Chapter 26. WSUS and PowerShell

 

Boe Prox

Windows Software Update Services (WSUS) ensures that all of your system’s patching remains up-to-date and provides a way to report the status of patches and clients. The UI can be clunky and slow, but you can automate some processes with a WSUS API, a Windows Server 2012 module, or an open source WSUS module called PoshWSUS that I wrote for PowerShell (http://poshwsus.codeplex.com) to quickly manage and generate reports.

Instead of looking at the existing cmdlets available in the Windows Server 2012 UpdateServices module, I’ll show you some API tricks for using PowerShell to manage WSUS configuration and events, provide reporting on various client and patch statuses, start and view synchronization progress and history, and view and create automatic installation rules to simplify patch management by approving common updates.

WSUS server configuration and events

In WSUS two of the most basic administration tasks are client management and patch management. Before Windows Server 2012 the only ways to manage these tasks were to work with the UI or dig into the API via scripts or the open source module, PoshWSUS. With Windows Server 2012 the WSUS module called UpdateServices makes it easier to manage clients. The UpdateServices module is available only on the WSUS server, allowing you to manage the server remotely using PowerShell. If you’re not using Windows Server 2012 you’ll need to use the API to manage a remote WSUS server.

Initial connection

Automatic approval rules

Reporting in WSUS

Summary

About the author