I just published my latest version of the PoshWSUS module to CodePlex which has some updated code on a few functions and some other bug fixes. Also, there are 8 new commands that are available with this latest version of the module. The majority of these commands deal with creating and working with the Approval Rules in WSUS that can be set to automatically approve specific types of patches for specific groups. The other functions deal with connecting to the database server that the WSUS database is hosted on and looking at the update classifications in WSUS.
New Commands
- New-WSUSInstallApprovalRule
- Used to create a new WSUS Install Approval Rule
- Set-WSUSInstallApprovalRule
- Configures an existing Approval Rule. Also allows you to Disable/Enable a rule.
- Get-WSUSInstallApprovalRules
- Lists all Approval Rules on WSUS
- Remove-WSUSInstallApprovalRule
- Removes a specified Approval Rule
- Start-WSUSInstallApprovalRule
- Runs a specified Approval Rule
- Connect-WSUSDatabaseServer
- Connects to and lists configuration of SQL Database server used by WSUS
- Test-WSUSDatabaseServerConnection
- Presents a True/False along with error when attempting to test connection to Database server from system this command is being ran from.
- Get-WSUSUpdateClassifications
- Lists all Update classifications on WSUS server
Examples
Get-WSUSUpdateClassifications
This command was one I thought I already included in V1.0, but as I was working on the Approval commands, it became apparent that this was not the case. This command is pretty straight forward and gives you all of the update classifications on the WSUS server.
Get-WSUSUpdateClassifications
Test-WSUSDatabaseServerConnection
Test-WSUSDatabaseServerConnection
Connect-WSUSDatabaseServer
This command, while using the –Passthru switch, will show you the database server and how it is connecting. A global variable is also created with the name $wsusdb.
Connect-WSUSDatabaseServer -Passthru
Viewing the $wsusdb using Get-Member will list out everything that can be done with that database using various methods. This is a little more beyond what I am going to show you here. But you can feel free to play with it and see what you get. If I have more time, I will attempt to dive deeper into it.
New-WSUSInstallApprovalRule
This command allows you to create a Install Approval Rule in WSUS that will automate the approval process for you by approving specific patches that meet the criteria that you determine and will only apply to whichever groups you pick. This does require some extra steps in getting the group/s, classification/s and categories prior to creating the new rule.
$cat = Get-WSUSUpdateCategories | ? {$_.Title -eq "Windows Server 2008"}
$group = Get-WSUSGroups | ? {$_.Name -eq "Test"}
$class = Get-WSUSUpdateClassifications | ? {$_.Title -eq "Updates"}
New-WSUSInstallApprovalRule -Name "Rule1" -Category $cat -Classification $class -Group $group -Enable
Get-WSUSInstallApprovalRules
This command will list all of the Approval Rules on the WSUS server.
Get-WSUSInstallApprovalRules
Set-WSUSInstallApprovalRule
Much like the New-WSUSInstallApprovalRule, this one may require some prep work prior to actually running the command. If you are just going to enable/disable the rule, then it is as simple as running the command with the –Enable or –Disable switch.
Set-WSUSInstallApprovalRule -Name 'Rule1' -Enable
Get-WSUSInstallApprovalRule | ? {$_.Name -eq "Rule1"} | Set-WSUSInstallApprovalRule -Disable
Besides that, as long as you supply a new group, or new classifications and categories, you can also edit what groups a rule could apply to as well as the classifications and update categories to change on the rule.
$cat = Get-WSUSUpdateCategories | ? {$_.Title -eq "Windows Server 2003"}
$group = Get-WSUSGroups | ? {$_.Name -eq "Test"}
$class = Get-WSUSUpdateClassifications | ? {$_.Title -eq "Updates"}
Set-WSUSInstallApprovalRule -Name "Rule1" -Category $cat -Classification $class -Group $group
Start-WSUSInstallApprovalRule
This command will start the approval rule process and automatically approve updates based on the requirements of a specified Approval Rule. Just make sure the rule is enabled prior to running this command.
Start-WSUSInstallApprovalRule
Remove-WSUSInstallApprovalRule
As this command states, this will remove a Approval Rule from WSUS.
Remove-WSUSInstallApprovalRule -Name 'Rule1'
Code
The downloads for this updated Module are available from the following locations:
Please use either the comments here, codeplex or the script repository to report any bugs that are found. Also, any features or things of that nature that you would like to see added can be posted in those areas as well.
There seems to be an issue with Get-WSUSUpdateSummaryPerClient, does this not allow pipelining? Also, I don’t think ComputerGroup is properly showing up with Get-WSUSUpdateSummaryPerClient. Is this a bug?
Can you post the command line that you are using for Get-WSUSUpdateSummaryPerClient? I will have to look into the issue with ComputerGroup and verify if it is a bug or by design. Thanks for the input!
Currently, Get-WSUSUpdateSummaryPerClient does not support pipelining at this time for the update and computer scope objects. This is something I can look into adding in a future update.
The ComputerGroup being null is by design due to this specific command does not a value for this object. However, the ComptuerGroup property exists because this object is used in other commands that do in fact return a value to that property. ie: Get-WSUSUpdateSummaryPerGroup
Hope this helps.
Thanks so much!
Is it possible to use the GetUpdateSummary() method of IUpdate with your current code? I am not very experienced at all with code, but your code works very well and I would like to add this method so I can approve updates based on the “Failed or Needed” status filter in WSUS. I hope what I’m saying makes sense. I have been trying the following:
Define $groups with Get-WsusGroups
Define $update with Get-WsusUpdates
Then find update summary with $update.GetUpdateSummary($groups)
Any help would be much appreciated!
I would like to use the version poshWSUS V1.1 .
After this command I get every time this questions:
import-module d:\apps\scripts\poshwsus1_1.psm1 -DisableNameChecking -global
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
d:\>powershell
Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.
PS D:\> import-module d:\apps\scripts\poshwsus1_1.psm1 -DisableNameChecking -global
Security Warning
Run only scripts that you trust. While scripts from the Internet can be useful,
this script can potentially harm your computer. Do you want to run
D:\apps\scripts\poshwsus1_1.psm1?
[D] Do not run [R] Run once [S] Suspend [?] Help (default is “D”):
In the older version it wasn’t this question.
For a complete batch job I cann’t use this newer version.
Can you help me, please ?
Thanks.
Best regards,
Norbert
Sometimes when a script is downloaded from the internet, it is embedded with some zone information. Typically, it might look like this:
[ZoneTransfer]
ZoneId=3
You can view this by information by typing ‘notepad poshwsus1_1.psm1:Zone.Identifier’
You can remove all of this information and save the file. Once you do this, close and re-open the powershell console and the message should not appear the next time you import the module.
Pingback: Tweets that mention PoshWSUS V1.1 is available | Learn Powershell | Achieve More -- Topsy.com