Each PowerShell module developer team, which includes the various feature teams inside the overall Windows Server product team, approach their problem domains slightly differently. Their product, their PowerShell module, has a certain usage style.
An important stylistic difference is the balance between cmdlets and object method calls. For some modules, you manage the service totally through cmdlets. The DNSServer
and DHCPServer
modules are examples of this.
The Windows Update module, on the other hand, makes use of method calls to perform the desired administrative task, such as approving or declining a specific update. Thus, many administrative functions are performed via method calls rather than cmdlets.
This recipe shows you how you can make use of the UpdateServer
object and its rich collections of methods.
This recipe runs on WSUS1
, a WSUS server that you set up in the previous recipes in this chapter. You can certainly adapt this recipe to use your own local WSUS server.
WSUS1
, open a session on the WSUS1
host and check overall status:$WSUSServer = Get-WsusServer $WSUSServer.GetStatus()
$WSUSServer.GetComputerTargets() | Sort-Object -Property FullDomainName | Format-Table -Property FullDomainName, IPAddress, Last*
Get-Member
, reviewing the properties and methods of the Microsoft.UpdateServices.Internal.BaseApi.Update
object:$ST = 'Windows Server 2016' $SU = 'Security Updates' $SecurityUpdates = $WSUSServer.SearchUpdates($ST) | Where-Object UpdateClassificationTitle -eq $SU | Sort-Object -Property CreationDate -Descending
WSUS1
:$SecurityUpdates | Sort-Object -Property Title | Select-Object -First 10 | Format-Table -Property Title, Description
$SelectedUpdate = $SecurityUpdates | Where-Object KnowledgebaseArticles -eq 3194798
$DCTargetGroup = $WSUSServer.GetComputerTargetGroups() | Where-Object -Property Name -eq 'Domain Controllers'
$SelectedUpdate.Approve('Install',$DCTargetGroup)
$DeclinedUpdate = $SecurityUpdates | Where-Object -Property KnowledgebaseArticles -eq 4020821
$DeclinedUpdate.Decline($DCTargetGroup)
In step 1, you use the Get-WsusServer
cmdlet to return an UpdateServer
object. This object and its methods are at the core of automating WSUS. You then use the GetStatus()
method to return the status of your WSUS server, which looks like this:
In step 2, you use the GetComputerTargets()
method to get the host computers served by your WSUS server, which looks like this:
In step 3, you use the SearchUpdates()
method to get the security updates for hosts running Windows Server 2016. This step produces no output.
In step 4, you review the first 10 security updates, which looks like this:
In step 5, which produces no output, you select a specific update, based on a KB article number. In step 6, you define a target group to which to apply the selected update. This step produces no output.
In step 7, you approve this selected patch for installation for all Domain Controllers
computer target group. The output of this step looks like this:
In step 8, you select an update that you wish not to install. This step produces no output. In step 9, you decline the update for the Domain Controllers
computer target group.
In step 3, you examined the security updates for Windows Server 2016. You could also have looked for any Updates
or Critical Updates
. You can also vary the value of the $ST
parameter to search for different targets, such as Windows 10
or Office
.
In step 5, you selected a specific update. If you are an IT Pro responsible for Windows Update Services inside your organization, you need to keep up to date on critical updates so you can deploy urgent patches as quickly as possible.
In step 9, you declined a specific update for one computer target group. As you administer WSUS, you are likely to discover certain updates that can be declined since they do not impact certain target groups. Keeping on top of which patches to approve or decline can be a lot of work, but is vital to ensure that your systems are updated promptly.
18.118.2.15