Post-patch troubleshooting: Auditing revision levels

After deploying a patch on your customer's systems, altered components may not work with the applications. Thus, you may need to audit revision levels, as described here.

After deploying a patch or service pack on your customer's Windows systems, you may find that altered components

are not working with the applications. You may need to audit your revision levels. This tip, reposted courtesy of SearchWindowsSecurity.com, offers four ways to determine the revision of a given component.

Sometimes after adding a service pack or patch to a system, you're faced with the possibility that a component either wasn't upgraded correctly or was upgraded to the wrong revision. There are a number of ways to determine what the revision of a given component is, either on-disk or live in memory, but the effectiveness of the method you choose will depend on your exact needs. Here are your choices:

  1. In Explorer -- The most obvious way to determine the revision of a component is just to right-click on it in Explorer and select Properties | Version. Or, you can switch to the Details view in Explorer, and show the File Version and Product Version as columns. But, with this view, you can't easily export the results. Note that .DLLs will have a Version tab but .EXE files will not, so this limits its usefulness.
  2. Through Process Explorer -- The endlessly useful Process Explorer utility from Sysinternals lists the revision levels of all loaded components. If you click on the name of a process and select View | Lower Panel View | Show DLLs, you can see all of the loaded DLLs in use by that process as well as their revision levels. This is only useful for running processes, but the program supports exporting the information shown to a delimited text file. Note that it may take several seconds for the program to poll all the used .DLLs for a given process.
  3. Through an external resource -- This method is best if you want to find out what other revisions there might be for a process or component. For Microsoft components, Microsoft itself has a site called DLL Help. There you can look up any component from a Microsoft or Microsoft-supported product, see all of the tracked revisions for the component and learn more about each of them. However, DLL Help is only useful for Microsoft components, not third-party apps.
  4. Through a script -- This option is the most effective way to report back on a whole slew of components at once. For instance, use a script if you want to audit all of the items in a directory that represent what a patch will put into place and you want to see a quick side-by-side comparison of component revision information. One such script is available online at JSWare and, with a little work, it can be used to obtain the revision information for all files that match a wildcard or are in a directory.

About the author
Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!

This tip originally appeared on SearchWindowsSecurity.com.


 

This was first published in October 2006

Dig deeper on Threat management and prevention

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close