Differences

This shows you the differences between two versions of the page.

--- wsus:start [2020/08/11 01:07]
admin [Script]
+++ wsus:start [2020/08/11 10:56] (current)
admin
@@ Line 20: / Line 20: @@
 ===== Script =====
 Ici, je vais positionné certains scripts que j'ai trouvé pour gagner de la place.\\
-==== Script ====
+==== Function Invoke-WsusDeclineAllSuperSeded ====
+Celui-ci utilise l'api Web de WSUS pour décliner l'ensemble des updates dites "Superseded", il faudra ensuite lancer un nettoyage dans le serveur.
 <sxh powershell>
-#Change server name and port number and $True if it is on SSL
+function Invoke-WsusDeclineAllSuperSeded {
+    <#
+    .SYNOPSIS
+        On Wsus, performs a find all updates with IsSuperseded with value True to Decline this update via web api.
+    .EXAMPLE
+        PS> Invoke-WsusDeclineAllSuperSeded
+        Performs a find all updates with IsSuperseded with value True to Decline this update via local web api.
+    .EXAMPLE
+        PS> Invoke-WsusDeclineAllSuperSeded -FQDN wsus.example.org -portNumber 8531 -useSecureConnection $true
+        Performs a find all updates with IsSuperseded with value True to Decline this update via remove web api, use the port number 8531 and use secure connection.
+    .PARAMETER FQDN
+        Set the fully qualified domain name like this : myhost.example.com. The FQDN uniquely distinguishes the device from any other hosts called myhost in other domains.
+    .PARAMETER portNumber
+        Set the communication port, by default this parameter is set on 8530.
+    .PARAMETER useSecureConnection
+        If your Wsus use a SSL certificate, please set this parameter to $true, by default this parameter is set on $false.
+    #>
+    param(
+        [Parameter(HelpMessage = 'Set the fully qualified domain name like this : myhost.example.com. The FQDN uniquely distinguishes the device from any other hosts called myhost in other domains.')]
+        [String]$FQDN,
+        [Parameter(HelpMessage = 'If your Wsus use a SSL certificate, please set this parameter to $true, by default this parameter is set on $false.')]
+        [Boolean]$useSecureConnection = $false,
+        [Parameter(HelpMessage = 'Set the communication port, by default this parameter is set on 8530')]
+        [Int32]$portNumber = 8530
+    )
+    if (!$FQDN) {
+        [String]$FQDN = $env:COMPUTERNAME + $(if (($null -eq $env:USERDNSDOMAIN) -eq $false) { '.' + $env:USERDNSDOMAIN })
+    }
+    # Load .NET assembly
-[String]$FQDN = $env:COMPUTERNAME + $(if (($null -eq $env:USERDNSDOMAIN) -eq $false){'.' + $env:USERDNSDOMAIN})
+    [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
-[Boolean]$useSecureConnection = $False
-[Int32]$portNumber = 8530
-# Load .NET assembly
+    [Int32]$count = 0
-[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
+    # Connect to WSUS Server
+    Try {
+        $updateServer = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($FQDN, $useSecureConnection, $portNumber)
+        write-output "Connected sucessfully"
+    }
+    Catch {
+        Write-Warning "An error occurred:"
+        Write-Error $_
+        Break
+    }
-[Int32]$count = 0
+    $updateServer.GetUpdates($(New-Object Microsoft.UpdateServices.Administration.UpdateScope)) | ForEach-Object {
-# Connect to WSUS Server
+        if ($_.IsSuperseded -eq 'True') {
+            Write-Output ("Decline Update : $_.Title")
+            $_.Decline()
+            $count = $count + 1
+        }
+    }
+    Total Declined Updates: $count
-$updateServer = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($FQDN, $useSecureConnection, $portNumber)
+    trap {
+        Write-Warning -Message 'Error Occurred'
-write-output "<<<Connected sucessfully >>>" -foregroundcolor "yellow"
+        Write-Warning -Message 'Exception Message: '
+        Write-Error $_.Exception.Message
-$updateServer.GetUpdates($(New-Object Microsoft.UpdateServices.Administration.UpdateScope)) | ForEach-Object {
+        Write-Error $_.Exception.StackTrace
-    if ($_.IsSuperseded -eq 'True') {
+        exit
-        Write-Output ("Decline Update : $_.Title")
-        $_.Decline()
-        $count = $count + 1
     }
 }
-Total Declined Updates: $count
+# Please Set your settings here
+Invoke-WsusDeclineAllSuperSeded
+# EOF
+</sxh>
+==== Invoke-DeclineUpdates ====
+Une version alternative que j'ai trouvé [[https://gallery.technet.microsoft.com/scriptcenter/Decline-superseded-and-922d6d82|ici]], il y a de bonne idée mais, j'ai préféré ne pas mettre en place, car il utilise les rsat de WSUS.
+<sxh powershell>
+<#
+.Synopsis
+   Sample script to decline superseded updates from WSUS, and run WSUS cleanup if any changes are made
+.DESCRIPTION
+   Declines updates from WSUS if update meets any of the following:
+        - is superseded
+        - is expired (as defined by Microsoft)
+        - is for x86 or itanium operating systems
+        - is for Windows XP
+        - is a language pack
+        - is for old versions of Internet Explorer (versions 7,8,9)
+        - contains some country names for country specific updates not filtered by WSUS language filters.
+        - is a beta update
+        - is for an embedded operating system
+    If an update is released for multiple operating systems, and one or more of the above criteria are met, the versions of the update that do not meet the above will not be declined by this script
+.EXAMPLE
+   .\Invoke-DeclineUpdates -WSUSServer WSUSServer.Company.com -WSUSPort 8530
+# Last updated 13 July 2016
-trap {
+# Author
-    Write-Warning -Message 'Error Occurred'
+Nick Eales, Microsoft
-    Write-Warning -Message 'Exception Message: '
+#>
-    Write-Error $_.Exception.Message
-    Write-Error $_.Exception.StackTrace
-    exit
+Param(
+    [Parameter(Mandatory=$false,
+    ValueFromPipeline=$true,
+    ValueFromPipelineByPropertyName=$true,
+    ValueFromRemainingArguments=$false,
+    Position=0)]
+    [string]$WSUSServer = "Localhost", #default to localhost
+    [int]$WSUSPort=8530,
+    [switch]$reportonly
+    )
+Function Invoke-DeclineUpdates{
+    Param(
+        [string]$WsusServer,
+        [int]$WSUSPort,
+        [switch]$ReportOnly
+    )
+    write-host "Connecting to WSUS Server $WSUSServer and getting list of updates"
+    $Wsus = Get-WSUSserver -Name $WSUSServer -PortNumber $WSUSPort
+    if($Null -eq $WSUS){
+        write-error "unable to contact WSUSServer $WSUSServer"
+    }else{
+        $Updates = $wsus.GetUpdates()
+        write-host "$(($Updates | Where-Object {$_.IsDeclined -eq $false} | Measure-Object).Count) Updates before cleanup"
+        $updatesToDecline = $updates | Where-Object {$_.IsDeclined -eq $false -and (
+        $_.IsSuperseded -eq $true -or   #remove superseded updates
+        $_.PublicationState -eq "Expired" -or #remove updates that have been pulled by Microsoft
+        $_.LegacyName -match "ia64" -or #remove updates for itanium computers (1/2)
+        $_.LegacyName -match "x86" -or  #remove updates for 32-bit computers
+        $_.LegacyName -match "XP" -or   #remove Windows XP updates (1/2)
+        $_.producttitles -match "XP" -or #remove Windows XP updates (1/2)
+        $_.Title -match "Itanium" -or   #remove updates for itanium computers (2/2)
+        $_.Title -match "language\s" -or  #remove langauge packs
+        $_.title -match "Internet Explorer 7" -or #remove updates for old versions of IE
+        $_.title -match "Internet Explorer 8" -or
+        $_.title -match "Internet Explorer 9" -or
+        $_.title -match "Japanese" -or #some non-english updates are not filtered by WSUS language filtering
+        $_.title -match "Korean" -or
+        $_.title -match "Taiwan" -or
+        $_.Title -match "Beta" -or     #Beta products and beta updates
+        $_.title -match "Embedded"     #Embedded version of Windows
+        )}
+        write-host "$(($updatesToDecline | Measure-Object).Count) Updates to decline"
+        $changemade = $false
+        if($reportonly){
+            write-host "ReportOnly was set to true, so not making any changes"
+        }else{
+            $changemade = $true
+            $updatesToDecline | ForEach-Object{$_.Decline()}
+        }
+        #Decline updates released more then 3 months prior to the release of an included service pack
+        # - service packs updates don't appear to contain the supersedance information.
+        Foreach($SP in $($updates | Where-Object title -match "^Windows Server \d{4} .* Service Pack \d")){
+            if(($SP.ProductTitles |Measure-Object ).count -eq 1){
+                $updatesToDecline = $updates | Where-Object {$_.IsDeclined -eq $false -and $_.ProductTitles -contains $SP.ProductTitles -and $_.CreationDate -lt $SP.CreationDate.Addmonths(-3)}
+                if($null -ne $updatesToDecline){
+                    write-host "$(($updatesToDecline | Measure-Object).Count) Updates to decline (superseded by $($SP.Title))"
+                    if(-not $reportonly){
+                        $changemade = $true
+                        $updatesToDecline | ForEach-Object{$_.Decline()}
+                    }
+                }
+            }
+        }
+        #if changes were made, run a WSUS cleanup to recover disk space
+        if($changemade -eq $true -and $reportonly -eq $false){
+            $Updates = $wsus.GetUpdates()
+            write-host "$(($Updates | Where-Object {$_.IsDeclined -eq $false} | Measure-Object).Count) Updates remaining, running WSUS cleanup"
+            Invoke-WsusServerCleanup -updateServer $WSUS -CleanupObsoleteComputers -CleanupUnneededContentFiles -CleanupObsoleteUpdates -CompressUpdates -DeclineExpiredUpdates -DeclineSupersededUpdates
+        }
+    }
 }
-# EOF
+Invoke-DeclineUpdates -WSUSServer $WSUSServer -WSUSPort $WSUSPort -reportonly:$reportonly
 </sxh>

Poste2Travail

User Tools

Site Tools

Differences

Page Tools