Computer Tabular Status for Approved Updates report in WSUS in Powershell

When you have many WSUS-servers with central server in your organization, it might be very difficult of getting reports from computers.

Once I was needed in script to show me, at which computers I dont have approved updates installed. There is a report in WSUS console that can give me such info (it called Computer Tabular Status for Approved Updates), but I was not able to go to every WSUS-server and run this report. Its a very weird task when you have 5-10-15 of WSUS-servers.

 

I wrote a script in Powershell that will automate the task of getting reports from WSUS.

The best you can do - is to run script on the central WSUS-server as it getting all information about all computers from branch WSUS-server in organization. But of course you can run it on any server. In this case you will get report only about computers that connected to the specific server.

 

Script has three variables. The first - is the domain name in Active Directory. For example, if you have domain like domain1.domain.local, the parameter must be the domain1. This is the domain that we will audit. If you have only one domain, you can hardcode it on line #3.

Also, you must specify FQDN of your WSUS-server. Thats one line #8.

After scanning, script will export report to csv-file to the path which you will customize on line #5.

#cls
$datetime = Get-Date -Format "yyyy.MM.dd_HH-mm-ss";
$domain = $args[0];
$file_name = "wsus_audit_result_" + $domain + "_" + $datetime + ".csv";
$xl_filename = "c:\audit\" + $file_name;

[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer('wsus10.domain.local',$False)

$computerscope = New-Object Microsoft.UpdateServices.Administration.ComputerTargetScope
$computerscope.IncludeSubgroups = $true;
$computerscope.IncludeDownstreamComputerTargets = $true;
$computerscope.IncludedInstallationStates = [Microsoft.UpdateServices.Administration.UpdateInstallationStates] "Failed, NotInstalled, Downloaded";

$updates = $wsus.GetUpdates() | where {$_.IsApproved -eq $true};

$array = @{};
foreach ($update in $updates) {
	$temp = $update.GetUpdateInstallationInfoPerComputerTarget($ComputerScope) | where {$_.UpdateApprovalAction -eq "Install"}
		
	if ($temp -ne $null) {
		foreach ($item in $temp) {
			$array.($wsus.GetComputerTarget([guid]$item.ComputerTargetId).FulldomainName)++;
		}
	}
}

$export_array = @();
$export_array += ,@("");$export_array += ,@("");

$i = 1;
foreach ($key in $array.Keys) {
	if ($key.split(".")[1] -eq $domain.split(".")[0]) {
		$export_array += ,@($key.Split(".")[0], $key.Split(".")[1], $array.$key);
	}
}

echo "Saving report ...";
foreach($item1 in $export_array)  
{  
	$csv_string = "";
	foreach($item in $item1)
	{
		$csv_string = $csv_string + $item + ";";
	}
	Add-Content $xl_filename $csv_string;
}  

 

Script running a little bit slowly, because it queries every PC registered in WSUS through HTTP-protocol. That's a very slow procedure, so prepare to wait.

 

And one more thing...

Dont try to run script on any server or computer. It will work correctly only on the server where WSUS-console is installed.

script (en), wsus, powershell (en)

  • Hits: 30434
Add comment

Comments  
Issues
Hi,

I receive the following error, are you able to point me to a resolution?

Exception calling "GetUpdates" with "0" argument(s): "The operation has timed out"
At C:\Users\Userx\Desktop\WSUSS.ps1:16 char:1
+ $updates = $wsus.GetUpdates() | where {$_.IsApproved -eq $true};
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WebException
RE: Issues
Hi!

The most possible reason for this issue is very large amount of updates objects in the WSUS-server.

I already had this issue, and to solve is, I had to decline a number of "old" update and clean database (it's from WSUS console).
Erro
Recebi este erro:
Exception calling "GetUpdateServer" with "2" argument(s): "Invalid URI: Invalid port specified."
At C:\Users\diones.ferreira\Documents\extracaowsus.ps1:8 char:1
+ $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpda ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : UriFormatException

You cannot call a method on a null-valued expression.
At C:\Users\diones.ferreira\Documents\extracaowsus.ps1:15 char:1
+ $updates = $wsus.GetUpdates() | where {$_.IsApproved -eq $true};
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
RE: Erro
Quoting Diones:
Recebi este erro:
Exception calling "GetUpdateServer" with "2" argument(s): "Invalid URI: Invalid port specified."
At C:\Users\diones.ferreira\Documents\extracaowsus.ps1:8 char:1
+ $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpda ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : UriFormatException

You cannot call a method on a null-valued expression.
At C:\Users\diones.ferreira\Documents\extracaowsus.ps1:15 char:1
+ $updates = $wsus.GetUpdates() | where {$_.IsApproved -eq $true};
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull


Hi!

Is your WSUS server use some specific port?
https://docs.microsoft.com/en-us/previous-versions/windows/desktop/aa349325(v=vs.85)

Try to update 8th string with something like:
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer('wsus10.domain.local',$False, 80)

where 80 - port number. Put yours there.

Related Articles