Ensuring that the required software is present while unauthorized applications are blocked is essential for compliance, security, and standardization across endpoints. Manually performing this is slow and unreliable, and will take too much time across many endpoints. However, using scripts empowers MSPs and IT administrators to automate the process and detect problems before they bother users.
The methods outlined in this guide can be used to audit installed applications, generate compliance reports, and detect unauthorized and missing software. We’ll run through PowerShell, Command Prompt, and Registry-based tagging. Plus, we’ll also tackle optional integration via GPO, RMM, and NinjaOne for automation and reporting at scale.
Ways to detect missing software via script and how to generate compliance reports
📌 Prerequisites:
- You will need Windows 10, 11, or Server 2016+ to support the scripts.
- PowerShell 5.1 or higher for running inventory and reporting commands
- Administrator rights are required on endpoints to query installed software.
- You need to have a list for each site, role, or client so the script knows what to check on the form.
Optional:
- Optional: Group Policy access to enforce registry keys or file paths.
- Optional: RMM like NinjaOne for easier remote script deployment and reporting.
Method 1: How to collect installed software inventory via PowerShell
You can use PowerShell to pull a list of installed applications from 64-bit and 32-bit registry locations. Afterward, you can export it to CSV for reporting.
📌 Use Cases:
- This can be used to create a clear list of installed software, check compliance, and determine whether devices meet standards.
- This provides data for comparing what should be installed vs what is installed.
📌 Prerequisites:
- Target devices should be running PowerShell 5.1 or higher.
- Administrator rights are required to access registry locations where Windows stores information about installed programs.
To query both 64-bit and 32-bit installations, use this command on PowerShell:
| $installedSoftware = Get-ItemProperty ` HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*, HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object { $_.DisplayName } | Select-Object DisplayName, DisplayVersion, Publisher $installedSoftware | Format-Table -AutoSize |
To export to CSV:
| $installedSoftware | Export-Csv “C:\Reports\InstalledSoftware.csv” -NoTypeInformation |
Method 2: How to define and compare against a software baseline
After you’ve collected the list of installed applications, your next task is to compare it against a predefined baseline. A baseline is a list of apps that must be present on every device for compliance and operational requirements. You can use PowerShell to flag missing apps and export the results.
📌 Use Cases:
- You can use this to ensure all endpoints have the required applications.
- This is to help you identify missing or unauthorized applications before they impact users.
📌 Prerequisites:
- You must have a predefined and definitive list of required applications per site, role, or client.
- To run scripts on the target device, you need PowerShell 5.1 or higher.
Here is an example baseline list and command you can run on PowerShell. This sets the list of software that has to be present. You can add apps with a comma + straight quotation marks:
| $requiredApps = @(“Microsoft Defender Antivirus”, “7-Zip”, “Microsoft Edge”, “FortiClient VPN”) |
Meanwhile, to detect missing apps vs the list of baseline apps, use this code:
| $installed = $installedSoftware.DisplayName $missing = $requiredApps | Where-Object { $installed -notcontains $_ } $missingReport = [PSCustomObject]@{ ComputerName = $env:COMPUTERNAME MissingSoftware = $missing -join “; “ Timestamp = (Get-Date).ToString(“u”) } |
To export to CSV, run this command:
| $missingReport | Export-Csv “C:\Reports\MissingSoftware.csv” -NoTypeInformation |
Method 3: How to use CMD and WMIC for lightweight inventory
In case PowerShell is restricted or unavailable, you can use the Command Prompt and Windows Management Instrumentation Command-line (WMIC). These can provide a quick way to gather installed software information. Though less detailed than PowerShell, it can work in legacy setups.
📌 Use Cases:
- Use this to collect software inventory in legacy or restricted environments.
- You can use it to generate quick text-based lists of installed software.
📌 Prerequisites:
- You’ll need a Windows endpoint with WMIC available (Windows 10 and earlier, or server version before 2022).
- You’ll need permissions to run commands from an elevated Command Prompt.
You can use this command via Command Prompt to export the installed software list to a text file:
wmic product get name, version > C:\Reports\SoftwareInventory.txt
Optional: You can parse results with PowerShell:
Get-Content “C:\Reports\SoftwareInventory.txt” | Select-String “AppName”
Method 4: How to store compliance status in the Registry
This method writes audit results into the Windows Registry so each endpoint keeps a local record of its compliance status, including the last audit time and any missing software.
📌 Use Cases:
- This will help make compliance results easy to see on the device, so technicians and scripts can check quickly.
- This will enable RMM tools to read registry values and use them in compliance reports.
📌 Prerequisites:
- You will need administrator rights to create and edit Registry keys under HKLM.
- This requires the $missing array created during the baseline comparison in Method 2.
