8 August, 2017
How to get a report of Computers needing Approved Updates from WSUS using PowerShell
For some reason, Microsoft didn't include a predefined report in WSUS to show me the list of computers that are needing Approved updates... which is kinda useful for reporting/tracking purposes.
So here's a quick PowerShell to do it.
$report = @{}
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer("wsussvr", $False, 8530)
$computerScope = new-object Microsoft.UpdateServices.Administration.ComputerTargetScope
$wsus.GetComputerTargetGroups() |
where {$_.Name -match "Workstations"} |
ForEach-Object {
$gid = $computerScope.ComputerTargetGroups.Add($_)
}
$updateScope = new-object Microsoft.UpdateServices.Administration.UpdateScope;
$updateScope.UpdateApprovalActions = [Microsoft.UpdateServices.Administration.UpdateApprovalActions]::Install
$updateScope.IncludedInstallationStates = @('Downloaded', 'Failed', 'InstalledPendingReboot', 'NotInstalled')
$updateScope.TextNotIncludes = 'Feature update to Windows 10 Pro'
$updateScope.TextNotIncludes = 'Definition Update for Windows Defender'
foreach ($computer in $wsus.GetComputerTargets($computerScope)) {
$key = $computer.FullDomainName
$computer.GetUpdateInstallationInfoPerUpdate($updateScope) | foreach-object {
$title = $_.GetUpdate().Title
if ($report.ContainsKey($key)) {
$report[$key] += 1
#$report[$key] += $_.GetUpdate().Title
} else {
$report[$key] = 1
#$report[$key] = @($_.GetUpdate().Title)
}
}
}
$report
$report.Count