Bart's Weblog

Just a blog…

WSUS: Approve all needed updates for a computer group using a member as reference

Posted by bartvdw on 0606/0505/2013

Approve updates for a computer group using a member as reference (computer using as reference must be member of that group); adapt variables in the beginning of the script to suit your needs (this is not for WSUS on Windows Server 2012!!):

[reflection.assembly]::LoadWithPartialName(“Microsoft.UpdateServices.Administration”) | out-null
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer(‘wsus.domain.local’,$false,80);
$groupName = “Servers”
$computerName = “reference.domain.local”
$approveUpdates = $false

$group = $null
$computer = $wsus.GetComputerTargetByName($computerName)
$groups = $computer.GetComputerTargetGroups() | foreach-object {
If ($_.Name -eq $groupName) {
$group = $_;
Function GetComputerGroupByName ($group) {
$wsus.GetComputerTargetGroups() | foreach-object {
if ($_.Name -eq $group) {$_;}
if ($group -eq $null) {throw new-object System.Exception($computerName + ” doesn’t below to group ” + $groupName)}

$updateScope = new-object Microsoft.UpdateServices.Administration.UpdateScope;
$updateScope.IncludedInstallationStates = “NotInstalled”
#$updateScope.ApprovedStates = “NotApproved”

$action = [Microsoft.UpdateServices.Administration.UpdateApprovalAction]::Install;
$updates = $computer.GetUpdateInstallationInfoPerUpdate($updateScope);
$updates | foreach-object {
$u = $wsus.GetUpdate($_.UpdateId);
If ($approveUpdates) {
} else {“Need to approve ” + $u.Title}

Approve Needed Updates


2 Responses to “WSUS: Approve all needed updates for a computer group using a member as reference”

  1. LeITchronicle Admin said

    Looks good, i’m testing it, and was wondering what’s with all the “;” is it on purpose?
    like this line:

    also why is the script different than the one here:

  2. LeITchronicle Admin said

    Hey, Me Again,
    Okay the script works great, never mind what i wrote before about the “;” i used the code from the gallery, the function isn’t used at all i see,
    but most important, this script will only approve updated that were not approved for any other group,
    for example:
    say i approve updates to “group 1”
    then create “group 2” and place and default windows 7 sp1 computer in it
    i run the script, it will not show any updates approved to “group 1”, but if there’s any updates that weren’t approved to any group at all, it will approve them for “group 2”.

    so all in all it works, thanks!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: