We have a WSUS server, and four computer groups (Alpha, Beta, Production, Workstations). Our patching process has us approve all "Not Approved" patches for the Alpha group, right after they're released by Microsoft. One week later, we approve all of the updates from the previous week, for the Beta group. One week later, we do the same for Production.
I'm writing a script (which I can't test until next week), and wonder if there's a better way to get the list of updates that are approved for Alpha. Here is the code:
$updateScope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
$updateScope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::LatestRevisionApproved
$updateScope.FromArrivalDAte = (Get-Date).AddMonths(-1)
$wsusGroup = $wsus.GetComputerTargetGroups() | Where {$_.Name -eq "$PatchingGroup"}
$updateScope
$updateScope.getType()
$updateScope.count
$updateScope.ApprovedComputerTargetGroups.add($wsusGroup)
$wsus.GetUpdates($updateScope)
$Updates = $wsus.GetUpdates($updateScope)I assume I can take the $Updates variable and do the following for the Beta and Production groups:
Foreach ($update in $updates) {
$update.Approve(“Install”,$PatchingGroup)
}
Is this going to work, and is there a better way?