Out of the box, WSUS is capable of reporting update status in a number of permutations, but I always seem to need some combination that I can’t easily derive using the GUI.
I recently needed to determine the status of a particular update (KB958644) for a number of computers that spanned different WSUS groups. I knew that there was a .NET API for WSUS management and so Powershell seemed to the most appropriate tool to use. I found this script example which got me started.
After a bit of head scratching I came up with the script below. It reads a list of computer names from a plain text file (Computers.txt) and calls the GetUpdateStatus function for each computer listed, passing the computer name and update string to the function.
The GetUpdateStatus function pulls the computer object from WSUS and then attempts to locate the update specified by the string. The status of the update is then returned.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | out-null if (!$wsus) {$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer();} function GetUpdateStatus([string]$a, [string]$b) { $ComputerScope = new-object Microsoft.UpdateServices.Administration.ComputerTargetScope; $ComputerScope.NameIncludes = $a; $UpdateScope = new-object Microsoft.UpdateServices.Administration.UpdateScope; $UpdateScope.ExcludedInstallationStates = [Microsoft.UpdateServices.Administration.UpdateInstallationStates]::NotApplicable; $UpdateScope.TextIncludes = $b; $Computers = $wsus.GetComputerTargets($ComputerScope); $Computers | foreach-object{ $_.FullDomainName + " (Status @ " + $_.LastReportedStatusTime + ")" | write-host; $Updates = $_.GetUpdateInstallationInfoPerUpdate($UpdateScope); $Updates | foreach-object{ $Update = $wsus.GetUpdate($_.UpdateId); " "+$Update.Title+" {"+$_.UpdateInstallationState +"}" | write-host; } } } cls Get-Content Computers.txt | Foreach-Object {GetUpdateStatus $_ "KB958644"} |