Install, Configure WSUS on Windows Server 2012 R2 and Approve Patches using Powershell – Part 2

Welcome back !! Yesterday we Installed, Configured WSUS and Synchronized our WSUS on Windows Server 2012 R2 using Powershell. Here is the link to it just in-case you missed it : Install, Configure WSUS on Windows Server 2012 R2 and Approve Patches using Powershell – Part 1
Today, we’ll learn how to Approve or Decline a list of Updates/Patches. Yes you read it right, I will show you how to do that using Powershell and before we conclude will show you some bonus command that you might find very useful.
Lets get started, by now the synchronization we started in the last post must have completed.
Let us approve some updates, I usually have a list of KB Numbers that I want to approve for specific Products/OS. I also exclude Itanium-based Updates, don’t think any one uses that. Have never seen an Itanium-based system in my 11 years of IT.
 We will save the list of KB Numbers into a text file and use the below Powershell Script to Approve them to “All Computers” Target Group. The script has 2 mandatory parameters -ProductName and -Path. I have two separate list of KB to approve for Windows Server 2008 R2 and Windows Server 2012 R2. -ProductName helps me to specify the Product. -Path helps to specify the file that contains the KB List. Have saved this script as “Approve-KBList.ps1”
[cmdletbinding()]
param(
   [Parameter(
   Mandatory = $True,
   Position=1)]
   [string]$ProductName,
   [Parameter(
   Mandatory = $True)]
   [string]$Path
   )
if(!(Test-Path -Path $Path))
   {
   Write-Verbose "$Path - File Does NOT Exist..!!" -Verbose
   Break
   }
else
   {
   $ApprovedKBs = Get-Content -Path $Path
   Write-Verbose "Processing Updates to Approve for $ProductName.. Please Wait.. This may take some time.." -Verbose
   Foreach ($ApprovedKB in $ApprovedKBs)
      {
      Get-WsusUpdate -Approval Unapproved | where {($_.update.title -match $ProductName) `
      -and ($_.update.title -match $ApprovedKB) `
      -and ($_.update.title -notmatch "Itanium-based")} `
      | Approve-WsusUpdate -Action Install -TargetGroupName "All Computers" –Verbose
      }
   Write-Verbose "Approved the updates for $ProductName" -Verbose
   }

WSUS_ApproveKB

We have now successfully approved a List KB for Windows Server 2008 R2.
Next lets Decline a few KB, We would use the below script to achieve that. The script has 2 mandatory parameters -ProductName and -DeclineKBs. -ProductName helps to specify the Product. -DeclineKBs helps to specify multiple KB Numbers separated by comma. Have saved this script as “Decline-KB.ps1”
[cmdletbinding()]
param(
   [Parameter(
   Mandatory = $True,
   Position=1)]
   [string]$ProductName,
   [Parameter(
   Mandatory = $True)]
   [string[]]$DeclineKBs
   )
Write-Verbose "Processing Updates to Decline for $ProductName.. Please Wait.. This may take some time.." -Verbose
Foreach ($DeclineKB in $DeclineKBs)
   {
   Get-WsusUpdate -Approval AnyExceptDeclined | where {($_.update.title -match $ProductName) `
   -and ($_.update.title -match $DeclineKB) `
   -and ($_.update.title -notmatch "Itanium-based")} `
   | Deny-WsusUpdate -Verbose
   }
Write-Verbose "Declined the updates for $ProductName" -Verbose

WSUS_DeclineKB

And that is how you Install, Configure WSUS on Windows Server 2012 R2 and Approve or Decline Patches using Powershell.

Now as promised here are the Bonus Command:

Create Computer Target called “Infrastructure Servers”
#Get WSUS Server Name
$WSUS = Get-WSUSServer
#Create Computer Target Group
$WSUS.CreateComputerTargetGroup("Infrastructure Servers")
Configure Automatic Synchronizations and Set synchronization scheduled for midnight each night
# Get WSUS Server Name
$WSUS = Get-WSUSServer
# Get WSUS Server Subscription Information
$WSUSSubScrip = $WSUS.GetSubscription()
# Configure Automatic Synchronizations
$WSUSSubScrip.SynchronizeAutomatically=$true
# Set synchronization scheduled for midnight each night
$WSUSSubScrip.SynchronizeAutomaticallyTimeOfDay= (New-TimeSpan -Hours 0)
$WSUSSubScrip.NumberOfSynchronizationsPerDay=1
$WSUSSubScrip.Save()
Only thing we had not done is Install Microsoft Report Viewer 2008 SP1 and .NET Framework 3.5 which is a prerequisite. So before we wrap this series up here is how you would do it using Powershell.
Install-WindowsFeature -Name NET-Framework-Core -Verbose
Write-Verbose  "Downloading Microsoft Report Viewer" -Verbose
$url = "http://download.microsoft.com/download/3/a/e/3aeb7a63-ade6-48c2-9b6a-d3b6bed17fe9/ReportViewer.exe"
$TempDir = "${env:SystemDrive}" + "\Temp"
$CFld = New-Item -Force -ItemType directory -Path $TempDir
$output = "$TempDir\ReportViewer2008SP1.exe"
$webcli = New-Object System.Net.WebClient
$webcli.DownloadFile($url, $output)
Write-Verbose  "Download Complete" -Verbose
Write-Verbose  "Installing Microsoft Report Viewer" -Verbose
Start-Process -FilePath $output -Verb RunAs -ArgumentList '/q' -Wait
$RepVwr = Get-WmiObject -Class:Win32_Product -Filter "Name LIKE '%Microsoft Report Viewer%'" | Select-Object -ExpandProperty Name
Write-Verbose  "$RepVwr INSTALLED..!!" -Verbose

WSUS_MSReportViewer

There you have it. Hope you enjoyed this series.

!! Preenesh

Advertisements
This entry was posted in Powershell and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s