Share via


Status of Update per Update ID from WSUS server

With the Current issue with Ransome Wancrypt we had a requirement where we had WSUS only to get report. WSUS reports are there but the reports were not friendly.

So we had to write two scripts using powershell , one to Get the Summary of Update Installation Status for a Specific or a Set of Updates  and second one to get the list of computers where a updated is needed for a specific Update or for a set of updates.

Thought of Sharing the same as it could be useful for few who are using WSUS as their Patching Mechanism.

  1. Updates Status Primary for a Specific or a Group of Updates.  (These Update ID are for KB4012212,KB4012213,4012214,KB4012598)
##########################################################################
#Script to get the Report from WSUS for Updates Status Primary for a Specific or a Group of Updates
#Version 1.0 File Name Report_Summary.ps1
# Output  Folder file path is  $outputfile a
#Created by: Sudheesh Narayanaswamy
#Created for Any WSUS server
#Created on: 5/16/2017
#Run this script in the WSUS server
################################################################################
$outputfile = "C:\Temp\"
$outputfile = $outputfile + "Report_Summary_" + $env:COMPUTERNAME + ".csv"
#Change server name and port number and $True if it is on SSL
[String]$updateServer1 = $env:COMPUTERNAME
[Boolean]$useSecureConnection = $False
[Int32]$portNumber =80
$updateid=(
'fb31138f-b6a5-499c-9eb6-5b5f9fff6bfd',
'86ac3cc3-e972-41a8-ac78-45bc5a950faa',
'5680ca8f-be92-4d13-8e4e-587aa462e838',
'57dbd57f-89b2-4abb-8582-14fc17870bb8',
'80bc2b42-a953-4096-8595-130e9a9c9fb9',
'652eea96-c2e8-4548-8f9a-40964e5e6a74'
)
# Load .NET assembly
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
# Connect to WSUS Server
$updateServer = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($updateServer1,$useSecureConnection,$portNumber)
write-host "<<<Connected sucessfully >>>" -foregroundcolor "yellow"
$computerscope = New-Object Microsoft.UpdateServices.Administration.ComputerTargetScope
$updatescope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
$updatescope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::LatestRevisionApproved
$updatescope.IncludedInstallationStates = [Microsoft.UpdateServices.Administration.UpdateInstallationStates]::NotInstalled
$updatescope.FromArrivalDate = [datetime]"1/1/2017"
$u=$updateServer.GetUpdates($updatescope )
$u=$updateServer.GetSummariesPerUpdate($updatescope,$computerscope)
foreach ($u1 in $u )
{
if ($updateid -contains $u1.UpdateId)
{
$needed= $u1.DownloadedCount + $u1.NotInstalledCount +$u1.InstalledPendingRebootCount
$Title= $updateServer.GetUpdate($u1.UpdateId).Title
$o= New-Object PSObject
$o | Add-Member NoteProperty Title $Title
$o | Add-Member NoteProperty Installed $u1.InstalledCount
$o | Add-Member NoteProperty Required $needed
$o | Add-Member NoteProperty  Failed $u1.FailedCount
$o | Add-Member NoteProperty Notapplicable $u1.NotApplicableCount
$o | export-csv $outputfile -Append -NoTypeInformation
}
}
write-host "<<<Finished sucessfully >>>" -foregroundcolor "yellow"
trap
{
write-host "Error Occurred"
write-host "Exception Message: "
write-host $_.Exception.Message
write-host $_.Exception.StackTrace
exit
}
# EOF

2. Computers which require a specific update or a set of updates

##########################################################################
#Script to get the Report from WSUS for Computers which require a specific update or a set of updates
#Version 1.0 File Name Report_detailed.ps1
# Output  Folder file path is  $outputfile a
#Created by: Sudheesh Narayanaswamy
#Created for Any WSUS server
#Created on: 5/16/2017
#Run this script in the WSUS server
################################################################################

$outputfile = "C:\Temp\"
$outputfile = $outputfile + "Report_Detail_" + $env:COMPUTERNAME + ".csv"

#Change server name and port number and $True if it is on SSL
[String]$updateServer1 = $env:COMPUTERNAME
[Boolean]$useSecureConnection = $False
[Int32]$portNumber =80
$updateid=(
'fb31138f-b6a5-499c-9eb6-5b5f9fff6bfd',
'86ac3cc3-e972-41a8-ac78-45bc5a950faa',
'5680ca8f-be92-4d13-8e4e-587aa462e838',
'57dbd57f-89b2-4abb-8582-14fc17870bb8',
'80bc2b42-a953-4096-8595-130e9a9c9fb9',
'652eea96-c2e8-4548-8f9a-40964e5e6a74'
)
# Load .NET assembly
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
# Connect to WSUS Server
$updateServer = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($updateServer1,$useSecureConnection,$portNumber)
write-host "<<<Connected sucessfully >>>" -foregroundcolor "yellow"
$computerscope = New-Object Microsoft.UpdateServices.Administration.ComputerTargetScope
$updatescope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
$updatescope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::LatestRevisionApproved
$updatescope.IncludedInstallationStates = [Microsoft.UpdateServices.Administration.UpdateInstallationStates]::NotInstalled
$updatescope.FromArrivalDate = [datetime]"1/1/2017"
$Update=$updateServer.GetUpdates($updatescope )
foreach ($u1 in $Update)
{

if ($updateid -contains $u1.Id.UpdateId)
{
$Computers= $u1.GetUpdateInstallationInfoPerComputerTarget($ComputerScope)
$Title= $updateServer.GetUpdate($u1.Id.UpdateId).Title
foreach ($C1 in $Computers)
{

if ($C1.UpdateInstallationState -ne "Installed" -and  $C1.UpdateInstallationState -ne "NotApplicable" )
{

$ComputerName= $updateServer.GetComputerTarget($C1.ComputerTargetId).FullDomainName

$o= New-Object PSObject
$o | Add-Member NoteProperty Title $Title
$o | Add-Member NoteProperty ComputerName $ComputerName
$o | Add-Member NoteProperty Status   $C1.UpdateInstallationState
$o | export-csv $outputfile -Append -NoTypeInformation

}

}

}
}

write-host "<<<Finished sucessfully >>>" -foregroundcolor "yellow"

trap
{
write-host "Error Occurred"
write-host "Exception Message: "
write-host $_.Exception.Message
write-host $_.Exception.StackTrace
exit
}
# EOF

Hope This would be helpful

Sudheesh Narayanaswamy