-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathWsusTask.ps1
74 lines (60 loc) · 2.74 KB
/
WsusTask.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
<#
.SYNOPSIS
Automatically approve updates older than x days and do a cleanup after.
.DESCRIPTION
This scripts approves updates that are older than a given number of days for
the update categories and update groups specified. Afterwards, a thorough
server cleanup is performed, so as to not let old updates linger in the server's
storage.
WARNING: Windows 10 GPOs regarding update deferring are ignored when the update
source is a WSUS server. Therefore, this script is still required if you want to
implement delays and rings.
This script depends on the WsusFunctions module, located at:
C:\Program Files\WindowsPowerShell\Modules\WsusFunctions
.NOTES
Version: 1.3
Author: Gonçalo Lourenço ([email protected])
Creation Date: 15 August, 2017
1.0: Script creation;
1.1: Definition updates are approved without delay.
1.2: Security and Critical updates are also approved without delay.
1.3: Proper exception handling for exceptions thrown by the Approve-WsusUpdatesForGroup function.
#>
# Import the required modules.
Import-Module WsusFunctions;
# Set update approval parameters.
$wsus = Get-WsusServer;
$nonCriticalDelayInDays = 30;
$wsusGroups = @("Workstations", "Servers");
$wsusNonCriticalCategories = @("FeaturePacks", "ServicePacks", "Updates", "UpdateRollups");
$wsusCriticalCategories = @("CriticalUpdates", "SecurityUpdates", "DefinitionUpdates");
$logFile = "C:\Logs\WsusTask.log";
# Print log header.
$date = Get-Date;
@"
WSUS Task - $date
Server: $($wsus.Name)
Delay in days for Non-Critical Updates: $nonCriticalDelayInDays
Update Groups: $wsusGroups
Update Categories Critical: $wsusCriticalCategories
Update Categories Non-Critical: $wsusNonCriticalCategories
WARNING: Critical patches are approved with no delay.
"@ | Out-File -Encoding utf8 -Append -NoClobber -FilePath $logFile;
# Perform update approval for general and definition updates.
try
{
Approve-WsusUpdatesForGroup -UpdateGroupList $wsusGroups -UpdateCategories $wsusNonCriticalCategories -WsusServer $wsus `
-UpdateDelay $nonCriticalDelayInDays 2>&1 | Out-File -Encoding utf8 -Append -NoClobber -FilePath $logFile;
Approve-WsusUpdatesForGroup -UpdateGroupList $wsusGroups -UpdateCategories $wsusCriticalCategories -WsusServer $wsus `
-UpdateDelay 0 2>&1 | Out-File -Encoding utf8 -Append -NoClobber -FilePath $logFile;
}
catch
{
Write-Output "$($_.Exception.Message)`r`n" | Out-File -Encoding utf8 -Append -NoClobber -FilePath $logFile;
}
# Perform a server cleanup
Start-WsusCleanup -WsusServer $wsus 2>&1 | Out-File -Encoding utf8 -Append -NoClobber -FilePath $logFile;
# Print end-of-log footer.
@"
---------------
"@ | Out-File -Encoding utf8 -Append -NoClobber -FilePath $logFile;