Dave Heavy Industries Dave Heavy Industries – blog

31Oct/120

Powershell WSUS approval between targets

Well, if you're anything like us, you'll have all sorts of tiered update computer targets, and you'll be staging your updates between them.

Usually it'll be something along the lines of  DEV  -> UAT -> PRE_PRODUCTION -> PRODUCTION

So, how do you get updates that have been developed against in DEV to UAT, or from UAT to PREPROD, or PREPROD into production?

well, I wrote a script.. two really, but we'll get to that.

update approval copier.

This copies all update approvals from a source target into a destination target where it has been approved, installed, and where it hasn't failed (on any computer) on the source computer target.

[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer("WSUS SERVER NAME HERE",$False)
$updateScope = new-object Microsoft.UpdateServices.Administration.UpdateScope;
$updateScope.IncludedInstallationStates = "Installed"
$updates = $wsus.GetUpdates($updateScope)
$groups = $wsus.GetComputerTargetGroups()
foreach ($group in $groups) {
  if ($group.name -eq "SOURCE COMPUTER TARGET NAME" )
  {
     $sourcegroup = $group
  }
  if ($group.name -eq "DESTINATION COMPUTER TARGET NAME")
  {
     $targetgroup = $group
  }
}
foreach( $update in $updates){
                if ($update.GetUpdateApprovals($sourcegroup).Count -ne 0)
                {
            if ($update.GetSummaryForComputerTargetGroup($sourcegroup).InstalledCount -ne 0 )  {
                 if ($update.GetSummaryForComputerTargetGroup($sourcegroup).FailedCount -eq 0 ) {
                   if ($update.GetUpdateApprovals($targetgroup).Count -eq 0)
                   {
                       Write-Host ("Approving {0} for {1}" -f $update.Title,$targetgroup.Name) -Fore Green -Back Black
                                $update.Approve('Install',$targetgroup)
                   }
                }
      }
   }
}

Approve already installed updates

Now... the second is very simpler, it's for when you first deploy WSUS, and you want to copy a baseline for approvals from already updated servers within that target. Note the source and the target are the same (although you could change if it you wanted to copy installed updates as approvals to another target)

[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer("WSUS SERVER NAME HERE",$False)
$updateScope = new-object Microsoft.UpdateServices.Administration.UpdateScope;
$updateScope.IncludedInstallationStates = "Installed"
$updates = $wsus.GetUpdates($updateScope)
$groups = $wsus.GetComputerTargetGroups()
foreach ($group in $groups) {
  if ($group.name -eq "SOURCE COMPUTER TARGET NAME" )
  {
     $sourcegroup = $group
  }
  if ($group.name -eq "SOURCE COMPUTER TARGET NAME")
  {
     $targetgroup = $group
  }
}
foreach( $update in $updates){
            if ($update.GetSummaryForComputerTargetGroup($sourcegroup).InstalledCount -ne 0 )  {
                 if ($update.GetSummaryForComputerTargetGroup($sourcegroup).FailedCount -eq 0 ) {
                   if ($update.GetUpdateApprovals($targetgroup).Count -eq 0)
                   {
                       Write-Host ("Approving {0} for {1}" -f $update.Title,$targetgroup.Name) -Fore Green -Back Black
                                $update.Approve('Install',$targetgroup)
                   }
             }
      }
}
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

Trackbacks are disabled.