Use PowerShell to Quickly Find Installed Software

Use PowerShell to Quickly Find Installed Software

  • Comments 39
  • Likes

Summary: Learn how to use Windows PowerShell to quickly find installed software on local and remote computers.

 

Microsoft Scripting Guy Ed Wilson here. Guest Blogger Weekend concludes with Marc Carter. The Scripting Wife and I were lucky enough to attend the first PowerShell User Group meeting in Corpus Christi, Texas. It was way cool, and both Marc and his wife Pam are terrific hosts. Here is what Marc has to say about himself.

I am currently a senior systems administrator with the Department of the Army. I started in the IT industry in 1996 with DOS and various flavors of *NIX. I was introduced to VBScript in 2000, and scripting became a regular obsession sometime in 2005. In 2008, I made the move to Windows PowerShell and have never looked back. My daily responsibilities keep me involved with Active Directory, supporting Microsoft Exchange, SharePoint, and various ASP.NET applications. In 2011, I founded the Corpus Christi PowerShell User Group and try to help bring others up to speed on Windows PowerShell. 

Take it away, Marc!

 

One of the life lessons I have learned over the years working in the IT field as a server administrator is that there are often several different valid responses to a situation. It's one of the things that makes work interesting. Finding the "best" solution to a problem is one of the goals that I think drives many people who are successful at what they do. Occasionally, the best solution is the path of least resistance.

This is one things I love most about working with Windows PowerShell (and scripting in general) is that most problems have more than one solution. Sometimes the "right" way to do something comes down to a matter of opinion or preference. However, sometimes the best solution is dictated by the environment or requirements you are working with.

For instance, let us talk about the task of determining which applications are installed on a system. If you're familiar with the Windows Management Instrumentation (WMI) classes and the wealth of information that can be gathered by utilizing the Get-WmiObject cmdlet, an obvious choice might be referencing the Win32_product class. The Win32_Product represents products as they are installed by Windows Installer. It is a prime example of many of the benefits of WMI. It contains several useful methods and a variety of properties. At first glance, Win32_Product would appear to be one of those best solutions in the path of least resistance scenario. A simple command to query Win32_Product with the associated output is shown in the following image.

Image of command to query Win32_Product

The benefits of this approach are:

  • This is a simple and straightforward query: Get-WmiObject -Class Win32_Product.
  • It has a high level of detail (for example, Caption, InstallDate, InstallSource, PackageName, Vendor, Version, and so on).

However, because we are talking about alternative routes, let us look at another way to get us to arrive at the same location before we burst the bubble on Win32_Product. Remember, we are simply looking for what has been installed on our systems, and because we have been dealing with WMI, let’s stay with Get-WmiObject, but look at a nonstandard class, Win32Reg_AddRemovePrograms

What is great about Win32Reg_AddRemovePrograms is that it contains similar properties and returns results noticeably quicker than Win32_Product. The command to use this class is shown in the following figure.

Image of command to use Win32Reg_AddRemovePrograms

Unfortunately, as seen in the preceding figure, Win32Reg_AddRemovePrograms is not a standard Windows class. This WMI class is only loaded during the installation of an SMS/SCCM client. In the example above, running this on my home laptop, you will see the "Invalid class" error if you try querying against it without an SMS/SCCM client installation. It is possible (as Windows PowerShell MVP Marc van Orsouw points out) to add additional keys to WMI using the Registry Provider, and mimic what SMS/SCCM does behind the scenes. Nevertheless, let us save that for another discussion.

One other possibly less obvious and slightly more complicated option is diving into the registry. Obviously, monkeying with the registry is not always an IT pro's first choice because it is sometimes associated with global warming. However, we are just going to query for values and enumerate subkeys. So let's spend a few moments looking at a method of determining which applications are installed courtesy of another Windows PowerShell MVP and Honorary Scripting Guy Sean Kearney (EnergizedTech). In a script that Sean uploaded to the Microsoft TechNet Script Center Repository, Sean references a technique to enumerate through the registry where the "Currently installed programs" list from the Add or Remove Programs tool stores all of the Windows-compatible programs that have an uninstall program. The key referred to is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall. The script and associated output are shown in the following figure.

