One of the most daunting tasks for Microsoft Windows-based network administrators has always been keeping track of the seemingly hundreds of Service Packs, Hotfixes, and patches. Install Windows NT on a server, then apply a Service Pack. Install the applications, then re-apply the Service Pack. Then, if you're running Exchange, Proxy or SQL, apply the appropriate Service Packs for those applications. Think you're finished? Not likely. Now apply all the Hotfixes and patches that were released after the current Service Packs.

Now you're finished. At least until a new Hotfix or patch comes out. Or you install a new component for one of your previously installed applications from the original installation media. Now you have to start from scratch again with Service Packs and Hotfixes, just in case you overwrote a patched or updated file with an older version. And that's just on one server. Now do that for two servers. Or ten. Are all your servers up to date on Hotfixes? Are you sure? What about workstations?

This used to be a task that was almost impossible to keep up with. Finally, Microsoft has released a tool called hfnetchk. This allows you to scan all your servers and workstations to see which Hotfixes need to be installed where. You still have to go through the process of applying all the fixes and patches, but at least you now have a weapon to figure out which ones you are missing.

Hfnetchk.exe works on both Windows NT and Windows 2000.

Hfnetchk.exe has many command line switches available which make this a highly useful tool. The switches generally fall into a few distinct categories:

Who do you want to scan?
-h Scan hosts using NetBIOS names (eg. hfnetchk -h nbname1,nbname2,nbname3).

-i Scan hosts using IP addresses (eg. hfnetchk -i 1.2.3.4,1.2.3.5,1.3.2.4). NOTE: This switch does not work when running hfnetchk from a Windows NT host.

-r Scan hosts using a range of IP addresses (eg. hfnetchk -r 1.2.3.4-1.2.3.254). NOTE: This switch does not work when running hfnetchk from a Windows NT host.

-d Scan hosts within a corporate domain (eg. hfnetchk -d domain). NOTE: To use this switch, your network must allow UDP port 137 traffic.

-n Scan hosts on the local network ie. those that appear in Network Neighborhood (eg. hfnetchk -n).

How do you want to scan?
-a Controls what is displayed. There are options associated with this switch:

-t Controls the number of threads used by the scanner. Value range between 1 and 128 (default is 64).

-x Specifies the XML file to use (eg. hfnetchk -x mssecure.xml). When run without the -x switch, the XML source is downloaded from Microsoft.

Where do you want it to go?
-o Specifies the output format. There are two different output formats:

Troubleshooting options
-z Do not perform registry checks. This can be used to find out which Hotfix files are missing rather than which registry keys are present.

-v Displays the reason a hotfix was considered not found.

-? Displays the command menu.