0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

[WSUS operational automation] replaced update program tried to deny script in automatically

Last updated at Posted at 2019-11-16

This article is an automatic translation of the article[f5736a99db6cb84cdfc0] below.
https://qiita.com/speaktech/items/f5736a99db6cb84cdfc0

1. tried

[WSUS Maintenance Guide] (https://blogs.technet.microsoft.com/jpwsus/2018/03/08/maintenance-guide/) of [3. unnecessary update program is trying to set in already rejected! ] In reference to the (https://blogs.technet.microsoft.com/jpwsus/2017/12/11/decline-is-yrfrnd/), try the **"reject replaced update program"script ** and I tried.

Since there was a notice not listed officially, leaves as a work log.

2. verification environment

3. verification procedure

3.1 script analysis

Definition of the argument in the script is as follows.

[CmdletBinding()]
Param(
	[Parameter(Mandatory=$True,Position=1)]
    [string] $UpdateServer,	
	[Parameter(Mandatory=$False)]
    [switch] $UseSSL,	
	[Parameter(Mandatory=$True, Position=2)]
    $Port,
    [switch] $SkipDecline,
    [switch] $DeclineLastLevelOnly
)

To summarize in the table, looks like.

| Argument name | type | mandatory | Description |
|:----------------- | ------------------:|:--------- ---------:|:------------------:|
| UpdateServer | string | 〇 | as the value of the argument, specify the IP address or FQDN of the WSUS server |
| Port | - | 〇 | as the value of the argument, specify the port that WSUS will use |
| UseSSL | switch | × | used when WSUS uses SSL communication |
| SkipDecline | switch | × | used to determine the number of test run or replaced update program |
| DeclineLastLevelOnly | switch | × | used to deny only update program that was replaced with the final level (** ※ 1 **) |

** ※ 1: **
The update program that has been replaced by the final level, refers to the first replaced update program.
For example, the update version 1 is replaced by the Update 2 version, if the Update 2 version has been replaced by the update program version 3, the update program that has been replaced by the final level will be a thing of the first edition.
In the script, the final level"Superseded Updates (Last Level),"the update program that was replaced with, the replaced update program except for the final level has been described as"Superseded Updates (Intermediate)".

Next, the definition of the output of the script is as follows.

$outPath = Split-Path $script:MyInvocation.MyCommand.Path
$outSupersededList = Join-Path $outPath "SupersededUpdates.csv"
$outSupersededListBackup = Join-Path $outPath "SupersededUpdatesBackup.csv"
"UpdateID, RevisionNumber, Title, KBArticle, SecurityBulletin, LastLevel" | Out-File $outSupersededList

When you run, you create a list of updates that were replaced on the WSUS the (SupersededUpdates.csv) in the same path as the script.
Actually if the"deny"is executed, and copy the list, make a backup (SupersededUpdatesBackup.csv).

3.2 test script execution

First of all, let's test run using the SkipDecline argument.
Also save it to a file (Decline-SupersededUpdates.log) summary information of the replaced update program is issued to the standard output.

powershell -ExecutionPolicy Unrestricted -Command "C:\Tools\WSUS\Decline-SupersededUpdates.ps1 -UpdateServer localhost -Port 8530 -SkipDecline" >> C:\Tools\WSUS\Decline-SupersededUpdates.log

Output results are as follows.

  • all of the update on the WSUS is 87
  • update program other than the denial state is 87 (all unapproved state)
  • replaced update 69
  • final level other than the superseded update program is 58 pieces
  • final level update program of eleven
Decline-SupersededUpdates.log
Connecting to WSUS server localhost on Port 8530... Connected.
Getting a list of all updates... Done
Parsing the list of updates... Done.
List of superseded updates: C:\Tools\WSUS\SupersededUpdates.csv

Summary:
========
All Updates = 87
Any except Declined = 87
All Superseded Updates = 69
    Superseded Updates (Intermediate) = 58
    Superseded Updates (Last Level) = 11

SkipDecline flag is set to True. Skipped declining updates

Done
SupersededUpdates.csv(参考)
UpdateID, RevisionNumber, Title, KBArticle, SecurityBulletin, LastLevel
0fa3afd0-ef18-4967-8fb9-c1f03c537e7f, 200, 2019-04 Security Update for Adobe Flash Player for Windows 10 Version 1903 for x86-based Systems (KB4493478), 4493478, , False
4efec717-3b81-4c2f-a988-a345196b691b, 200, 2019-04 Security Update for Adobe Flash Player for Windows 10 Version 1903 for ARM64-based Systems (KB4493478), 4493478, , False

....()....

d1d399c6-3a78-436e-a3f2-7962fee86ad1, 200, 2019-05 Servicing Stack Update for Windows 10 Version 1903 for ARM64-based Systems (KB4498523), 4498523, , True
41a6b6d6-6976-49b5-a4c4-0121dc96189c, 200, 2019-05 Servicing Stack Update for Windows 10 Version 1903 for x86-based Systems (KB4498523), 4498523, , True

Production run of ### 3.3 script
Finally, try to production run and remove the SkipDecline argument.
Summary information of the replaced update program is issued to the standard output is also saved to a file (Decline-SupersededUpdates.log).

powershell -ExecutionPolicy Unrestricted -Command "C:\Tools\WSUS\Decline-SupersededUpdates.ps1 -UpdateServer localhost -Port 8530" >> C:\Tools\WSUS\Decline-SupersededUpdates.log

Execution results are as follows.

** <"Rejected"update program before execution (0/87)> **
![Image.png] (https://qiita-image-store.s3.ap-northeast-1.amazonaws.com/0/218139/88e41fdf-22d8-3589-b8eb-e1a870b1fa9f.png)
: Arrow_down:: arrow_down:: arrow_down:: arrow_down:: arrow_down:: arrow_down:: arrow_down:

** **
![Image.png] (https://qiita-image-store.s3.ap-northeast-1.amazonaws.com/0/218139/e092dbcb-7122-9410-e804-03df80a46c4f.png)

Indeed, we confirmed that the check and have been replaced update program that 69 there has been denied all.
The execution contents by the Powershell in reference to the [WSUS Maintenance Guide] (https://blogs.technet.microsoft.com/jpwsus/2018/03/08/maintenance-guide/), can be automated is set to the task scheduler .

4. Summary

And content that was introduced in this article, [WSUS Maintenance Guide] has been introduced in (https://blogs.technet.microsoft.com/jpwsus/2018/03/08/maintenance-guide/) [2.WSUS Clean by combining the contents of the up Wizard] (https://blogs.technet.microsoft.com/jpwsus/2017/12/05/43/), since the actual file of the rejected update program is deleted, cleanup you can enhance the effect.

5. digression

For support of Windows 7 it is completed in January 2020, and finally I think that the operation of the Windows 10 comes into full swing. For Windows 10-related update program has a large size, it has become important to the maintenance of WSUS than ever. You can contribute even a little to the automation of troublesome WSUS operation and it is fortunate.
In the future, that was introduced a script in the architecture (x86/x64/ARM64) unit as a reference, to create a script that can deny the update program, I'd like to introduce.
While Mappitsu, Thank you for choosing I'm reading up to here.

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?