Image of script and associated output

Here are the various registry keys:

#Define the variable to hold the location of Currently Installed Programs
  $UninstallKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall" 
#Create an instance of the Registry Object and open the HKLM base key
   $reg=[microsoft.win32.registrykey]::OpenRemoteBaseKey('LocalMachine',$computername) 
#Drill down into the Uninstall key using the OpenSubKey Method
  $regkey=$reg.OpenSubKey($UninstallKey) 
#Retrieve an array of string that contain all the subkey names
  $subkeys=$regkey.GetSubKeyNames() 
#Open each Subkey and use the GetValue Method to return the string value for DisplayName for each

At this point, if you are anything like me, you are probably thinking, "I'll stick with a one-liner and use Win32_Product.” But this brings us back to why we started looking at alternatives in the first place. As it turns out, the action of querying Win32_Product has the potential to cause some havoc on your systems. Here is the essence of KB974524.

The Win32_product class is not query optimized. Queries such as “select * from Win32_Product where (name like 'Sniffer%')” require WMI to use the MSI provider to enumerate all of the installed products and then parse the full list sequentially to handle the “where” clause:,

  • This process initiates a consistency check of packages installed, and then verifying and repairing the installations.
  • If you have an application that makes use of the Win32_Product class, you should contact the vendor to get an updated version that does not use this class.

On Windows Server 2003, Windows Vista, and newer operating systems, querying Win32_Product will trigger Windows Installer to perform a consistency check to verify the health of the application. This consistency check could cause a repair installation to occur. You can confirm this by checking the Windows Application Event log. You will see the following events each time the class is queried and for each product installed:

Event ID: 1035
Description: Windows Installer reconfigured the product. Product Name: <ProductName>. Product Version: <VersionNumber>. Product Language: <languageID>. Reconfiguration success or error status: 0.

Image of Event ID 1035

 

Event ID: 7035/7036
Description: The Windows Installer service entered the running state.

Image of Event ID 7036

 

Windows Installer iterates through each of the installed applications, checks for changes, and takes action accordingly. This would not a terrible thing to do in your dev or test environment. However, I would not recommend querying Win32_Product in your production environment unless you are in a maintenance window. 

So what is the best solution to determine installed applications? For me, it is reading from the registry as it involves less risk of invoking changes to our production environment. In addition, because I prefer working with the ISE environment, I have a modified version of Sean’s script that I store in a central location and refer back to whenever I need an updated list of installed applications on our servers. The script points to a CSV file that I keep up to date with a list of servers from our domain. 

$computers = Import-Csv "D:\PowerShell\computerlist.csv"

$array = @()

foreach($pc in $computers){

    $computername=$pc.computername

    #Define the variable to hold the location of Currently Installed Programs

    $UninstallKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall" 

    #Create an instance of the Registry Object and open the HKLM base key

    $reg=[microsoft.win32.registrykey]::OpenRemoteBaseKey('LocalMachine',$computername) 

    #Drill down into the Uninstall key using the OpenSubKey Method

    $regkey=$reg.OpenSubKey($UninstallKey) 

    #Retrieve an array of string that contain all the subkey names

    $subkeys=$regkey.GetSubKeyNames() 

    #Open each Subkey and use GetValue Method to return the required values for each

    foreach($key in $subkeys){

        $thisKey=$UninstallKey+"\\"+$key 

        $thisSubKey=$reg.OpenSubKey($thisKey) 

        $obj = New-Object PSObject

        $obj | Add-Member -MemberType NoteProperty -Name "ComputerName" -Value $computername

        $obj | Add-Member -MemberType NoteProperty -Name "DisplayName" -Value $($thisSubKey.GetValue("DisplayName"))

        $obj | Add-Member -MemberType NoteProperty -Name "DisplayVersion" -Value $($thisSubKey.GetValue("DisplayVersion"))

        $obj | Add-Member -MemberType NoteProperty -Name "InstallLocation" -Value $($thisSubKey.GetValue("InstallLocation"))

        $obj | Add-Member -MemberType NoteProperty -Name "Publisher" -Value $($thisSubKey.GetValue("Publisher"))

        $array += $obj

    } 

}

$array | Where-Object { $_.DisplayName } | select ComputerName, DisplayName, DisplayVersion, Publisher | ft -auto

 

My modified version of Sean’s script creates a PSObject to hold the properties I am returning from each registry query, which then get dumped into an array for later use. When I am done, I simply output the array and pass it through a Where-Object to display only those entries with something in the DisplayName. This is handy because I can then refer back to just the array if I need to supply different output. Say I want to only report on a specific server. I’d change Where-Object to something like this:

Where-Object { $_.DisplayName -and $_.computerName -eq “thisComputer”} 

In conclusion, if you have added Windows PowerShell to your IT tool belt, you have plenty of go-to options when someone asks you, “What’s the best solution to a problem?”