Here’s how to create a local registry record to reflect compliance results:
| New-Item -Path “HKLM:\SOFTWARE\Org\SoftwareAudit” -Force Set-ItemProperty -Path “HKLM:\SOFTWARE\Org\SoftwareAudit” -Name “LastAudit” -Value (Get-Date).ToString(“u”) Set-ItemProperty -Path “HKLM:\SOFTWARE\Org\SoftwareAudit” -Name “MissingItems” -Value ($missing -join “, “) |
You can then validate on CMD to confirm that the key and values were actually created. You can use this code to do so:
reg query HKLM\SOFTWARE\Org\SoftwareAudit
Method 5: Generating cross-device compliance reports
After each device generates its audit CSV report, you can combine the results into one master report. This will provide a complete view of compliance across endpoints, making tracking gaps by client, location, or role easier.
📌 Use Case:
- This will help you create a single report that gathers compliance data from all devices.
📌 Prerequisites:
- You will need access to a shared drive or RMM that collects device-level CSV reports.
- PowerShell 5.1 or higher will be needed to aggregate export results.
Here are the steps to generate cross-device compliance reports:
- Collect device reports by ensuring each endpoint saves its CSV to a shared folder or uploads it through your RMM.
- Run this PowerShell command to consolidate results by gathering and combining all CSVs:
Get-ChildItem “\\server\auditshare\*.csv” | Import-Csv | Export-Csv “C:\Reports\MasterComplianceReport.csv” -NoTypeInformation
- Next, review key columns. Make sure that the master report has the essential fields like:
- Device Name
- Missing Software
- Compliance Status
- Timestamp
- PowerShell’s Group-Object or filtering can organize results by client, location, or endpoint role. For example, you can group all devices under each client using this command:
| Import-Csv “C:\Reports\MasterComplianceReport.csv” | Group-Object Client | ForEach-Object { Write-Output “Client: $($_.Name)” $_.Group | Select-Object DeviceName, MissingSoftware, ComplianceStatus “” } |
⚠️ Things to look out for
| Risks | Potential Consequences | Reversals |
| Missing CSV files from devices | The master report will be incomplete and may understate non-compliance. | Verify that each endpoint successfully exported its CSV. Rerun the audit script if required. |
| Audit scripts don’t work | Ensure that you have the appropriate permissions. | Run the scripts using an account with elevated permissions. |
| Inconsistent column names across CSVs | The import process may fail or produce inaccurate results. | Standardize script outputs. This will ensure every device will export the same column names. |
Additional considerations for detecting and reporting missing software
False negatives
Software names in the DisplayName field may vary. For example, there is a difference between “Google Chrome” and “Chrome.” To avoid this, you can use regex or wildcard matches to prevent inaccurate results.
License tracking
Compliance checks should cover more than missing installs. It should also track version mismatches and expired trial licenses. This will ensure endpoints will remain compliant and up to date.
Exclusions
Consider maintaining separate lists for required software and prohibited software. This will allow you to flag both missing installs and unauthorized applications.
Baseline flexibility and adjustments
Tweak baseline requirements according to each endpoint’s role. For example, kiosks used for displays may only need a few apps, while engineers may need to use a wide selection of programs to do their work efficiently.
Troubleshooting software auditing and report generation issues
Missing 32-bit software in 64-bit PowerShell
If 32-bit applications are not appearing, make sure your script queries the Wow6432Node registry path and the standard uninstall key.
Empty export
If the exported CSV is blank, confirm that the software is installed and that the DisplayName field is populated.
Registry write failures
If compliance results are not saving to the Registry, run the script with administrator rights or under the SYSTEM context.
Unicode CSV issues
If exported CSVs show garbled text or missing characters, use -Encoding UTF8 with Export-Csv to handle special characters correctly.
NinjaOne services that can help with detecting missing software and generating reports
| What NinjaOne can do | What it is | How it helps |
| Deploy inventory and comparison scripts at scale | Runs PowerShell or CMD scripts across all managed devices | Ensures every endpoint is checked against the software baseline automatically |
| Collect local registry tags for audit visibility | Reads compliance keys like LastAudit and MissingItems from the Registry | Provides technicians and auditors with local and centralized visibility |
| Tag devices as “Non-Compliant” | Marks endpoints that do not meet baseline requirements | Speeds up triage by letting technicians focus on out-of-compliance devices |
| Alert based on missing software | Triggers notifications when required applications are absent | Enables immediate technician response before users are impacted |
| Generate client-facing compliance reports | Produces reports with version tracking and deployment status | Delivers transparent reporting to stakeholders and supports audits |
With NinjaOne, MSPs can standardize and scale software IT audits while providing transparent compliance reporting to clients.
Strengthening compliance and reducing risk with automated software audits
Detecting missing software and keeping endpoints compliant is essential for security and day-to-day operations. MSPs and IT admins can quickly confirm which devices meet requirements by collecting software inventories, checking them against a baseline, and recording the results locally and centrally.
Organization-wide compliance reports give full visibility across clients, while NinjaOne allows for the automation of audits, speeds up remediation, and maintains continuous compliance at scale.
Related topics:
