Vista Forums - View Single Post - Powershell, WSUS, Execute Multiple Approvals per client computer

10-06-2008

Brilliant! I think I'm pretty close now.

In the WSUS console if you highlight a computer in the Summary pane you have
'Updates Needed' and clicking the link gives you a report on which updates
are required on the machine.

In the stuff you have just done there are results for

Approved: Yes or No
Installed: Yes or No
etc

but I can't see anything for Updates Needed?

If I can just get this then I will have my goal of:

- Get details for a particular computer
- Filter the results to only show those updates needed
- Approve all the updates returned in the filter to a particular computer
group.

Thanks!
Jonathan

"Shay Levy [MVP]" wrote:

Quote:

> Hello jmedd,
>
> This is what I
> [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
>
>
> $updateServer = "serverName"
> $machineName = "machineName"
> $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($updateServer,$false)
> $com = $wsus.GetComputerTargetByName($machineName)
>
> # get info for the specified machineName
> PS > $com
>
> UpdateServer : Microsoft.UpdateServices.Internal.BaseApi.UpdateServer
> Id : 687b433f-18c0-45c0-8dbb-0f45a484d73e
> FullDomainName : serverName
> IPAddress : 10.4.90.135
> Make : HP
> Model : ProLiant BL460c G1
> BiosInfo : Microsoft.UpdateServices.Administration.BiosInfo
> OSInfo : Microsoft.UpdateServices.Administration.OSInfo
> OSArchitecture : x86
> ClientVersion : 7.1.6001.65
> OSFamily : Windows
> OSDescription : Windows Server 2003 Enterprise Edition
> ComputerRole : Server
> LastSyncTime : 10/09/2008 11:52:50
> LastSyncResult : Succeeded
> LastReportedStatusTime : 10/09/2008 12:07:48
> LastReportedInventoryTime : 01/01/0001 00:00:00
> RequestedTargetGroupName :
> RequestedTargetGroupNames : {}
> ComputerTargetGroupIds : {b73ca6ed-5727-47f3-84de-015e03f6a88a, a0a08746-4dbe-4a37-9adf-9e7652c0b421}
> ParentServerId : 00000000-0000-0000-0000-000000000000
> SyncsFromDownstreamServer : False
>
>
> # get installation summary
> PS > $com.GetUpdateInstallationSummary()
>
> UnknownCount : 44
> NotApplicableCount : 2131
> NotInstalledCount : 15
> DownloadedCount : 0
> InstalledCount : 40
> InstalledPendingRebootCount : 0
> FailedCount : 0
> IsSummedAcrossAllUpdates : True
> UpdateId : 00000000-0000-0000-0000-000000000000
> ComputerTargetGroupId : 00000000-0000-0000-0000-000000000000
> ComputerTargetId : 687b433f-18c0-45c0-8dbb-0f45a484d73e
> LastUpdated : 05/10/2008 12:59:27
>
>
> # updates report sample output
> PS > $com.GetUpdateInstallationInfoPerUpdate()
>
> UpdateServer : Microsoft.UpdateServices.Internal.BaseApi.UpdateServer
> UpdateInstallationState : NotApplicable
> UpdateApprovalAction : Install
