WSUS: PowerShell: Unterschied zwischen den Versionen

Aus Wiki-WebPerfect
Wechseln zu: Navigation, Suche
 
(4 dazwischenliegende Versionen des gleichen Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
 +
== Get Approving History of an Update ==
 +
<source lang="powershell">Get-Content 'C:\Program Files\Update Services\LogFiles\Change.log' | Where-Object {$_ -match "install" -and $_ -match "<THE_UPDATE_KB_YOU_SEARCH>"}</source>
 +
 +
'''Example with KB4566516:'''
 +
*'''Green''' = Approving Update
 +
*'''Red''' = Remove Approving
 +
[[Datei:01-wsus update history.png]]
 +
 +
 
== Get Windows Update ID ==
 
== Get Windows Update ID ==
 
<span style="font-size:20px;"><span style="color:red">'''-> This function/script is moved to [https://github.com/R-Studio/PSTools GitHub]!'''</span></span><br>
 
<span style="font-size:20px;"><span style="color:red">'''-> This function/script is moved to [https://github.com/R-Studio/PSTools GitHub]!'''</span></span><br>
Zeile 109: Zeile 118:
 
</source>
 
</source>
  
 
=== Error: Cannot Delete RevisionID: XXXX Because it is still deployed to a Non DSS Target Group ===
 
[[Datei:Wsus ps error.png]]<br>
 
 
 
'''Solution'''
 
* Change the Approval-Status to "Not Approved"
 
[[Datei:Wsus ps solution.png]]
 
 
 
 
== Check WSUS Agent ID (SusClientId) ==
 
On WSUS search your system:
 
<source lang="powershell">Get-WsusComputer -NameIncludes <Hostname> | fl * </source>
 
 
Check the '''ID''' from the WSUS-Computer with the "SusClientID" on the Client (have to be the same):
 
<source lang="powershell">Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" -Name SusClientId </source>
 
 
If there is a mismatch, remove the WSUS-Computer Object in the WSUS-Console and run following on your client:
 
wuauclt /detectnow /reportnow
 
<source lang="powershell">(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow() </source>
 
c:\windows\system32\UsoClient.exe startscan
 
 
 
 
== Dual Scan (on Windows 10 & Windows Server 2016) ==
 
=== Check Dual Scan Konfiguration ===
 
<source lang="powershell">
 
$WinUpdateSvc = New-Object -ComObject "Microsoft.Update.ServiceManager"
 
$WinUpdateSvc.Services | select Name, IsDefaultAUService
 
</source>
 
[[Datei:Wsus-dualscan.png]] <br>
 
If '''Windows Update''' is True -> '''Dual Scan'''<br>
 
If '''Windows Server Update Service''' is True -> '''only WSUS/SUP'''
 
  
  
=== Disable Dual Scan ===
 
Enable the GPO-Policy under '''Windows Components/Windows Update''' -> '''Do not allow update deferral policies to cause scans against Windows Update''' <br>
 
More Informations: https://blogs.technet.microsoft.com/swisspfe/2018/04/13/win10-updates-store-gpos-dualscandisabled-sup-wsus/
 
  
  

Aktuelle Version vom 17. November 2021, 08:30 Uhr

Get Approving History of an Update

Get-Content 'C:\Program Files\Update Services\LogFiles\Change.log' | Where-Object {$_ -match "install" -and $_ -match "<THE_UPDATE_KB_YOU_SEARCH>"}

Example with KB4566516:

  • Green = Approving Update
  • Red = Remove Approving

01-wsus update history.png


Get Windows Update ID

-> This function/script is moved to GitHub!

Function Get-UpdateFromWSUSInfo {
    [CmdletBinding()]
 
    param (
        [Parameter(Mandatory=$false)]
        [String]$WSUSServer = "localhost",
 
        [Parameter(Mandatory=$false)]
        [Int32]$PortNumber = 8530,
 
        [Parameter(Mandatory=$false)]
        [Boolean]$useSecureConnection = $False,
 
        [Parameter(Mandatory=$false)]
        [String]$KB = ""
    )
 
    Process {
        [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
        $WSUS = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($WSUSServer,$False,$PortNumber)
 
        #Get all updates
        $updates = $WSUS.GetUpdates()
 
        If ($KB) {
            $UpdateSearched = ($Updates | ? {$_.Title -match $KB})
 
            New-Object PSObject -Property @{
                Id = $UpdateSearched.Id.UpdateId.ToString()
                Title = $UpdateSearched.Title
                Source = $UpdateSearched.UpdateSource.ToString()
            }
        } Else {
            #List every update and output some basic info about it
            ForEach ($update in $updates) {
                New-Object PSObject -Property @{
                    Id = $update.Id.UpdateId.ToString()
                    Title = $update.Title
                    Source = $update.UpdateSource.ToString()
                }
            }
        }
    }
}


Remove Windows Update from WSUS

-> This function/script is moved to GitHub!

Function Remove-UpdateFromWSUS {
    [CmdletBinding()]
 
    param (
        [Parameter(Mandatory=$false)]
        [String]$WSUSServer = "localhost",
 
        [Parameter(Mandatory=$false)]
        [Int32]$PortNumber = 8530,
 
        [Parameter(Mandatory=$false)]
        [Boolean]$useSecureConnection = $False,
 
        [Parameter(Mandatory=$false)]
        [String]$KB = "",
 
        [Parameter(Mandatory=$false)]
        [String]$RemoveUpdateID = ""
    )
 
    Process {
        # Load .NET assembly
        [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
        $WSUS = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($WSUSServer,$False,$PortNumber)
        Write-Host "Connected sucessfully" -foregroundcolor "Green"
 
        #UpdateID (GUID of the update) to delete 
        If (!$RemoveUpdateID) {
            $IDOfUpdateToRemove = ($WSUS.GetUpdates() | ? {$_.Title -match $KB}).Id.UpdateId.ToString()
            $RemoveUpdateID = $IDOfUpdateToRemove
        }
 
        $updatescope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
        $u=$WSUS.GetUpdates($updatescope)
 
        Foreach ($u1 in $u) {
            $a=New-Object Microsoft.UpdateServices.Administration.UpdateRevisionId
            $a=$u1.id  
 
            If ($a.UpdateId -eq $RemoveUpdateID) {  
                     Write-Host "Deleting update " $a.UpdateId "..."
                      $WSUS.DeleteUpdate($a.UpdateId)
            }
        }  
 
        trap {
            write-host "Error Occurred"
            write-host "Exception Message: " 
            write-host $_.Exception.Message
            write-host $_.Exception.StackTrace
        }
    }
}