0

Edited for clarification: The goal is outlined in what I would like to accomplish. Now I don't know if I am headed in the right direction with this. So in a nut shell,

  1. Am I going about this correctly? (example Is this single script possible or do I need multiple scripts? Is there a better process to doing this in powershell?)
  2. How do I achieve my goal with what I have here? It only does part of what I am looking for. The part to list the computers an update should go out to and the status of the update on said computer I am struggling with.
  3. I am not expecting people to write this but help me figure it out. I can't imagine I am the first one to fit these needs, but just haven't found a similar script for assistance.

Backstory: For the last few weeks I have been teaching myself Powershell to accomplish a wsus reporting goal. I have searched everywhere trying to find a script that I could modify to fit my needs but I feel my limited skills is making that difficult. Goal: Pre-approval I am trying to generate a list of updates that are needing to be approved. (This works) But for each update I want to list out the servers who should be getting this update along with the update status. Example: Update KB12345 is needed by server1/server2/server3 and install status equals X. I am just confused as to the best way to handle this. I am ok with exporting to different file formats. TXT for the first part that lists "How many updates need to be approved" and excel for the computer status part. I started playing with computerscope but I was not able to filter it so I can get workstations vs servers. It lists everything all together. Goal: Verify Installed status I would like to run a second check against this during/after our maint window so we can confirm everything installed correctly and that report is logged in our change request for audit needs. Things I have tried: Checking each computer to see if the update was installed using a different script took way to long and was dependent on the workstation being available. Servers not so much a big deal as they are always up. Servers we can compare against locally if wsus doesn't get updated in time, but I would need to be able to run this so that I can report on the workstations for this month. (I only care about the updates being applied per month. Not outstanding or previous updates.)

I thought about splitting up this into two scripts. One that did the approval list and one that is run after comparing against a list of KB#s in a text file.

I feel this is a bit overkill but in how our SOX auditing this year has been any hiccup or concern was crazy scrutinized. #Note the "Cleanup" in my script is a local function to ISEprofile that clears everything on each run. This is removed when it is put into production.

Cleanup
[void][reflection.assembly]::LoadWithPartialName(“Microsoft.UpdateServices.Administration”)
#Connect to the WSUS Server and create the wsus object
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer(‘wsus’,$False,"8530")

#Variables
#Wsus Variables
$Arrivaldate = ”01/12/2021"
#ApprovedStatus could be the following:Any, declined, hasstaleupdateapprovals, latestrevisionapproved, notapproved
$ApprovedStatus = "notapproved"
$InstallationStatus = "NotInstalled"
#Logging Variables
$Logpath = "D:\scripts\ps1\Testing\Logs\Monthlyupdatelist.txt"



#Create a computer scope object
$computerscope = New-Object Microsoft.UpdateServices.Administration.ComputerTargetScope
#Create UpdateScope
$updatescope = New-Object Microsoft.UpdateServices.Administration.UpdateScope

#Find all clients using the computer target scope
#$wsus.GetComputerTargets($computerscope)
#$Wsus.GetComputerStatus($computerscope,[ Microsoft.UpdateServices.Administration.UpdateSources]::All)

#Find updates based on scope below. Run $updatescope alone to see all the items you can filter by.
$updatescope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::$ApprovedStatus
$updatescope.IncludedInstallationStates = [Microsoft.UpdateServices.Administration.UpdateInstallationStates]::$InstallationStatus
$updatescope.FromArrivalDate = [datetime]$Arrivaldate

Start-Transcript -Path $Logpath
#This lists how many updates are set in "all updates"
Write-Host "Number of Updates this month to approve:"$wsus.GetUpdateCount($updatescope)

$wsus.GetUpdateStatus($updatescope,$False)

#List out the updates for the month
$Updatelist = $wsus.GetUpdates($updatescope) 
$Updatelist | Select Title, UpdateClassificationTitle, KnowledgebaseArticles, ProductTitles, ArrivalDate, IsApproved, IsDeclined 


Stop-Transcript
StormySkies
  • 1
  • 1
  • 3
  • What is the question? If you're looking for a code review, please post on http://codereview.stackexchange.com/ – Mathias R. Jessen Feb 02 '21 at 17:08
  • I updated the post and hope it clarifies what my goal is. This is not a finished script as I have gotten as far as I can with it working to fit my goal so far. The next steps for looping is where I am stuck. I am in new territory myself so I apologize if this should be in another forum. – StormySkies Feb 02 '21 at 17:22

0 Answers0