 

Thank you, Marc, for writing this post and sharing with our readers

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

 

Ed Wilson, Microsoft Scripting Guy

 

 

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • <p>Sorry, that should have been Marc, not Mark :)</p> <p>-Jonas, Denmark</p>

  • <p>Hi Mark and Ed</p> <p>I&#39;ve just tried running the script on my local machine.. </p> <p>It doesn&#39;t show anywhere near all the software that &quot;Programs and Features&quot; lists on my Windows 7 x64 machine..</p> <p>The stuff located under: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall referred in the post above are (as far as I can tell) the generic 64 bit applications only.</p> <p>There is also software that goes under: </p> <p>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall (maybe not too relevant, not much here, but still)</p> <p>And alot under</p> <p>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall (32 bit programs installed on a 64 bit OS)</p> <p>I haven&#39;t figured out if there are duplicates in the three registry paths, I would assume not..</p> <p>*-*</p> <p>A few questions:</p> <p>1: How would you guys go about running through two registry (maybe even 3) without making another (more or less) copy-paste of the foreach loop?</p> <p>2: Which PowerShell ISE do you guys prefer? I don&#39;t think the default Windows PowerShell ISE does a good enough job when it comes to syntax highlighting/help and tab-completion. What do you recommend Ed?</p> <p>3: The Wow6432Node lists an awful lot of Office 2010 related updates unfortuanately, but I guess with a little scripting magic these could be ignored, how would you guys do this - maybe another csv-file with some program names (DisplayName)&#39;s that should be ignored and therefore not added to $array.</p> <p>-Jonas, Denmark</p>

  • <p>I&#39;d like to +1 Jonas&#39; comment, the x64 listing of software is a huge issue, wmi doesn&#39;t report everything nor does the registry. Does anyone have a solution for this?</p>

  • <p>Hi Marc,</p> <p>thank you for providing this solution!</p> <p>It works for me on my WIN 7 x64 computer with the exception of the topics already mentioned by Jonas and Jeffrey.</p> <p>Apart from that there is one thing I would change:</p> <p>Instead of filtering the results of the query in the end &quot;$array | Where-Object { $_.DisplayName } | ...&quot;</p> <p>I would recommend to add the following line </p> <p>if (-not $thisSubKey.getValue(&quot;DisplayName&quot;)) { continue }</p> <p>after </p> <p>$thisSubKey=$reg.OpenSubKey($thisKey)</p> <p>in the foreach loop!</p> <p>This saves creating 200 custom objects ( on my machine ) that are unused ( filtered ) later on!</p> <p>Klaus.</p>

  • <p>Jonas,</p> <p>Thanks for the excellent comments and questions.</p> <p>1) First solution that comes to mind would be to build a simple array of both x64 and x32 locations and then loop through each. &nbsp;You could throw in a search while enumerating through keys, say something like...</p> <p> &nbsp;Select-String -InputObject ($array | % { $_.DisplayName }) -pattern $($thisSubKey.GetValue(&quot;DisplayName&quot;))</p> <p>And ignore results that match existing patterns within your array</p> <p>(Guessing there may be a better way to accomplish this task then enumerating through the entire array with every every subkey)</p> <p>2) I prefer the PowerShell ISE that comes with the download. &nbsp;I&#39;ve used a couple other editors and the one hang-up I have is that if you fat-finger a cmdlet and then backspace you no longer have the ability to do tab-completion unless you completely start over from the beginning of the cmdlet. &nbsp;(And I do have fat fingers) &nbsp;However, I don&#39;t have that issue with PowerShell ISE that came as part of WinRM 2.0. &nbsp;Have you downloaded PowerShell 3.0 CTP1 that came with Windows Management Framework 3.0? &nbsp;I believe there have been many new features added to the ISE. &nbsp;I know I need to check it out.</p> <p> <a rel="nofollow" target="_new" href="http://blogs.msdn.com/b/powershell/archive/2008/12/30/download-windows-powershell.aspx">blogs.msdn.com/.../download-windows-powershell.aspx</a></p> <p>3) Sounds like this could be accomplished with a preliminary search like I mentioned previously. &nbsp;</p> <p>Regards,</p> <p>-Marc</p> <p>Not a problem with the spelling (happens often) thanks for saying something!</p>

  • <p>Jeffrey,</p> <p>I&#39;d +1 Jonas&#39; comment too. &nbsp;I was searching last night for .NET reference to the namespace that you would query but haven&#39;t had enough time to find what I&#39;m looking for. &nbsp;</p> <p>Klaus,</p> <p>You&#39;re welcome! </p> <p>And good call! &nbsp;At the moment, I can&#39;t remember why I allowed those to be added to the array. &nbsp;Probably some testing I was doing at one point that I never cleaned up and was cleaning up at the end with the Where-Object filter.</p> <p>Thanks!</p> <p>-Marc</p>

  • <p>thankyou..................the information on your blog is very useful</p> <p>&lt;a href=&quot;<a rel="nofollow" target="_new" href="http://www.ariestechsoft..net/mlm-software-development.html&quot;&gt;mlm">http://www.ariestechsoft..net/mlm-software-development.html&quot;&gt;mlm</a> software development&lt;/a&gt;</p>

  • <p>I&#39;ve always found it hard to get correct information about installed software. Knowing that after uninstallation not all programs are cleaned up the same way makes it even harder. Since there wasn&#39;t a consistent way of installing software in our company before, I had to combine WMI, registry, existing folders and files and SNMP (snmpwalk -v 1 -c communityname -O v computername hrSWInstalledName) in a script to find a fairly reliable inventory of installations.</p> <p>I&#39;ve been using win32_product for 3 years and found it the slowest technology but never read about the MSI repair activities and the havoc Marc mentions here. I consider this a serious issue and will be more careful from now on.</p> <p>I&#39;ll dive into &#39;Powershell and WMI&#39; right now and see what Richard has to say about this.</p> <p>Thank you, Marc, for the warning.</p>

  • <p>Found both the article and comments very informative and useful. &nbsp;From that I created a focussed function for testing for the presence of software that can be uninstalled by using the PSDrive for the registry:</p> <p>function Test-ProductCanBeUninstalled</p> <p>{</p> <p> &nbsp; &nbsp;Param</p> <p> &nbsp; &nbsp;(</p> <p> &nbsp; &nbsp; &nbsp; &nbsp;[string]$ProductDisplayName</p> <p> &nbsp; &nbsp;)</p> <p> &nbsp; &nbsp;$found = $false</p> <p> &nbsp; &nbsp;$uninstallKeys = Get-ChildItem HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\</p> <p> &nbsp; &nbsp;if (Test-Path HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\)</p> <p> &nbsp; &nbsp;{</p> <p> &nbsp; &nbsp; &nbsp; &nbsp;$uninstallKeys += Get-ChildItem HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\</p> <p> &nbsp; &nbsp;}</p> <p> &nbsp; &nbsp;foreach ($key in $uninstallKeys)</p> <p> &nbsp; &nbsp;{</p> <p> &nbsp; &nbsp; &nbsp; if ($key.GetValue(&quot;DisplayName&quot;) -like $ProductDisplayName)</p> <p> &nbsp; &nbsp; &nbsp; {</p> <p> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;$found = $true</p> <p> &nbsp; &nbsp; &nbsp; }</p> <p> &nbsp; &nbsp;}</p> <p> &nbsp; &nbsp;return $found</p> <p>}</p> <p>My thought was that is I found more registry hives to test I could simply add then with a Test-Path before adding to the collection. &nbsp;A shortcoming of my approach, of course is that it only works on the running computer.</p>

  • <p>This is by far the best solution I have found, it&#39;s very quick, and doesn&#39;t trigger a repair.</p> <p><a rel="nofollow" target="_new" href="http://blogs.technet.com/b/askds/archive/2012/04/19/how-to-not-use-win32-product-in-group-policy-filtering.aspx">blogs.technet.com/.../how-to-not-use-win32-product-in-group-policy-filtering.aspx</a></p> <p>Create a custom MOF</p>

  • <p>Why not use the registry PS provider? Like:</p> <p>Get-ChildItem -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |</p> <p> &nbsp; &nbsp;Get-ItemProperty |</p> <p> &nbsp; &nbsp;Sort-Object -Property DisplayName |</p> <p> &nbsp; &nbsp;Select-Object -Property DisplayName, DisplayVersion, InstallLocation</p>

  • <p>@Knut I love the registry provider. Your solution would absolutely work. The nice thing about Windows PowerShell is that it allows you to work the way you want to work, and to use tools with which you are familiar. Thank you for your contribution.</p>

  • <p>Also the computer name is not being printed on each line so that the query by computer will never work.</p>

  • <p>Was not aware of the danger in querying Win32_Product class.</p>

  • <p>@knut - Love it! &nbsp;</p> <p>Also added &nbsp; &nbsp;| export-csv app_list.csv &nbsp; to the end &amp; have saved myself a heap of work!</p>