Thursday, April 13, 2017

70-411 WSUS and PowerShell


70-411 WSUS and PowerShell by edgoad

####################################################### 
#Install WSUS 
Install-WindowsFeature UpdateServices -IncludeManagementTools 

#Initial configuration 
New-Item c:\WSUScontent -ItemType Directory  
& 'C:\Program Files\Update Services\Tools\WsusUtil.exe' postinstall contentdir=c:\WSUScontent  

#Review synchronization settings 
$myWsus = Get-WsusServer  
$myWsus.GetSubscription() 

#Initial synchronization  
$mySubs = $myWsus.GetSubscription()  
$mySubs.StartSynchronizationForCategoryOnly() 

#Sync status 
$mySubs.GetSynchronizationProgress()   
$mySubs.GetSynchronizationStatus()   
$mySubs.GetLastSynchronizationInfo()  

####################################################### 
#Define the product categories to include 
$myProducts = Get-WsusProduct | Where-Object { $_.Product.Title -in ( 'Windows 8.1', 'Windows Server 2012 R2')}  
$myProducts | Set-WsusProduct 
  
#Define the update classifications to include 
$myClass = Get-WsusClassification | Where-Object { $_.Classification.Title -in ('Security Updates', 'Critical Updates', 'Definition Updates')}  
$myClass | Set-WsusClassification 


######################################################## 
#Create the computer group  
$myWsus.CreateComputerTargetGroup("Desktops") 
$myWsus.CreateComputerTargetGroup("Servers") 


####################################################### 
#Setup automatic synchronization 
$mysubs = $myWsus.GetSubscription()  
$mysubs.SynchronizeAutomatically = $true  
$mysubs.NumberOfSynchronizationsPerDay = 1  
$mysubs.Save() 

####################################################### 
#Create the auto-approval rule 
$myWsus = Get-WsusServer 
$myRule = $myWsus.CreateInstallApprovalRule("Desktops") 
  
#Define a deadline 
#$myDeadline = New-Object Microsoft.UpdateServices.Administration.AutomaticUpdateApprovalDeadline 
#$myDeadline.DayOffset = 3 
#$myDeadline.MinutesAfterMidnight = 180 
#$myRule.Deadline = $myDeadline 

#Add update classifications to the rule 
$myClass = $myRule.GetUpdateClassifications() 
$myClass.Add(($myWsus.GetUpdateClassifications() | Where-Object Title -eq 'Critical Updates')) 
$myClass.Add(($myWsus.GetUpdateClassifications() | Where-Object Title -eq 'Security Updates')) 
$myRule.SetUpdateClassifications($myClass) 

#Assign the rule to a computer group 
$myGroups = New-Object Microsoft.UpdateServices.Administration.ComputerTargetGroupCollection 
$myGroups.Add(($myWsus.GetComputerTargetGroups() | Where-Object Name -eq "Desktops")) 
$myRule.SetComputerTargetGroups($myGroups) 

#Enable and save the rule 
$myRule.Enabled = $true 
$myRule.Save() 

####################################################### 
#Initiate synchronization 
$mySubs = $myWsus.GetSubscription() 
$mySubs.StartSynchronization()  

No comments: