Technology Tips and News
I have two WSUS groups, Pilots and TheMasses. The WSUS server synchronizes daily. I auto-approve critical and security updates to the Pilots group. I would like to script approving updates that have been approved, for at least 14 days, for the Pilots group to the TheMasses group.
Looking for a Powershell script please.
There are plenty of WSUS scripts in the repository
I've written a couple of things about working with WSUS and PowerShell that you may or may not find helpful as well. One in particular deals with approving updates with PowerShell.
http://learn-powershell.net/tag/wsus-2/
I also wrote a WSUS module that is available on Codeplex that might be useful as well.
I've written a couple of things about working with WSUS and PowerShell that you may or may not find helpful as well. One in particular deals with approving updates with PowerShell.
http://learn-powershell.net/tag/wsus-2/
I also wrote a WSUS module that is available on Codeplex that might be useful as well.
I'll simplify things a bit.
Can anyone give me a snipit of Powershell code that will display all the approved updates for a particular Group, GroupX?
Hi,
What have you tried so far?
Bill
"Looking for a PowerShell script please."
http://social.technet.microsoft.com/Forums/en-US/ITCG/thread/a0def745-4831-4de0-a040-63b63e7be7ae
All, I've spent quite a few hours trying to sift through the WSUS API, as well as other scripting repositories.....I'm stuck. Any direct help you can provide, even in the form of possible candidate interfaces/methods/properties to consider, or that you've had succes with, I'd appreciate it.
Marco, I was merely asking for help and wanted people to reply in PowerShellese if possible. I'm not afraid to put time into learning by any means.
All, I've spent quite a few hours trying to sift through the WSUS API, as well as other scripting repositories.....I'm stuck. Any direct help you can provide, even in the form of possible candidate interfaces/methods/properties to consider, or that you've had succes with, I'd appreciate it.
Marco, I was merely asking for help and wanted people to reply in PowerShellese if possible. I'm not afraid to put time into learning by any means.
There are plenty of WSUS scripts in the repository
Hust pull the group by nme. It is one of the functions. Then use it to pull histories.
Ok, I think I've got it. Below is a draft of code that should do the trick. I actually plan on having four WSUS groups that receive updates in a waterfall effect with two weeks of lag between each group. The first group to receive updates has the lowest business impact and the last group to receive updates has the highest business impact. I will have an auto-approval defined for theWorkstations - Updates 1st group. I eventually will rearrange this code so that there is a function I can call three times, but you should get the general idea. Note: The code that is bolded is redundantly unnecessary but speeds the process up tremendously.
[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | out-null
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer();
#Define the start of time
$genesis = Get-Date "1/1/2000 12:00 AM"
#Define number of days an update approval has to mature before being inherited
$maturityInterval = 14
#Figure out the maturity date
$maturityDate = Get-Date
$maturityDate = $maturityDate.adddays(-$maturityInterval)
#Establish Predecessor and Successor Groups
$predecessor = $wsus.GetComputerTargetGroups() | Where-Object {$_.Name -eq "Workstations - Update 1st"}
$successor = $wsus.GetComputerTargetGroups() | Where-Object {$_.Name -eq "Workstations - Update 2nd"}
#Discover approved updates that have matured in predecessor group and approve for sucessor group if not already
$install = [Microsoft.UpdateServices.Administration.UpdateApprovalAction]::Install
$updateScope = new-object Microsoft.UpdateServices.Administration.UpdateScope;
$updateScope.UpdateApprovalActions = [Microsoft.UpdateServices.Administration.UpdateApprovalActions]::Install
$wsus.GetUpdates($updateScope) | foreach {
if ($_.GetUpdateApprovals($predecessor, $install, $genesis, $maturityDate).Count -ne 0 -and $_.GetUpdateApprovals($successor)[0].Action -eq $null) {
$_.Approve($install,$successor)
}
}
Ok, I think I've got it. Below is a draft of code that should do the trick. I actually plan on having four WSUS groups that receive updates in a waterfall effect with two weeks of lag between each group. The first group to receive updates has the lowest business impact and the last group to receive updates has the highest business impact. I will have an auto-approval defined for theWorkstations - Updates 1st group. I eventually will rearrange this code so that there is a function I can call three times, but you should get the general idea. Note: The code that is bolded is redundantly unnecessary but speeds the process up tremendously.
