WSUS GetSummariesPerComputerTarget – How to Exclude Not Approved Updates from Needed Count

I am attempting to replicate the “Computer Tabular Status for Approved Updates” report but seem to be unable to match the output exactly.

The WSUS report appears to exclude updates that are “Not Approved”, but I can’t find a simple way to specify this in the update scope.

Here is my attempt:

#Inspired by https://www.reddit.com/r/PowerShell/comments/5wynmk/wsus_updates_report_consolidate_number_of_needed/ [void][reflection.assembly]::LoadWithPartialName(“Microsoft.UpdateServices.Administration”) $wsus =[Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer(“wusserver”,$false, 80) #Create Computer and Update Scope Objects $computerscope = New-Object Microsoft.UpdateServices.Administration.ComputerTargetScope $updatescope = New-Object Microsoft.UpdateServices.Administration.UpdateScope #Set Computer Scope Settings $workstationsGroup = $wsus.GetComputerTargetGroups() | where {$_.Name -eq "Group1"} $computerscope.ComputerTargetGroups.Clear() $computerscope.ComputerTargetGroups.Add($workstationsGroup) $computerscope.IncludeSubgroups = $true $computerscope.IncludeDownstreamComputerTargets = $true #Set Update Scope Settings - Include Critical and Security Updates $classifications = $wsus.GetUpdateClassifications() | ? {$_.Title -eq "Critical Updates" -OR $_.Title -eq "Security Updates"} $updatescope.Classifications.Clear() $updatescope.Classifications.AddRange($classifications) #Attempt to get only Approved Updates $updatescope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::LatestRevisionApproved $updatescope.ExcludeOptionalUpdates = $true $updatescope.UpdateSources = [Microsoft.UpdateServices.Administration.UpdateSources]::MicrosoftUpdate #$computerscope #$updatescope $d = Get-Date -format yyyy_MM_dd_HH_mm_ss_ms #Report on Workstations that have Critical and Security Updates that are not installed #We are reporting incorrectly on Not Installed Updates that have not been approved - we need a way to only report on Approved Updates $wsus.GetSummariesPerComputerTarget($updatescope,$computerscope) | Select-Object @{L='Computer'; E={($wsus.GetComputerTarget([guid]$_.ComputerTargetId)).FullDomainName}}, @{L=’NeededCount’;E={($_.DownloadedCount + $_.NotInstalledCount)}},DownloadedCount,NotInstalledCount,FailedCount,InstalledCount,NotApplicableCount | where {$_.NeededCount -gt 0} | Export-Csv -NoClobber -NoTypeInformation -Path C:tempworkstations-wus-report_$($d).csv 

submitted by /u/ps_wsus_man
[link] [comments]

Leave a Reply