[WSUS operational automation] to specify the architecture, we tried to create a script that can reject the update program

This article is an automatic translation of the article[dbb3dff2f306668e8dc5] below.
https://qiita.com/speaktech/items/dbb3dff2f306668e8dc5

1. that did

Specify the architecture (** x86/x64/arm64 **), it has created a script that can reject the update program.

GitHub: [Decline-UpdatesByArch.ps1] (https://github.com/speaktech-account/Decline-UpdatesByArch/blob/master/Decline-UpdatesByArch.ps1)

2. How to use

• If you are a test run you specify x86 architecture (you can get a list of rejection target)

powershell -ExecutionPolicy Unrestricted -Command "C:\Tools\WSUS\Decline-UpdatesByArch.ps1 -UpdateServer localhost -Port 8530 -Arch x86 -SkipDecline" >> C:\Tools\WSUS\Decline-UpdatesByArch.log

• using an SSL connection, in the case where the test run you specify x86 architecture (can get a list of rejection target)

powershell -ExecutionPolicy Unrestricted -Command "C:\Tools\WSUS\Decline-UpdatesByArch.ps1 -UpdateServer localhost -UseSSL -Port 8531 -Arch x86 -SkipDecline" >> C:\Tools\WSUS\Decline-UpdatesByArch.log

• If the production run is specified x86 architecture

powershell -ExecutionPolicy Unrestricted -Command "C:\Tools\WSUS\Decline-UpdatesByArch.ps1 -UpdateServer localhost -Port 8530 -Arch x86" >> C:\Tools\WSUS\Decline-UpdatesByArch.log

When you run, you create a list of updates that the refuse object on the WSUS the (SpecificArchUpdates.csv) in the same path as the script.
Actually if the"deny"is executed, and copy the list, make a backup (SpecificArchUpdatesBackup.csv).

Summary information of the updates that are displayed on the standard output also save it to a file (Decline-SupersededUpdates.log).

Decline-UpdatesByArch.log

Decline-UpdatesByArch.ps1 has Started at 2019/11/17 13:32:23
Connecting to WSUS server localhost on Port 8530... Connected.
Getting a list of all updates... Done
Parsing the list of updates... Done.
List of SpecificArch(x64) updates: C:\Tools\WSUS\SpecificArchUpdates.csv

Summary:
========
All Updates = 87
Any except Declined = 30
All SpecificArch(x64) Updates = 30

Summarizing the updates has been done at 2019/11/17 13:32:25
SkipDecline flag is set to False. Continuing with declining updates
  Declined 30 updates.
  Backed up list of SpecificArch updates to C:\Tools\WSUS\SpecificArchUpdatesBackup.csv

Decline-UpdatesByArch.ps1 has finished at 2019/11/17 13:32:25

3. did try motives (problems of WSUS operation)

The update program of Windows 10, there is a property called architecture, it has been classified as x86/x64/arm64.
However, can be selected when you synchronize from Microsoft Update is a unit referred to as"the product and classification", you can not be selected in architecture unit. As a result, the update program in the field x86 and arm64 for architecture that is not operating in will be synchronized want.

If only WSUS synchronization to the actual file is not downloaded, to be downloaded only meta data to DB, but impact on the disk space is of minor, because you can not still selected in the architecture unit in the rule of"automatic approval", after all unnecessary architectures updates are also automatically approved, actual file will be downloaded.

Therefore, we consider creating a script that can reject the update program in architecture unit.

4. Measures to the problems

Please let me [Crossed advanced automatic approval/denial in WSUS] an article that (https://qiita.com/mappityper/items/dc0fa771e11526c2ede5) as a reference, by specifying the architecture, creating a script that can reject the update program and, we thought the measures to periodically run in task scheduler.
Since the rejected update program will be deleted by the WSUS Cleanup, in combination with the regular execution of the cleanup, you can whole ton delete unnecessary actual file.

For the regular run of the WSUS Cleanup, [WSUS Maintenance Guide] has been introduced in (https://blogs.technet.microsoft.com/jpwsus/2018/03/08/maintenance-guide/) [2.WSUS Clean please be performed in reference] the (https://blogs.technet.microsoft.com/jpwsus/2017/12/05/43/) for up wizard.

5. References

• [Crossed advanced automatic approval/denial in WSUS] (https://qiita.com/mappityper/items/dc0fa771e11526c2ede5) (@mappityper Thank you, Mr. very post has to be a reference.)
• [WSUS Maintenance Guide] (https://blogs.technet.microsoft.com/jpwsus/2018/03/08/maintenance-guide/)