> UpdateApprovalTargetGroupId : a0a08746-4dbe-4a37-9adf-9e7652c0b421
> ComputerTargetId : 687b433f-18c0-45c0-8dbb-0f45a484d73e
> UpdateId : 1847ae6d-8360-4e5a-9d15-da82b24deffd
>
>
>
> You can translate an UpdateId guid to its object like so:
>
> PS > $upd = $com.GetUpdateInstallationInfoPerUpdate()
> PS 42> $wsus.GetUpdate($upd[0].updateid)
>
>
> UpdateServer : Microsoft.UpdateServices.Internal.BaseApi.UpdateServer
> Id : Microsoft.UpdateServices.Administration.UpdateRevisionId
> Title : Windows XP Update Package, October 25,
> 2001
> Description : This update resolves all critical issues
> that were found in Windows XP between Aug
> ust 2001 and October 2001, and is discussed
> in Microsoft Knowledge Base (KB) Artic
> le Q309521. Among the updates included
> in this package are several that eliminate
> security vulnerabilities. Download now
> to ensure that you have all the latest crit
> ical updates for Windows XP.
> LegacyName : q309521_xp_4973
> MsrcSeverity : Unspecified
> KnowledgebaseArticles : {309521}
> SecurityBulletins : {}
> AdditionalInformationUrls : {http://www.download.windowsupdate.co...TF/en/4973.htm
> }
> ReleaseNotes :
> UpdateClassificationTitle : Critical Updates
> CompanyTitles : {Microsoft}
> ProductTitles : {Windows XP}
> ProductFamilyTitles : {Windows}
> IsLatestRevision : True
> HasEarlierRevision : False
> Size : 0
> CreationDate : 18/02/2003 21:28:13
> ArrivalDate : 11/06/2008 09:11:51
> UpdateType : Software
> PublicationState : Published
> InstallationBehavior : Microsoft.UpdateServices.Administration.InstallationBehavior
> UninstallationBehavior : Microsoft.UpdateServices.Administration.InstallationBehavior
> IsBeta : False
> HasStaleUpdateApprovals : False
> IsApproved : True
> IsDeclined : False
> DefaultPropertiesLanguage :
> HasLicenseAgreement : False
> RequiresLicenseAgreementAcceptance : False
> State : Ready
> HasSupersededUpdates : False
> IsSuperseded : True
> IsWsusInfrastructureUpdate : False
> IsEditable : False
> UpdateSource : MicrosoftUpdate
>
>
>
>
>
>
> ---
> Shay Levy
> Windows PowerShell MVP
> http://blogs.microsoft.co.il/blogs/ScriptFanatic
> PowerShell Toolbar: http://tinyurl.com/PSToolbar
>
>
> j> Awesome, that is taking it a lot further than I was getting. Thanks
> j> so much.
> j>
> j> The further steps I need to take it are:
> j>
> j> 1) Be able to specify a particular client machine
> j> 2) Find only updates which are not approved for that machine
> j> 3) Approve all the updates which are approved for that machine
> j> specifying a
> j> particular computer target group for the approval.
> j> If I can get that, it will save me hours, maybe days of work!
> j>
> j> Thanks
> j> Jonathan
> j> "Shay Levy [MVP]" wrote:
> j>

Quote:

> >> Hello jmedd,
> >>
> >> I was able to run this and get results:
> >>
> >> [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateSer
> >> vices.Administration")
> >>
> >> $updateServer = "updateServerName"
> >> $wsus =
> >> [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer
> >> ($updateServer,$false)
> >> $computerScope = new-object
> >> Microsoft.UpdateServices.Administration.ComputerTargetScope
> >> $computerScope.includedInstallationStates = "Installed,NotInstalled"
> >>
> >> $updateScope = new-object
> >> Microsoft.UpdateServices.Administration.UpdateScope
> >> $updateScope.includedInstallationStates = "Installed,NotInstalled"
> >>
> >> $wsus.getComputerTargets($ComputerScope) | foreach {
> >>
> >> $machine = $_
> >> $fdn = @{n="FullDomainName";e={$machine.fullDomainName}}
> >> $_.getUpdateInstallationInfoPerUpdate($updateScope) | foreach {
> >> $updateId = $wsus.getUpdate($_.updateId)
> >> $updateId | select
> >> $fdn,Title,UpdateType,IsApproved,IsDeclined,KnowledgebaseArticles
> >> }
> >> }
> >> Here's the first item output:
> >>
> >> FullDomainName : serverName.domain
> >> Title : Cumulative Security Update for Outlook
> >> Express for
> >> Windows Server 2003 (KB929123)
> >> UpdateType : Software
> >> IsApproved : True
> >> IsDeclined : False
> >> KnowledgebaseArticles : {929123}
> >> HTH
> >>
> >> ---
> >> Shay Levy
> >> Windows PowerShell MVP
> >> http://blogs.microsoft.co.il/blogs/ScriptFanatic
> >> PowerShell Toolbar: http://tinyurl.com/PSToolbar
> >> j> I need to approve around 100 updates for a client computer in
> >> WSUS.
> >> j> Using the WSUS console for this is impracticle since its involves
> >> j> about 5 - 6 clicks per update, so naturally I am looking to
> >> j> Powershell for a solution.
> >> j>
> >> j> There are some sample scripts for managing WSUS 3.0 at the script
> >> j> center.
> >> j>
> >> j>
> >> http://www.microsoft.com/technet/scr...us/server/defa
> >> j> ult.mspx?mfr=true
> >> j>
> >> j> Basically what I need to do is for a particular computer find
> >> which
> >> j> updates need approving and then approve them all for a particular
> >> j> WSUS computer group in one go.
> >> j>
> >> j> So far I have:
> >> j>
> >> j>
> >> [reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.
> >> j> Administration") | out-null
> >> j> if (!$wsus) {
> >> j> $wsus =
> >> j>
> >> [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer
> >> j> ();
> >> j> }
> >> j>
> >> j> $wsus.GetComputerTargets()
> >> j>
> >> j> This basically returns a lot of info about the computers, but
> >> nothing
> >> j> to do with approvals.
> >> j>
> >> j> Similarly the following gives you a load of info about the updates
> >> j> including whether they are approved or not, but does not tell you
> >> j> which group they are approved for.
> >> j>
> >> j>
> >> [reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.
> >> j> Administration") | out-null
> >> j> if (!$wsus) {
> >> j> $wsus =
> >> j>
> >> [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer
> >> j> ();
> >> j> }
> >> j>
> >> j> $updateScope = new-object
> >> j> Microsoft.UpdateServices.Administration.UpdateScope;
> >> j> $updateScope.UpdateApprovalActions =
> >> j>
> >> [Microsoft.UpdateServices.Administration.UpdateApprovalActions]::Inst
> >> j> all `
> >> j> -bor
> >> j>
> >> [Microsoft.UpdateServices.Administration.UpdateApprovalActions]::Unin
> >> j> stall
> >> j> $wsus.GetUpdates($updateScope)
> >> j>
> >> j> Exchanging the last line for
> >> j>
> >> j> $wsus.GetUpdateApprovals($updateScope)
> >> j>
> >> j> gets you some approval info, but not quite what I'm looking for.
> >> j>
> >> j> Anyone willing to assist would be most appreciated.
> >> j>

>
>
>

10-06-2008	#7 (permalink)
jmedd n/a posts	Re: Powershell, WSUS, Execute Multiple Approvals per client comput Brilliant! I think I'm pretty close now. In the WSUS console if you highlight a computer in the Summary pane you have 'Updates Needed' and clicking the link gives you a report on which updates are required on the machine. In the stuff you have just done there are results for Approved: Yes or No Installed: Yes or No etc but I can't see anything for Updates Needed? If I can just get this then I will have my goal of: - Get details for a particular computer - Filter the results to only show those updates needed - Approve all the updates returned in the filter to a particular computer group. Thanks! Jonathan "Shay Levy [MVP]" wrote: Quote: > Hello jmedd, > > This is what I > [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") > > > $updateServer = "serverName" > $machineName = "machineName" > $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($updateServer,$false) > $com = $wsus.GetComputerTargetByName($machineName) > > # get info for the specified machineName > PS > $com > > UpdateServer : Microsoft.UpdateServices.Internal.BaseApi.UpdateServer > Id : 687b433f-18c0-45c0-8dbb-0f45a484d73e > FullDomainName : serverName > IPAddress : 10.4.90.135 > Make : HP > Model : ProLiant BL460c G1 > BiosInfo : Microsoft.UpdateServices.Administration.BiosInfo > OSInfo : Microsoft.UpdateServices.Administration.OSInfo > OSArchitecture : x86 > ClientVersion : 7.1.6001.65 > OSFamily : Windows > OSDescription : Windows Server 2003 Enterprise Edition > ComputerRole : Server > LastSyncTime : 10/09/2008 11:52:50 > LastSyncResult : Succeeded > LastReportedStatusTime : 10/09/2008 12:07:48 > LastReportedInventoryTime : 01/01/0001 00:00:00 > RequestedTargetGroupName : > RequestedTargetGroupNames : {} > ComputerTargetGroupIds : {b73ca6ed-5727-47f3-84de-015e03f6a88a, a0a08746-4dbe-4a37-9adf-9e7652c0b421} > ParentServerId : 00000000-0000-0000-0000-000000000000 > SyncsFromDownstreamServer : False > > > # get installation summary > PS > $com.GetUpdateInstallationSummary() > > UnknownCount : 44 > NotApplicableCount : 2131 > NotInstalledCount : 15 > DownloadedCount : 0 > InstalledCount : 40 > InstalledPendingRebootCount : 0 > FailedCount : 0 > IsSummedAcrossAllUpdates : True > UpdateId : 00000000-0000-0000-0000-000000000000 > ComputerTargetGroupId : 00000000-0000-0000-0000-000000000000 > ComputerTargetId : 687b433f-18c0-45c0-8dbb-0f45a484d73e > LastUpdated : 05/10/2008 12:59:27 > > > # updates report sample output > PS > $com.GetUpdateInstallationInfoPerUpdate() > > UpdateServer : Microsoft.UpdateServices.Internal.BaseApi.UpdateServer > UpdateInstallationState : NotApplicable > UpdateApprovalAction : Install > UpdateApprovalTargetGroupId : a0a08746-4dbe-4a37-9adf-9e7652c0b421 > ComputerTargetId : 687b433f-18c0-45c0-8dbb-0f45a484d73e > UpdateId : 1847ae6d-8360-4e5a-9d15-da82b24deffd > > > > You can translate an UpdateId guid to its object like so: > > PS > $upd = $com.GetUpdateInstallationInfoPerUpdate() > PS 42> $wsus.GetUpdate($upd[0].updateid) > > > UpdateServer : Microsoft.UpdateServices.Internal.BaseApi.UpdateServer > Id : Microsoft.UpdateServices.Administration.UpdateRevisionId > Title : Windows XP Update Package, October 25, > 2001 > Description : This update resolves all critical issues > that were found in Windows XP between Aug > ust 2001 and October 2001, and is discussed > in Microsoft Knowledge Base (KB) Artic > le Q309521. Among the updates included > in this package are several that eliminate > security vulnerabilities. Download now > to ensure that you have all the latest crit > ical updates for Windows XP. > LegacyName : q309521_xp_4973 > MsrcSeverity : Unspecified > KnowledgebaseArticles : {309521} > SecurityBulletins : {} > AdditionalInformationUrls : {http://www.download.windowsupdate.co...TF/en/4973.htm > } > ReleaseNotes : > UpdateClassificationTitle : Critical Updates > CompanyTitles : {Microsoft} > ProductTitles : {Windows XP} > ProductFamilyTitles : {Windows} > IsLatestRevision : True > HasEarlierRevision : False > Size : 0 > CreationDate : 18/02/2003 21:28:13 > ArrivalDate : 11/06/2008 09:11:51 > UpdateType : Software > PublicationState : Published > InstallationBehavior : Microsoft.UpdateServices.Administration.InstallationBehavior > UninstallationBehavior : Microsoft.UpdateServices.Administration.InstallationBehavior > IsBeta : False > HasStaleUpdateApprovals : False > IsApproved : True > IsDeclined : False > DefaultPropertiesLanguage : > HasLicenseAgreement : False > RequiresLicenseAgreementAcceptance : False > State : Ready > HasSupersededUpdates : False > IsSuperseded : True > IsWsusInfrastructureUpdate : False > IsEditable : False > UpdateSource : MicrosoftUpdate > > > > > > > --- > Shay Levy > Windows PowerShell MVP > http://blogs.microsoft.co.il/blogs/ScriptFanatic > PowerShell Toolbar: http://tinyurl.com/PSToolbar > > > j> Awesome, that is taking it a lot further than I was getting. Thanks > j> so much. > j> > j> The further steps I need to take it are: > j> > j> 1) Be able to specify a particular client machine > j> 2) Find only updates which are not approved for that machine > j> 3) Approve all the updates which are approved for that machine > j> specifying a > j> particular computer target group for the approval. > j> If I can get that, it will save me hours, maybe days of work! > j> > j> Thanks > j> Jonathan > j> "Shay Levy [MVP]" wrote: > j> Quote: Quote: > >> Hello jmedd, > >> > >> I was able to run this and get results: > >> > >> [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateSer > >> vices.Administration") > >> > >> $updateServer = "updateServerName" > >> $wsus = > >> [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer > >> ($updateServer,$false) > >> $computerScope = new-object > >> Microsoft.UpdateServices.Administration.ComputerTargetScope > >> $computerScope.includedInstallationStates = "Installed,NotInstalled" > >> > >> $updateScope = new-object > >> Microsoft.UpdateServices.Administration.UpdateScope > >> $updateScope.includedInstallationStates = "Installed,NotInstalled" > >> > >> $wsus.getComputerTargets($ComputerScope) \| foreach { > >> > >> $machine = $_ > >> $fdn = @{n="FullDomainName";e={$machine.fullDomainName}} > >> $_.getUpdateInstallationInfoPerUpdate($updateScope) \| foreach { > >> $updateId = $wsus.getUpdate($_.updateId) > >> $updateId \| select > >> $fdn,Title,UpdateType,IsApproved,IsDeclined,KnowledgebaseArticles > >> } > >> } > >> Here's the first item output: > >> > >> FullDomainName : serverName.domain > >> Title : Cumulative Security Update for Outlook > >> Express for > >> Windows Server 2003 (KB929123) > >> UpdateType : Software > >> IsApproved : True > >> IsDeclined : False > >> KnowledgebaseArticles : {929123} > >> HTH > >> > >> --- > >> Shay Levy > >> Windows PowerShell MVP > >> http://blogs.microsoft.co.il/blogs/ScriptFanatic > >> PowerShell Toolbar: http://tinyurl.com/PSToolbar > >> j> I need to approve around 100 updates for a client computer in > >> WSUS. > >> j> Using the WSUS console for this is impracticle since its involves > >> j> about 5 - 6 clicks per update, so naturally I am looking to > >> j> Powershell for a solution. > >> j> > >> j> There are some sample scripts for managing WSUS 3.0 at the script > >> j> center. > >> j> > >> j> > >> http://www.microsoft.com/technet/scr...us/server/defa > >> j> ult.mspx?mfr=true > >> j> > >> j> Basically what I need to do is for a particular computer find > >> which > >> j> updates need approving and then approve them all for a particular > >> j> WSUS computer group in one go. > >> j> > >> j> So far I have: > >> j> > >> j> > >> [reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices. > >> j> Administration") \| out-null > >> j> if (!$wsus) { > >> j> $wsus = > >> j> > >> [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer > >> j> (); > >> j> } > >> j> > >> j> $wsus.GetComputerTargets() > >> j> > >> j> This basically returns a lot of info about the computers, but > >> nothing > >> j> to do with approvals. > >> j> > >> j> Similarly the following gives you a load of info about the updates > >> j> including whether they are approved or not, but does not tell you > >> j> which group they are approved for. > >> j> > >> j> > >> [reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices. > >> j> Administration") \| out-null > >> j> if (!$wsus) { > >> j> $wsus = > >> j> > >> [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer > >> j> (); > >> j> } > >> j> > >> j> $updateScope = new-object > >> j> Microsoft.UpdateServices.Administration.UpdateScope; > >> j> $updateScope.UpdateApprovalActions = > >> j> > >> [Microsoft.UpdateServices.Administration.UpdateApprovalActions]::Inst > >> j> all ` > >> j> -bor > >> j> > >> [Microsoft.UpdateServices.Administration.UpdateApprovalActions]::Unin > >> j> stall > >> j> $wsus.GetUpdates($updateScope) > >> j> > >> j> Exchanging the last line for > >> j> > >> j> $wsus.GetUpdateApprovals($updateScope) > >> j> > >> j> gets you some approval info, but not quite what I'm looking for. > >> j> > >> j> Anyone willing to assist would be most appreciated. > >> j> > > >
My System Specs