Dave Heavy Industries » approval http://www.daveheavyindustries.com Dave Heavy Industries - blog Mon, 12 Aug 2013 00:24:10 +0000 en-US hourly 1 http://wordpress.org/?v=3.6 Powershell WSUS approval between targets http://www.daveheavyindustries.com/2012/10/31/powershell-wsus-approval-between-targets/ http://www.daveheavyindustries.com/2012/10/31/powershell-wsus-approval-between-targets/#comments Wed, 31 Oct 2012 01:43:43 +0000 admin http://wp.daveheavyindustries.com/?p=347 Well, if you're anything like us, you'll have all sorts of tiered update computer targets, and you'll be staging your updates between them.

Usually it'll be something along the lines of  DEV  -> UAT -> PRE_PRODUCTION -> PRODUCTION

So, how do you get updates that have been developed against in DEV to UAT, or from UAT to PREPROD, or PREPROD into production?

well, I wrote a script.. two really, but we'll get to that.

update approval copier.

This copies all update approvals from a source target into a destination target where it has been approved, installed, and where it hasn't failed (on any computer) on the source computer target.

[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer("WSUS SERVER NAME HERE",$False)
$updateScope = new-object Microsoft.UpdateServices.Administration.UpdateScope;
$updateScope.IncludedInstallationStates = "Installed"
$updates = $wsus.GetUpdates($updateScope)
$groups = $wsus.GetComputerTargetGroups()
foreach ($group in $groups) {
  if ($group.name -eq "SOURCE COMPUTER TARGET NAME" )
  {
     $sourcegroup = $group
  }
  if ($group.name -eq "DESTINATION COMPUTER TARGET NAME")
  {
     $targetgroup = $group
  }
}
foreach( $update in $updates){
                if ($update.GetUpdateApprovals($sourcegroup).Count -ne 0)
                {
            if ($update.GetSummaryForComputerTargetGroup($sourcegroup).InstalledCount -ne 0 )  {
                 if ($update.GetSummaryForComputerTargetGroup($sourcegroup).FailedCount -eq 0 ) {
                   if ($update.GetUpdateApprovals($targetgroup).Count -eq 0)
                   {
                       Write-Host ("Approving {0} for {1}" -f $update.Title,$targetgroup.Name) -Fore Green -Back Black
                                $update.Approve('Install',$targetgroup)
                   }
                }
      }
   }
}

Approve already installed updates

Now... the second is very simpler, it's for when you first deploy WSUS, and you want to copy a baseline for approvals from already updated servers within that target. Note the source and the target are the same (although you could change if it you wanted to copy installed updates as approvals to another target)

[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer("WSUS SERVER NAME HERE",$False)
$updateScope = new-object Microsoft.UpdateServices.Administration.UpdateScope;
$updateScope.IncludedInstallationStates = "Installed"
$updates = $wsus.GetUpdates($updateScope)
$groups = $wsus.GetComputerTargetGroups()
foreach ($group in $groups) {
  if ($group.name -eq "SOURCE COMPUTER TARGET NAME" )
  {
     $sourcegroup = $group
  }
  if ($group.name -eq "SOURCE COMPUTER TARGET NAME")
  {
     $targetgroup = $group
  }
}
foreach( $update in $updates){
            if ($update.GetSummaryForComputerTargetGroup($sourcegroup).InstalledCount -ne 0 )  {
                 if ($update.GetSummaryForComputerTargetGroup($sourcegroup).FailedCount -eq 0 ) {
                   if ($update.GetUpdateApprovals($targetgroup).Count -eq 0)
                   {
                       Write-Host ("Approving {0} for {1}" -f $update.Title,$targetgroup.Name) -Fore Green -Back Black
                                $update.Approve('Install',$targetgroup)
                   }
             }
      }
}
]]> http://www.daveheavyindustries.com/2012/10/31/powershell-wsus-approval-between-targets/feed/ 0