To Approve a list of updates in a file for a specific group in WSUS using PowerShell


 

This script will help to read the list of update ID from a file and then approve them for a specific group

#Change server name and port number and $True if it is on SSL
[String]$updateServer1 = "CMCAS"
[Boolean]$useSecureConnection = $False
[Int32]$portNumber =8530

#Group to which you need to approve
$groupname = "CMCAS-CG"
#File where update if for the updates to be installed are saved
$path = "C:\temp\Updateid.csv"

# Load .NET assembly
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")

# Connect to WSUS Server
$updateServer = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($updateServer1,$useSecureConnection,$portNumber)
write-host "Connected sucessfully To WSUS server >>>…." -foregroundcolor "yellow"
Import-csv -path $path -Header updateid | foreach `
{
     $approveupdate =$approveupdate =$_.updateID
     $isavup= 'False'
     $u = $updateServer.GetUpdates()
     foreach ($u1 in $u )
    {
         $a=New-Object Microsoft.UpdateServices.Administration.UpdateRevisionId
         $a=$u1.id

        #checking if the update ID in question is to be approved if yes approve else loop through
            if ($a.UpdateId -eq $approveupdate)

            { 
                 $isavup= 'True'
                 $group = $updateServer.GetComputerTargetGroups() | where {$_.Name -eq $groupname}
                 $isapp=$u1.GetUpdateApprovals($group)
                 #Checking if already approved and if not approve it
                 if ($isapp.action -eq 'Install')
                 {
                 write-host "Update ID: " $a.UpdateId "For Group :" $groupname  "already approved" -foregroundcolor "yellow"
                 }
                 else
                 {                
                  write-host "Approving update " $a.UpdateId "For Group :" $groupname   -foregroundcolor "yellow"
                  $group = $updateServer.GetComputerTargetGroups() | where {$_.Name -eq $groupname}
                  $u1.Approve(“Install”,$group) | out-null
                  }
            }
    }
    if ($isavup -eq 'False')
    {
    write-host "Update ID" $approveupdate "Not in WSUS Database"   -foregroundcolor "yellow"
    }
}

#This will help to catch the exception if any and display

trap
{
write-host "Error Occurred"
write-host "Exception Message: "
write-host $_.Exception.Message
write-host $_.Exception.StackTrace
exit
}
# EOF

Sample File for input update ID

image

Output will be like this

image

Sudheesh N

This posting /Script  is provided "AS IS" with no warranties and confers no rights

UpdateApproval.zip


Comments (3)

  1. Saeldur says:

    I’m with Jobby, how can I use it using a list of KB article numbers like KB1234567? Actually what I’m really looking for is a email option to send to system admins a report of the updates that were approved. If I use the cryptic list you have above it means nothing to anyone unless I can decrypt it with readable information. I would like to format the email with the body of the message to include a table of the updates, title, classification, description, and if uninstall is supported. I’ve modified your script as best I can but when I pull the KB article number from Microsoft lookup it comes back with something like “Microsoft.UpdateServices.Administration” for the field which isn’t useful.

  2. Jobby says:

    Hi, how can i modify the script, if i have list of KB number eg
    kb1111111
    kb2222222
    kb3333333

  3. DFGS says:

    Thanks, i will try it,

Skip to main content