1. 首頁
  2. 問答
  3. 一次爲一個計算機組批准WSUS更新

一次爲一個計算機組批准WSUS更新

2014-02-17 44 views
2

我們有一個WSUS服務器和四個計算機組(Alpha,Beta,Production,Workstations)。我們的修補程序讓我們批准Alpha組的所有「未批准」修補程序,只要它們由Microsoft發佈即可。一週後,我們批准了前一週的所有更新,Beta組。一週後,我們也爲生產做同樣的事情。一次爲一個計算機組批准WSUS更新

我正在編寫一個腳本(我不能測試,直到下週),並想知道是否有更好的方式來獲取已批准用於Alpha的更新列表。下面是代碼:

$updateScope = New-Object Microsoft.UpdateServices.Administration.UpdateScope 
$updateScope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::LatestRevisionApproved 
$updateScope.FromArrivalDAte = (Get-Date).AddMonths(-1) 
$wsusGroup = $wsus.GetComputerTargetGroups() | Where {$_.Name -eq "$PatchingGroup"} 
$updateScope 
$updateScope.getType() 
$updateScope.count 
$updateScope.ApprovedComputerTargetGroups.add($wsusGroup) 
$wsus.GetUpdates($updateScope) 
$Updates = $wsus.GetUpdates($updateScope)

我以爲我可以採取$更新變量,並做了測試版和生產組下面:

Foreach ($update in $updates) { 
    $update.Approve(「Install」,$PatchingGroup) 
}

這是去上班,並且有更好的辦法?

來源

2014-02-17 StackExchangeGuy

回答

1

我在原帖中看不到特定版本PowerShell的任何引用,但Windows 8.1/Windows Server 2012 R2 WSUS模塊可能實現您的目標嗎?

有一個函數叫做Approve-WsusUpdate,它有一個-TargetGroupName參數。

http://technet.microsoft.com/en-us/library/hh826164.aspx

如果您使用的不是Windows 8.1和PowerShell 4.0版,然後原諒我的無知。

來源

2014-02-17 15:13:47

+0

對不起,你是正確的。我們在Server 2008R2上使用WSUS 3.0。 – StackExchangeGuy

3

這是我最終使用的代碼。它有效,但我不禁感覺有更好的方法。

<# 
.Synopsis 
    Approve WSUS updates for installation. 
.DESCRIPTION 
    This script takes the name of a WSUS approval group, and approves updates based on their age. 
.NOTES 
    Author: Mike Hashemi 
    V1 date: 24 Feb 2014 
.LINK 

.PARAMETER PrimaryWSUSServer 
    Default value: server.domain.local. This parameter specifies the DNS name of the primary WSUS server. 
.PARAMETER PatchingGroup 
    Manadatory parameter. Valid values are 'Alpha','Beta','Production','Excluded','Workstations','COC-OMI-WORKSTATIONS'. The value of this parameter determines what patching groups will have updates approved for installation. Multiple groups can be entered at once, unless one of the is Alpha 
.EXAMPLE 
    .\manageWSUSUpdates-Parameterized.ps1 -PatchingGroup Alpha 
    In this example, the script will approve all updates with an approval status not equal to 'IsDeclined', for installation to servers in the Alpha group. 
.EXAMPLE 
    .\manageWSUSUpdates-Parameterized.ps1 -PatchingGroup Beta 
    In this example, the script will get the list of updates approved for the Alpha group, in the last three months (from the date the script is run), and will approve them for installation to servers in the Beta group. 
#> 
[CmdletBinding()] 
param(
    [string]$PrimaryWSUSServer = 「server.domain.local」, 

    [Parameter(Mandatory=$True)] 
    [ValidateSet('Alpha','Beta','Production','Excluded','Workstations','COC-OMI-WORKSTATIONS')] 
    [string[]]$PatchingGroup 
) 

#Initialize variables 
$BeginScriptTime = Get-Date 

# Load the Required .NET assembly 
[void][reflection.assembly]::LoadWithPartialName(「Microsoft.UpdateServices.Administration」) 

$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($PrimaryWSUSServer,$False) 

Function Approve-AlphaPatches { 
    #Get the list of all updates that are not declined. 
    $unapprovedUpdates = $wsus.getupdates() | where {$_.isdeclined -ne $true} 

    #If an update has a license agreement, accept it 
    $license = $unapprovedUpdates | where {$_.RequiresLicenseAgreementAcceptance} 
    $license | ForEach {$_.AcceptLicenseAgreement()} 

    #Get members of Alpha patching group. 
    $installGroup = $wsus.GetComputerTargetGroups() | where {$_.Name -eq $PatchingGroup} 

    #Approve updates for the Beta group. 
    Foreach ($update in $unapprovedUpdates) { 
     $update.Approve(「Install」,$installGroup) 
    } 
} 

Function Approve-NonAlphaPatches { 
    Foreach ($group in $PatchingGroup) { 
     #Get the updates that have arrived in the last three months. 
     $updateScope = New-Object Microsoft.UpdateServices.Administration.UpdateScope 
     $updateScope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::LatestRevisionApproved 
     $updateScope.FromArrivalDAte = (Get-Date).AddMonths(-3) 

     #Get the updates approved for the Alpha group. 
     $alphaGroup = $wsus.GetComputerTargetGroups() | Where {$_.Name -eq 'Alpha'} 
     $updateScope.ApprovedComputerTargetGroups.add($alphaGroup) 
     $Updates = $wsus.GetUpdates($updateScope) 

     #Get members of Alpha patching group. 
     $installGroup = $wsus.GetComputerTargetGroups() | where {$_.Name -eq $group} 

     #Approve updates for the user-specified patching group. 
     Foreach ($update in $updates) { 
      $update.Approve(「Install」,$installGroup) 
     } 
    } 
} 

#Begin Script 
If (($PatchingGroup.Count -gt 1) -and ($PatchingGroup -ccontains 'Alpha')) { 
    Write-Error ("This script cannot approve Alpha patches with other patching groups. If you want to approve more groups at the same time, please approve the rest in a second execution of the script.") 
    Return 
} 
Else { 
    If ($PatchingGroup -eq 'Alpha') { 
     Approve-AlphaPatches 
    } 
    Else { 
     Approve-NonAlphaPatches 
    } 
}

來源

2014-02-25 14:28:40 StackExchangeGuy

0

我增加了一個排除列表,以避免重新啓用已禁用的更新:

#Load KBs to exclude 
$pattern = '[^0-9]' 
if(Test-Path ($PSScriptRoot + '\exclude.csv')){ 
    $exclude = @(Import-Csv ($PSScriptRoot + '\exclude.csv') -Delimiter ';' -Encoding UTF8 | SELECT KBArticle) 
} 

    #Approve updates for the Beta group. 
    Foreach ($update in $unapprovedUpdates) { 
     if (($exclude -eq $null) -or ($exclude | where {($_.KBArticle -replace $pattern, '') -ne $update.KnowledgebaseArticles})){ 
      $update.Approve(「Install」,$installGroup) 
     } 
    }

的exclude.csv就像如下:

KBArticle 
KB4011052

來源

2017-08-08 08:12:52 Stephan

相關問題

 相關問題