Obtaining software versions of Windows servers

Occassionally, at my office, we get security alerts for vulnerabilities. I have a playbook that will get run “rpm -q” on the package name and it returns the version installed. For example, google-chrome-stable.

How can I accomplish this on our Windows servers? I have Ansible working for them and have done basic stuff such as win_ping, win_command, etc. But I’d like to be able to check the software versions without using RDP to connect to each server and check the version manually.

Thanks for any thoughts,
Harry

you need something like this:

  • ansible.windows.win_shell: ‘Get-WmiObject -Class Win32_Product | Select-Object Name, Version’

пятница, 21 января 2022 г. в 19:22:46 UTC+3, lift...@gmail.com:

Would I be able to specify a specific program/application, such as Google Chrome for example, using that?

Thanks,
Harry

Not all software but most of installed. Just add filter ’ Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -like ‘vagrant*’ } | Select-Object Name, Version’

Chrome is specific, and in this case you can use:

  • ansible.windows.win_shell: ‘[System.Diagnostics.FileVersionInfo]::GetVersionInfo(“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”).FileVersion’

пятница, 21 января 2022 г. в 23:51:00 UTC+3, lift...@gmail.com:

you need something like this:

  • ansible.windows.win_shell: ‘Get-WmiObject -Class Win32_Product | Select-Object Name, Version’

Querying Win32_product isn’t a good idea. It can take a long amount of time because it will result in basically every software package revalidating itself, in some rare cases, it can break things.

You might want to query the registry instead, which is a more verbose, but has fewer side-effects.