WSUS Part 1: Synchronization updates and Approve/Deny updates with Powershell

You can use PowerShell for WSUS management. This example works on a Windows Server with Powershell 5.1 and the Powershell WSUS module installed from Server Manager. You can start the synchronization and approve the updates with the example below:

	$wsus = Get-WSUSserver
	$Subscription = $wsus.GetSubscription()
	# Start de WSUS Synchronization.
	$Subscription.StartSynchronization()
	# Wait Until the the Synchronizations is finished.
	Start-Sleep -Seconds 5
	While($Subscription.GetSynchronizationProgress().Phase -ne "NotProcessing"){
	Write-Host "Synchronization is busy: $($Subscription.GetSynchronizationProgress())"
	Start-Sleep -Seconds 5
	}
	Get-WSUSUpdate -Approval AnyExceptDeclined | Approve-WSUSUpdate -Action Install -TargetGroupName "All Computers"

view raw WSUS-Sync.ps1 hosted with ❤ by GitHub

You can use this example if you like to deny older updates:

	# Get all updates older then 4 months:
	$Updates = Get-WSUSUpdates -Approval AnyExceptDeclined | Where-Object{!($_.update.creationdate -ge (Get-Date).Addmonths(-4))}
	# Deny the updates:
	$Updates | Deny-WSUSupdate

view raw WSUS-Deny.ps1 hosted with ❤ by GitHub

All updates are denied when they are older then 4 months.

Sometimes it is necessary to accept a license agreement for an update. You can use this code to accept all license agreements:

	$wsus = Get-WSUSServer
	# Get a list of updates with a License Agreement.
	$AcceptLicenses = $wsus.GetUpdates() | Where-Object {$_.HasLicenseAgreement -eq "True"}
	# Accept the License Agreement for the updates.
	ForEach($Item in $AcceptLicenses){
	$item.AcceptLicenseAgreement()
	}

view raw WSUS-License hosted with ❤ by GitHub