rss logo

Retrieve Windows Version of Computers in a Domain

PowerShell logo

Intro

Initially, it was possible from the WSUS console to find out the Windows version of managed computers, but since Windows 10 this no longer works as well. Or rather, it doesn't work at all.

So I've been working on a PowerShell script to get the exact version of computers in a domain.

The aim of this article is to extract a list of computers with their Windows versions into a csv file.

Update: I first found a solution based on WinRM, but finally opted for an even simpler solution that uses the Get-ADComputer command. I'm leaving the WinRM option as it can be used for other purposes.

With the Get-ADComputer command (New)

  • Retrieve the Windows version of all computers and export the information to a csv file C:\OS_Version_List.csv:
PS C:\ > Get-ADComputer -Filter '*' -Property * | Select-Object Name,OperatingSystem,OperatingSystemVersion | Export-Csv -Path C:\OS_Version_List.csv
  • Displays the Windows version for all enabled computers:
PS C:\ > Get-ADComputer -Filter {(Enabled -eq $True)} -Property * | Select-Object Name,OperatingSystem,OperatingSystemVersion -Wrap -Autosize
  • Displays the Windows version for all enabled computers whose name starts with PC0 and whose operating system name starts with Windows 7:
PS C:\ > Get-ADComputer -Filter 'Name -Like "PC0*" -and Enabled -eq $True' -Property * | Where-Object { $_.OperatingSystem -like "Windows 7*" } | Select-Object Name,OperatingSystem,OperatingSystemVersion -Wrap -Autosize
  • Show the Windows version for all enabled computers that have been connected for up to 120 days and whose name starts with PC0:
PS C:\ > Get-ADComputer -Filter {(Enabled -eq $True) -and (Name -Like "PC0*")} -Properties * | where { ($(Get-Date)-[DateTime]::FromFileTime($_.LastLogonTimeStamp)).Days -lt 120 } | Select-object Name,OperatingSystem,OperatingSystemVersion

WinRM method (Old)

Here, I'll be using Windows Remote Management, so we need to enable it on every computer we want to retrieve the OS version, for which we can do so via GPO.

Diagram showing how to retrieve the Windows version of domain computers using WinRM and PowerShell commands through TCP 5986.
Get Windows Version from AD Server via WinRM

Activate WinRM with a GPO

Note: The GPO must be applied to computer objects.
  • In your GPO, go to Computer Configuration > Preferences > Control Panel Settings > Services and create a new service:
Screenshot of Group Policy Management Editor showing the steps to create a new service for enabling WinRM under Computer Configuration.
  • Select Windows Remote Management (WS-Management) and click on Select:
Dialog box in Group Policy Editor showing the selection of Windows Remote Management (WS-Management) service for configuration.
  • Set the parameters and click OK:
Group Policy Editor dialog box showing the configuration of the WinRM service with automatic startup and start service action.
  • Go to Computer configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service and edit the Allow remote server management through WinRM rule:
Group Policy Editor showing the option to allow remote server management through WinRM with the Edit option highlighted.
  • Enable and define the rule, then click OK:
Group Policy settings dialog box showing the configuration to enable remote management through WinRM with IPv4 and IPv6 filters set to allow all addresses.

Allow WinRM on the firewall

WinRM uses TCP ports 5985 (HTTP) or 5986 (HTTPS), so these ports must be open on the target firewall.

Normally, in an Active Directory environment, unencrypted connections (5985 (HTTP)) are disabled. You can check this with the following command:

PS C:\ > winrm get winrm/config/service

Check WinRM connectivity

  • Check WinRM service status (on source and destination hosts):
PS C:\ > (Get-Service WinRM).Status
  • From a Domain Controller, run this command to see if we can retrieve the operating system version, example here with PC01:
PS C:\ > Invoke-Command -ScriptBlock { [System.Environment]::OSVersion.Version } -ComputerName PC01 | Select-Object PSComputerName,Build
PowerShell command output showing the execution of Invoke-Command to retrieve the OS version and build number of a remote computer.

Script to csv

I've written a little script that tests wether the computers (from PC0001 to PC0400) are reachable, if so it tries to retrieve the operating system version via WinRM and writes the information to a C:\OS_Version_List.csv file.

#Test for PC0001 to PC0400
1..400 | foreach {
	$i="{0:D4}" -f $_
	$ping = ping -n 1 "PC$i"| findstr "TTL"
	if ($LASTEXITCODE -eq "0")
	{
		$ip = $PING -replace ".* ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*",'$1'
		Write-Host "PC$i is up"
		Try { Invoke-Command -ScriptBlock { [System.Environment]::OSVersion.Version } -ComputerName "PC$i" -ErrorAction Stop | Select-Object PSComputerName,Build,@{Name="IP";Expression={"$ip"}} | Export-Csv -Path C:\OS_Version_List.csv -Append }
		Catch { '' | Select-Object @{Name="PSComputerName"; Expression={"PC$i"}},@{Name="Build"; Expression={"UNKNOWN"}},@{Name="IP";Expression={"$ip"}} | Export-Csv -Path C:\OS_Version_List.csv -Append }
	} else {
		Write-Host "PC$i is not available"
	}
}