Get Windows Update Configuration PowerShell

Get Windows Update Configuration PowerShell

Hello,

You can check the configuration of your WSUS agent in many different ways. Today, we’ll look at the registry way. Once your WSUS agent is configured by the administrator, by GPO, or something else, some registry keys are created in the local machine hive.The registry keys involved can be found here:

https://msdn.microsoft.com/en-us/library/dd939844(v=ws.10).aspx

There is quite some of them, some are easily readable, some requires to convert an int into a string.

I wrote a simple PowerShell function to harvest the information from the registry, and convert ti into a readable format, a PowerShell object. This function uses the .Net method OpenRemoteBaseKey:

Get Windows Update Configuration PowerShell - Example

Get Windows Update Configuration PowerShell – Example

By default, the function runs against the local host, but you can specify a remote computer name:

Get Windows Update Configuration PowerShell - Remote Computer Example

Get Windows Update Configuration PowerShell – Remote Computer Example

If it’s offline, you’ll have the same object but with all registry keys set to offline. This will allow you to start an inventory against a large number of computers with some error handling and offline computer handling:

Get-ADForest | Select-Object -ExpandProperty Domains | % {Get-ADComputer -Filter {OperatingSystem -like '*server*'} -Server $_} | Select-Object -ExpandProperty Name | Get-windowsUpdateConfiguration | Export-Csv -NoTypeInformation -Delimiter ';' 'windowsUpdateConfiguration.csv'

This can be useful to be sure that any server from your Active Directory domain respect your WSUS policy. Expect some delay for the execution time, depending of the number of servers in your Active Directory. You can also use something like this to display some progress during the script execution:

$ComputerList = Get-ADForest | Select-Object -ExpandProperty Domains | % {Get-ADComputer -Filter {OperatingSystem -like '*server*'} -Server $_} | Select-Object -ExpandProperty Name

Write-Verbose -Message "Found $(@($ComputerList).Count) servers..." -Verbose

$i = 1
$ToExport = foreach($Computer in $ComputerList){
    Write-Progress -Activity "Windows Update Inventory..." -CurrentOperation $Computer -Status ('Progress: {0}% - {1:N1}' -f ($i/$(@($ComputerList).Count)*100 -as [int]),("$i/$(@($ComputerList).Count)")) -PercentComplete ($i/$(@($ComputerList).Count)*100)
    Get-WindowsUpdateConfiguration -ComputerName $Computer
    $i++
}
$ToExport | Export-Csv -NoTypeInformation -Delimiter ';' 'windowsUpdateConfiguration.csv'

You can tweak the $ComputerList, use a TXT file or any kind of data source.

Get Windows Update Configuration PowerShell – Download

The function is available on GitHub.

One thought on “Get Windows Update Configuration PowerShell

  1. Pingback: WSUS Windows Update Compliance PowerShell - It for DummiesIt for Dummies

Leave a Reply