\UpdateScans\2024\01\Computername\