I had an email recently asking how to report on the number of updates per Target Group. Basically when a report is run using the WSUS Management Console, you can create a tabular report that displays something similar to this:
By specifying a Target Group and then report on all systems with the number of updates Needed, Installed/NotApplicable, Failed and NoStatus. Not too difficult to do with WSUS, but if you want to work with multiple target groups then you really are not sure what group belongs to what systems.
In the end, I wrote a fairly short script that the individual can use to get the information he needed. First I wanted to just show the number of updates per Target Group, then dive into a specific target group and pull number of updates per Computer (like the report above) and present it out. Lastly, I wanted to go even deeper into the rabbit hole and just pull updates which are Needed by a specific computer and list those out.
Before I do anything else, I need to make my initial connection using the WSUS API (WSUS Management Console is required for access).
$Computername = 'dc1'
$UseSSL = $False
$Port = 80
[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | out-null
$Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($Computername,$UseSSL,$Port)
First, lets take a look at the Target Groups:
#Updates per TargetGroup
$wsus.GetComputerTargetGroups() | ForEach {
$Group = $_.Name
$_.GetTotalSummary() | ForEach {
[pscustomobject]@{
TargetGroup = $Group
Needed = ($_.NotInstalledCount + $_.DownloadedCount)
"Installed/NotApplicable" = ($_.NotApplicableCount + $_.InstalledCount)
NoStatus = $_.UnknownCount
PendingReboot = $_.InstalledPendingRebootCount
}
}
}
One thing that I have done better all ready with the report is that I can see what how many updates require a reboot.
Now onto the Windows Server 2003 Target Group. Let’s see how many updates are needed per computer (in this case only 1 system).
Lastly, I want to dive even deeper into this and see what updates exactly are needed for my server before I go about approving them for installation.
$TargetGroup = 'Windows Server 2003'
$updateScope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
$updateScope.IncludedInstallationStates = 'Downloaded','NotInstalled'
($wsus.GetComputerTargetGroups() | Where {
$_.Name -eq $TargetGroup
}).GetComputerTargets() | ForEach {
$Computername = $_.fulldomainname
$_.GetUpdateInstallationInfoPerUpdate($updateScope) | ForEach {
$update = $_.GetUpdate()
[pscustomobject]@{
Computername = $Computername
TargetGroup = $TargetGroup
UpdateTitle = $Update.Title
IsApproved = $update.IsApproved
}
}
}
Note my use of a UpdateScope object that is used to provide the necessary information for the InstallationStates (Downloaded, NotInstalled) so I can be sure to get an accurate report.
Now we saw that 1 update was pending a reboot, so the question is: what update was installed that is awaiting a system reboot? Let’s find out!
$TargetGroup = 'Windows Server 2003'
$updateScope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
$updateScope.IncludedInstallationStates = 'InstalledPendingReboot'
$computerScope = New-Object Microsoft.UpdateServices.Administration.ComputerTargetScope
$computerScope.IncludedInstallationStates = 'InstalledPendingReboot'
($wsus.GetComputerTargetGroups() | Where {
$_.Name -eq $TargetGroup
}).GetComputerTargets($computerScope) | ForEach {
$Computername = $_.fulldomainname
$_.GetUpdateInstallationInfoPerUpdate($updateScope) | ForEach {
$update = $_.GetUpdate()
[pscustomobject]@{
Computername = $Computername
TargetGroup = $TargetGroup
UpdateTitle = $Update.Title
IsApproved = $update.IsApproved
}
}
}
The only adjustment here was that I only had one InstallationState used (InstalledPendingReboot). I also created a ComputerTargetScope and applied the InstallationState of InstalledPendingReboot to better filter for only the computers that are in a pending reboot state. The rest was the same code I had used before. The nice thing about this is you don’t have to filter by target group or computername and just pull from all systems to see any computers which are awaiting a reboot and what update is requiring it.
Learn Powershell | Achieve More 
“Let’s see how many updates are needed per computer”
Any update on this? This is exactly what I’m looking for. Thanks!
Great script!!!
Is it possible to make this script to work for all target groups simultaneously without having to define them for each group in $Targetgroup?
I tried to make the $Targetgroup an array but I cannot match it with where command.
Any ideas would be helpful.
Thanks in advance!
Is one of the examples missing, how did you create this output ?
Thanks
John
Weird. I’ll have to dig back and find that example and post it. Thanks for the heads up!
Hi Boe,
Did you ever manage to find the missing example code?
Thanks
Guy
Hi,
fantastic script, however i also need how many updates are needed for Computer in targetgroups. Do you have the example scirpt ?
Hi,
fantastic, however i also need the Output for needed updates per Computer.
I can´t fix it. Do you have the example ?
Any update over this? I am also looking for similar script with this kind of article for “Approved Updates” count per computer.
Nothing at this time. Other events have prevented me from doing anything with this.
I believe I got what I looking for from PoshWSUS
I also Need this output
Hi,
i also need the Output for Computers how many Updates needed.
Now onto the Windows Server 2003 Target Group. Let’s see how many updates are needed per computer (in this case only 1 system)……..
How to do it?
Fantastic and missing from the regular cmdlets! Now we can harass our users with an automated email!
HI Boe,
Do you have any ideas why I would be able to run the script successfully once but then get “You cannot call a method on a null-valued expression” every attempt after the first?
Like I said the first attempt was successful and I was able to connect and pull the information from the 2 Target Groups. Every attempt after fails with the error above.
Any suggestions?
Thanks,
Kevin
Hello Prox,
Can you please help me about the structure of the result.
I can’t have a table like you have when executing the script.
Thank you in advance.
Hi Boe,
The code seems to be missing for the “number of updates needed per computer” output above. Could you kindly provide that as well? Thanks!
Waqqas
Mississauga, Ontario
Hi Boe,
Great article. I’m trying to pump out a list of the approved updates for a target group but not getting the desired result. Just wondering if you have anything that could help.
Thanks
Nicolas