How To Work With The WSUS PowerShell Module - TechTarget

Home » Add Computer To Wsus Group Powershell » How To Work With The WSUS PowerShell Module - TechTarget

Maybe your like

  • Home
  • Microsoft messaging and collaboration

maxkabakov - Fotolia

  • Share this item with your network:
Dan Franciscus By
  • Dan Franciscus
Published: 27 Sep 2019

In many enterprises, you use Windows Server Update Services to centralize and distribute Windows patches to end-user devices and servers.

WSUS is a free service that installs on Windows Server and syncs Windows updates locally. Clients connect to and download patches from the server. Historically, you manage WSUS with a GUI, but with PowerShell and the PoshWSUS community module, you can automate your work with WSUS for more efficiency. This article will cover how to use some of the common cmdlets in the WSUS PowerShell module, found at this link.

Connecting to a WSUS server

The first task to do with PoshWSUS is to connect to an existing WSUS server so you can run cmdlets against it. This is done with the Connect-PSWSUSServer cmdlet. The cmdlet provides the option to make a secure connection, which is normally on port 8531 for SSL.

Connect-PSWSUSServer -WsusServer wsus -Port 8531 -SecureConnection Name Version PortNumber ServerProtocolVersion ---- ------- ---------- --------------------- wsus 10.0.14393.2969 8530 1.20

View the WSUS clients

There are various cmdlets used to view WSUS client information. The most apparent is Get-PSWSUSClient, which shows client information such as hostname, group membership, hardware model and operating system type. The example below gets information on a specific machine named Test-1.

Get-PSWSUSClient Test-1 | Select-Object * ComputerGroup : {Windows 10, All Computers} UpdateServer : Microsoft.UpdateServices.Internal.BaseApi.UpdateServer Id : 94a2fc62-ea2e-45b4-97d5-10f5a04d3010 FullDomainName : Test-1 IPAddress : 172.16.48.153 Make : HP Model : HP EliteDesk 800 G2 SFF BiosInfo : Microsoft.UpdateServices.Administration.BiosInfo OSInfo : Microsoft.UpdateServices.Administration.OSInfo OSArchitecture : AMD64 ClientVersion : 10.0.18362.267 OSFamily : Windows OSDescription : Windows 10 Enterprise ComputerRole : Workstation LastSyncTime : 9/9/2019 12:06:59 PM LastSyncResult : Succeeded LastReportedStatusTime : 9/9/2019 12:18:50 PM LastReportedInventoryTime : 1/1/0001 12:00:00 AM RequestedTargetGroupName : Windows 10 RequestedTargetGroupNames : {Windows 10} ComputerTargetGroupIds : {59277231-1773-401f-bf44-2fe09ac02b30, a0a08746-4dbe-4a37-9adf-9e7652c0b421} ParentServerId : 00000000-0000-0000-0000-000000000000 SyncsFromDownstreamServer : False

WSUS usually organizes machines into groups, such as all Windows 10 machines, to apply update policies. The command below measures the number of machines in a particular group called Windows 10 with the cmdlet Get-PSWSUSClientsinGroup:

Get-PSWSUSClientsInGroup -Name 'Windows 10' | Measure-Object | Select-Object -Property Count Count ----- 86

How to manage Windows updates

With the WSUS PowerShell module, you can view, approve and decline updates on the WSUS server, a very valuable and powerful feature. The command below finds all the Windows 10 feature updates with the title "Feature update to Windows 10 (business editions)." The output shows various updates on my server for version 1903 in different languages:

Get-PSWSUSUpdate -Update "Feature update to Windows 10 (business editions)" | Select Title Title ----- Feature update to Windows 10 (business editions), version 1903, en-gb x86 Feature update to Windows 10 (business editions), version 1903, en-us arm64 Feature update to Windows 10 (business editions), version 1903, en-gb arm64 Feature update to Windows 10 (business editions), version 1903, en-us x86 Feature update to Windows 10 (business editions), version 1903, en-gb x64 Feature update to Windows 10 (business editions), version 1903, en-us x64

Another great feature of this cmdlet is it shows updates that arrived after a particular date. The following command gives the top-five updates that were downloaded in the last day:

Get-PSWSUSUpdate -FromArrivalDate (Get-Date).AddDays(-1) | Select-Object -First 5 Title KnowledgebaseArticles UpdateType CreationDate UpdateID ----- --------------------- ---------- ------------ -------- Security Update for Microso... {4475607} Software 9/10/2019 10:00:00 AM 4fa99b46-765c-4224-a037-7ab... Security Update for Microso... {4475574} Software 9/10/2019 10:00:00 AM 1e489891-3372-43d8-b262-8c8... Security Update for Microso... {4475599} Software 9/10/2019 10:00:00 AM 76187d58-e8a6-441f-9275-702... Security Update for Microso... {4461631} Software 9/10/2019 10:00:00 AM 86bdbd3b-7461-4214-a2ba-244... Security Update for Microso... {4475574} Software 9/10/2019 10:00:00 AM a56d629d-8f09-498f-91e9-572...

The approval and rejection of updates is an important part of managing Windows updates in the enterprise. The WSUS PowerShell module makes this easy to do. A few years ago, Microsoft began releasing preview updates for testing purposes. I typically want to decline these updates to avoid their installation on production machines. The following command finds every update with the string "Preview of" in the title and declines them with the Deny-PSWSUSUpdate cmdlet.

Get-PSWSUSUpdate -Update "Preview of" | Where-Object {$_.IsDeclined -eq 'False' } | Deny-PSWSUSUpdate Patch IsDeclined ----- ---------- 2019-08 Preview of Quality Rollup for .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-based Systems (KB4512193) True 2019-08 Preview of Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 (KB4512193) True 2019-08 Preview of Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 and Server 2008 R2 for x64 (KB4512193) True 2019-07 Preview of Quality Rollup for .NET Framework 2.0 on Windows Server 2008 SP2 for Itanium-based Systems (KB4512196) True 2019-08 Preview of Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 (KB4512194) True 2019-07 Preview of Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 SP2 (KB4512196) True 2019-08 Preview of Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4512195) True 2019-07 Preview of Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 SP2 for x64 (KB4512196) True

Syncing WSUS with Microsoft's servers

In the WSUS GUI, users can set up a daily synchronization between their WSUS server and the Microsoft update servers to download new updates. I like to synchronize more than once a day, especially on Patch Tuesday when you may get several updates in one day. For this reason, you can create a scheduled task that runs a WSUS sync hourly for a few hours per day. The script can be as simple as this command below:

Start-PSWSUSSync Synchronization has been started on wsus.

Performing cleanups

A WSUS server can be fickle. I have had to rebuild WSUS servers several times, and it is a pretty lengthy process because you have to download all the updates to the new server. You can avoid this process by running a cleanup on the WSUS server. The Start-PSWSUSCleanup cmdlet performs many of these important actions, such as declining superseded updates, cleanup of obsolete updates and removing obsolete computers:

Start-PSWSUSCleanup -DeclineSupersededUpdates -DeclineExpiredUpdates -CleanupObsoleteUpdates -CompressUpdates -CleanupObsoleteComputers -CleanupUnneededContentFiles Beginning cleanup, this may take some time... SupersededUpdatesDeclined : 223 ExpiredUpdatesDeclined : 0 ObsoleteUpdatesDeleted : 0 UpdatesCompressed : 4 ObsoleteComputersDeleted : 6 DiskSpaceFreed : 57848478722

Dig Deeper on Microsoft messaging and collaboration

  • How to use Windows Update for Business with Group Policy
    DamonGarn By: Damon Garn
  • The Microsoft patch management guide for admins
    AdamFowler By: Adam Fowler
  • Windows Server Update Services (WSUS)
    KinzaYasar By: Kinza Yasar
  • Windows as a service
    EddieLockhart By: Eddie Lockhart
Sponsored News
  • Backup Performance: Solved –Exagrid
  • 2023 Business Resilience Strategies –Dell Technologies
  • Avoiding the Hidden Costs of Backup –Exagrid
  • See More
Related Content
  • Windows 10 updates options to ease the process – Search Enterprise Desktop
  • What is a data rollup? – Search Business Analytics
  • WUfB vs. WSUS: Which handles Windows updates better? – SearchWindows Server
Latest TechTarget resources
  • Cloud Computing
  • Enterprise Desktop
  • Virtual Desktop
Search Cloud Computing
  • GenAI drives $119B cloud revenue in Q4

    Q4 cloud infrastructure service revenues reach $119.1 billion, bringing the 2025 total to $419 billion. See how much market share...

  • Cloud infrastructure suffers AI growing pains

    Will $5 trillion in AI infrastructure investment be enough? Cloud providers facing that question must also yield a return, ...

  • 8 reasons why IT leaders are embracing cloud repatriation

    As IT leaders aggressively re-allocate capital to fund new AI initiatives, repatriation offers both savings and greater control, ...

Search Enterprise Desktop
  • 6 reasons enterprise AI adoption starts small

    Enterprise AI adoption starts small by design, shaped by integration limits, data readiness, governance discipline and ...

  • How to build a plan for PC and desktop lifecycle management

    Organizations can choose in-house, device-as-a-service or hybrid models for desktop lifecycle management, balancing cost, ...

  • Will 2026 be the year deepfakes go mainstream?

    Deepfakes are now so easy to create that anyone with a browser can make one. With cheap tools and abundant data, 2026 could be ...

Search Virtual Desktop
  • How to configure the Remote Desktop Users group in Windows

    Managing the Remote Desktop Users group is essential for secure Windows access. IT teams should know how to configure it properly...

  • How to enable and manage Windows 11 Hyper-V

    Hyper-V virtual machines have many use cases in enterprise IT. Windows administrators should follow these steps to create new VMs...

  • Understanding the DaaS options for Macs

    When people discuss desktop as a service, it is usually in the context of Windows desktops. For macOS, however, implementing DaaS...

Close

Tag » Add Computer To Wsus Group Powershell