[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | out-null
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer();
#Define the start of time
$genesis = Get-Date "1/1/2000 12:00 AM"
#Define number of days an update approval has to mature before being inherited
$maturityInterval = 14
#Figure out the maturity date
$maturityDate = Get-Date
$maturityDate = $maturityDate.adddays(-$maturityInterval)
#Establish Predecessor and Successor Groups
$predecessor = $wsus.GetComputerTargetGroups() | Where-Object {$_.Name -eq "Workstations - Update 1st"}
$successor = $wsus.GetComputerTargetGroups() | Where-Object {$_.Name -eq "Workstations - Update 2nd"}
#Discover approved updates that have matured in predecessor group and approve for sucessor group if not already
$install = [Microsoft.UpdateServices.Administration.UpdateApprovalAction]::Install
$updateScope = new-object Microsoft.UpdateServices.Administration.UpdateScope;
$updateScope.UpdateApprovalActions = [Microsoft.UpdateServices.Administration.UpdateApprovalActions]::Install
$wsus.GetUpdates($updateScope) | foreach {
if ($_.GetUpdateApprovals($predecessor, $install, $genesis, $maturityDate).Count -ne 0 -and $_.GetUpdateApprovals($successor)[0].Action -eq $null) {
$_.Approve($install,$successor)
}
}
Note that in PowerShell this is all you need:
$wsus.GetUpdates('install') ForEach-....
PowerSHell will cast the enumerator based on string value.
Here is a revised script (still draft) that uses a function to get the job done. In this example, I call the function three times to produce a waterfall effect of approvals with a 14 day lag. I place my low-impact workstations in the Workstations - Update 1st group, and place my high-impact workstation in the Workstations - Update 4th group. I have a rule to auto-approve new updates to the Workstations - Update 1st group as they arrive to the WSUS server.
Function ApprovalsWaterfall($predecessorName, $successorName, [int]$maturityInterval) {
#Define the start of time
$genesis = Get-Date "1/1/2000 12:00 AM"
#Figure out the cutoff date
$maturityDate = Get-Date
$maturityDate = $maturityDate.adddays(-$maturityInterval)
write-host "Approving updates for" $successorName "that have been approved for" $predecessorName "for at least" $maturityInterval "days..." -ForegroundColor Cyan
write-host
#Establish Predecessor and Successor Groups
$predecessor = $wsus.GetComputerTargetGroups() | Where-Object {$_.Name -eq $predecessorName}
$successor = $wsus.GetComputerTargetGroups() | Where-Object {$_.Name -eq $successorName}
#Discover approved updates that have matured in predecessor group and approve for sucessor group if not already
$install = [Microsoft.UpdateServices.Administration.UpdateApprovalAction]::Install
$updateScope = new-object Microsoft.UpdateServices.Administration.UpdateScope;
$updateScope.UpdateApprovalActions = [Microsoft.UpdateServices.Administration.UpdateApprovalActions]::Install
$wsus.GetUpdates($updateScope) | foreach {
if ($_.GetUpdateApprovals($predecessor, $install, $genesis, $maturityDate).Count -ne 0 -and $_.GetUpdateApprovals($successor)[0].Action -eq $null) {
write-host $_.Title -ForegroundColor Green
write-host "Released Date:"$_.CreationDate
write-host "Arrival Date:"$_.ArrivalDate
write-host "ApprovalDate:"$_.GetUpdateApprovals($predecessor)[0].CreationDate
write-host
$_.Approve($install,$successor)
}
}
}
[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | out-null
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer();
ApprovalsWaterfall "Workstations - Update 1st" "Workstations - Update 2nd" 14
ApprovalsWaterfall "Workstations - Update 2nd" "Workstations - Update 3rd" 14
ApprovalsWaterfall "Workstations - Update 3rd" "Workstations - Update 4th" 14
This Script could save my life but as a PS Newb, can you explain to me what this bit does, why do you define that time there?
#Define the start of time
$genesis = Get-Date "1/1/2000 12:00 AM"
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier