Knowing what software is installed on your desktops and servers is crucial in an organization. This is common sense to sysadmins. We like to know information such as installation date, version and who installed it. By default, in Windows, you can get some of this information, but not all of it. It also helps to find packages that need to be upgraded to newer versions.
Chocolatey helps in these areas as it provides insight into the information I referenced. The power of Chocolatey, in my opinion, is in its CLI (command-line interface). In this article, I will show how Chocolatey can provide a great way to audit software installed on Windows machines.
Showing Chocolatey Packages in Programs and Features
Chocolatey manages packages separately from Windows. This is a very important concept to understand for beginners. What packages you install with Chocolatey usually show up in Programs and Features, but not always. What you install outside of Chocolatey does not show up by default. Ideally, you want Windows and Chocolatey software to be identical. In my opinion, once Chocolatey is installed, you should never install software outside of Chocolatey as you will make auditing and upgrading more difficult.
Certain Windows software does not show up in Programs and Features because it is not really “installed” on the system. A great example is PuTTY, a terminal software which only consists of a single executable. You do not have to run an installer for Putty, you can just download it and run it. So how do we get these to show up in Programs and Features? Chocolatey.
By setting this configuration, all Chocolatey packages will show up in Programs and Features:
choco feature enable -n showAllPackagesInProgramsAndFeatures
As you can see, Putty now shows up on my Windows 10 computer:
Viewing Package Audit Information
One command I find myself using often is choco list. Not only does it allow you to view packages installed on your system, but also packages available in repositories. One of the great parameters to use is –audit which provides a lot of great information like install time, user who installed, Active Directory domain and software version.
PS C:\> choco list -lo --audit
Chocolatey v0.10.11 Business
7zip 18.5 User:dfrancis-adm Domain:MYCOMP Original User:dfrancis-adm InstallDateUtc:2018-05-03 20:55:12Z
7zip.install 18.5 User:dfrancis-adm Domain:MYCOMP Original User:dfrancis-adm InstallDateUtc:2018-05-03 20:55:12Z
adobe-acrobat-xi-pro 11.0.00 User:admin Domain:DOMAIN Original User:hermes InstallDateUtc:2018-04-18 10:59:12Z
autohotkey.portable 1.1.28.02 User:dfrancis-adm Domain:MYCOMP Original User:dfrancis-adm InstallDateUtc:2018-04-20 16:22:04Z
bind-toolsonly 9.12.1 User:dfrancis-adm Domain:MYCOMP Original User:dfrancis-adm InstallDateUtc:2018-05-18 12:25:40Z
Notice I used the parameter –lo which means look at packages installed locally.
Related: Setting Up An Internal Chocolatey Package Repository
View All Windows Installed Packages in Chocolatey
As I mentioned, Chocolatey manages packages separately from Windows, but what if we want to see software installed outside of Chocolatey or before Chocolatey was installed? For this, we can use the parameter –include-programs with choco list:
PS C:\> choco list -lo --include-programs
With this command you will see a second list of software; these are the packages installed outside of Chocolatey:
ABBYY FineReader 11|11.11.194
AD Replication Status Tool 1.0|2.6.60913.0
ADManager Plus Free Tools|4.0
Finding Outdated Packages
One of the best features of Chocolatey is the ability to quickly see what packages need to be upgraded and then upgrade them. In this article, I will only focus on finding outdated packages, which we can do with the command choco outdated.
Here, I want to see any package that can be upgraded on my local machine:
PS C:\> choco outdated
Chocolatey v0.10.11 Business
Outdated Packages
Output is package name | current version | available version | pinned?
autohotkey.portable|1.1.28.02|1.1.29.01|false
bitvise-ssh-client|7.39|7.43|false
calibre|3.25.0|3.26.1|false
chocolatey.extension|1.12.11|1.12.12|false
citrix-receiver|4.10.1|4.12|false
As you can see, this allows me to see all outdated packages, their current version, available version and if they are “pinned” or not. Pinning a package means that a user specified that they do not want a package to be upgraded.
Conclusion
I think it is clear to see that managing your packages with Chocolatey will allow you to better audit and upgrade your software. Chocolatey provides information and methods that simply do not exist in Windows natively, or if they do exist, are difficult to do.