I've found this script to ApproveUpdatesByComputerGroupt and it works, my problem is now, I only need to approve Classification Critical, because I will not approve service packs for OS / SQL, etc.
I'm using SCCM, but Failover Cluster should I use WSUS, and my support team is already running a script, to set maintenance mode.
But no matter what I've tried, I can not really get it to work, so ..
Help Help
# ApproveUpdatesByComputerGroup.ps1
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer()
$ComputerTargetGroups = $wsus.GetComputerTargetGroups()
Write-Host "Warning: This will approve all NotApproved updates for a Computer Group" -ForegroundColor Red
Write-Host "Computer Groups"
$Count = 0
foreach ($ComputerTargetGroup in $ComputerTargetGroups) {
Write-Host $Count - $ComputerTargetGroup.Name
$Count++
}
$ComputerGroupToUpdate = Read-Host "Select Computer Group to update. [0 - $($Count-1)]"
Write-Host "Finding all updates needing approval and approving them"
$ComputerGroupName = $ComputerTargetGroups[$ComputerGroupToUpdate].Name
$ComputerGroupId = $ComputerTargetGroups[$ComputerGroupToUpdate].Id
$ComputersToScan = $wsus.GetComputerTargetGroup($ComputerGroupId).GetComputerTargets()
foreach ($ComputerToScan in $ComputersToScan) {
$ComputerTargetToUpdate = $wsus.GetComputerTargetByName($ComputerToScan.FullDomainName)
# Get all Not Installed updates available to the computer
$NeededAndNotInstalled = $ComputerTargetToUpdate.GetUpdateInstallationInfoPerUpdate() | where {
($_.UpdateInstallationState -eq "NotInstalled") `
-and ($_.UpdateApprovalAction -eq "NotApproved")}
foreach ($UpdateToApprove in $NeededAndNotInstalled)
{
Approve-WsusUpdate -Action Install -TargetGroupName $ComputerGroupName -Update $(Get-WsusUpdate -UpdateId $UpdateToApprove.UpdateId) -Verbose
}
}
Write-Host "Done approving updates"
sleep -Seconds 5
I'm using SCCM, but Failover Cluster should I use WSUS, and my support team is already running a script, to set maintenance mode.
But no matter what I've tried, I can not really get it to work, so ..
Help Help
# ApproveUpdatesByComputerGroup.ps1
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer()
$ComputerTargetGroups = $wsus.GetComputerTargetGroups()
Write-Host "Warning: This will approve all NotApproved updates for a Computer Group" -ForegroundColor Red
Write-Host "Computer Groups"
$Count = 0
foreach ($ComputerTargetGroup in $ComputerTargetGroups) {
Write-Host $Count - $ComputerTargetGroup.Name
$Count++
}
$ComputerGroupToUpdate = Read-Host "Select Computer Group to update. [0 - $($Count-1)]"
Write-Host "Finding all updates needing approval and approving them"
$ComputerGroupName = $ComputerTargetGroups[$ComputerGroupToUpdate].Name
$ComputerGroupId = $ComputerTargetGroups[$ComputerGroupToUpdate].Id
$ComputersToScan = $wsus.GetComputerTargetGroup($ComputerGroupId).GetComputerTargets()
foreach ($ComputerToScan in $ComputersToScan) {
$ComputerTargetToUpdate = $wsus.GetComputerTargetByName($ComputerToScan.FullDomainName)
# Get all Not Installed updates available to the computer
$NeededAndNotInstalled = $ComputerTargetToUpdate.GetUpdateInstallationInfoPerUpdate() | where {
($_.UpdateInstallationState -eq "NotInstalled") `
-and ($_.UpdateApprovalAction -eq "NotApproved")}
foreach ($UpdateToApprove in $NeededAndNotInstalled)
{
Approve-WsusUpdate -Action Install -TargetGroupName $ComputerGroupName -Update $(Get-WsusUpdate -UpdateId $UpdateToApprove.UpdateId) -Verbose
}
}
Write-Host "Done approving updates"
sleep -Seconds 5