Use PowerShell to Make WSUS Suck Less

How to use PowerShell to manage WSUS

Below, find out how to sync your WSUS server with Microsoft update, how to query all the computers your WSUS server is managing, and how to use PowerShell commands in WSUS.

1. Sync your WSUS server with Microsoft Update.

One way to remotely connect to a WSUS server is to use PowerShell remoting, so make sure that your WSUS server has this enabled. PowerShell remoting is a feature that allows you to run commands on a remote computer as if you were logged in locally. This is useful for managing WSUS servers from anywhere without having to use Remote Desktop or other tools.

To enable PowerShell remoting on a WSUS server, follow these steps. Run a command on the WSUS server to configure it to receive remote commands. You might also want to modify firewall settings to allow the computers to talk to each other. Open ports 5985 and 5986 to do so.

Now that you have enabled PowerShell remoting, connect to your WSUS server using the PowerShell cmdlet Enter-PSSession.

PS> Enter-PSSession -ComputerName WSUSSERVER
[WSUSSERVER]: PS>

Keep in mind that you’re entering an interactive remoting session to demonstrate some commands. You may also use the Invoke-Command command to automate many of these commands in a larger script.

First, determine how to query all updates currently on our WSUS server. To do that, use the Get-WsusUpdate command. When this command is run on a new WSUS server, you’ll see that nothing is returned. This is because no updates have been synchronized yet. Initiate a sync from PowerShell using the Get-WsusServer cmdlet.

(Get-WsusServer).GetSubscription().StartSynchronization()

Once complete, all updates that were configured to sync should be downloaded locally. Once you’ve ensured all patches are synced with Microsoft Update, look at all of the clients this server is currently managing updates on. 

2. Query all of the computers that your WSUS server is managing.

[WSUSSERVER]: PS C:> Get-WsusComputer

To get a full listing of all of the commands available to you, use the Get-Command command. You then can view a list of all of the WSUS commands inside of the WSUS module.

[WSUSSERVER]: PS C:> Get-Command -Module UpdateServices

Once you have your WSUS server configured the way you’d like, you can also manage the WSUS clients. Although Microsoft doesn’t give you a good option to do this via PowerShell, you can rely on the community and download a module from Github called WindowsUpdate. Once installed, this module allows you to query remote computers for installed updates, install required updates, and more. Here’s how to download and install it:

mkdir ‘C:Program FilesWindowsPowerShellModulesWindowsUpdate’
Invoke-WebRequest -Uri https://raw.githubusercontent.com/adbertram/
Random-PowerShell-Work/master/Software%20Updates/WindowsUpdate.psm1 –
OutFile ‘C:Program
FilesWindowsPowerShellModulesWindowsUpdateWindowsUpdate.psm1′

3. Use PowerShell commands in WSUS.

Once the module is installed, you’ll have multiple commands available to you.

PS C:> gcm -Module windowsupdate

Let’s say you’d like to see what updates are installed on that computer you referenced earlier on the server. To do that, use the Get-WindowsUpdate command:

PS> Get-WindowsUpdate -ComputerName client1

This task lists all of the updates that are available but are not installed. To install those updates, use the Install-WindowsUpdate command and even account for a reboot if necessary. [Related article: Installing Windows Patches with PowerShell].

PS> Install-WindowsUpdate -ComputerName client1 -ForceReboot

One of the great things about managing WSUS with PowerShell is that you can extend the functionality in any way you’d like. So, for example, you could stitch these commands together and perhaps take a list of computers from a text file, add them to a WSUS target group, and invoke an update install all in one script.

$computers = Get-Content -Path C:Computers.txt
foreach ($computer in $computers) {
    Invoke-Command -ComputerName WSUSSERVER -ScriptBlock { Add-
WsusComputer -Computer $using:computer -TargetGroupName ‘Group Here’ }
    Install-WindowsUpdate -ComputerName $computer
}

By using the PowerShell commands that Microsoft provides as well as a community resource module, you open up many possibilities. If you haven’t used PowerShell to manage WSUS yet, give it a try. You’ll see how much time you can save by automating manual processes.

More ways to use PowerShell

PowerShell is worth learning. It’s not as hard to absorb as many coding languages, and mastering it can help simplify and automate a lot of the necessary-but-unproductive IT jobs in your business. Check out our other articles below to find out more:

• PowerShell Modules: These are bundles of reusable code for specific tasks. Using modules streamlines your scripts, which makes managing and sharing them simpler.
• PowerShell Manage IIS Application Pools: This is a handy way to monitor websites and applications without having to log into the computers they’re hosted on.
• Sync Folders With PowerShell: Automated syncing of files is quicker and less prone to human error than manually copying and pasting.
• Manage File System ACLs With PowerShell: When you use PowerShell scripts to control file and folder permissions, you can monitor and control access to apps and data across your internal IT network and cloud computers.
• Create a Web Scraping Tool in PowerShell: Scraping means extracting data from websites that is then converted into more structured formats like Excel spreadsheets. This is a great way to monitor competitor price data and other valuable information.
• Build an Interactive Menu Inside a PowerShell Script: Create a user-friendly interface that offers predetermined options and inputs for users to select from. Converting your system to a point-and-click one makes it easier for coworkers to use, especially those with little or no coding ability. 

Mark Fairlie contributed to this article.