Some of my blog/Twitter/Facebook followers may know that I’m currently in a project implementing Windows Server Update Services (WSUS).
So naturallyI thought about how I could use PowerShell with it 😉
Since I’m using a Windows Server 2008 R2 system, I can’t use any native cmdlets. So I started to search…
Quickly I found Boe Prox’ post on the Hey Scripting Guy! blog.
Boe has written a PowerShell module named PoSHWSUS for managing WSUS which can be downloaded <here> Â from Codeplex.
Although Boe’s post had given me some inspiration, I started to search and play with it myself a little.
Since my current customer didn’t want to use the PoSHWSUS module, it gave me the freedom to write a script to handle the monthly WSUS cleanup.
Since there is a GUI way to do this, one of my demands was to cover each of the GUI options with a command.
So, let’s cover these options one by one.
0) Preperations
First we would have to start with loading the assembly for WSUS. This can be done with the following command:
|
1 |
[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") |
* If you don’t want any output shown by that command, simply pipe it to Out-Null 😉
Next we would need to create a PowerShell object for the WSUS clean up scope, which is part of the assembly:
|
1 |
$CleanUpScope = New-Object Microsoft.UpdateServices.Administration.CleanupScope |
1) Unused Updates and Update Revisions
Here’s the first of the options shown in the GUI. What would be the PowerShell way to accomplish this?
To cleanup unused (in fact: obsolete) updates:
|
1 |
$CleanUpScope.CleanObsoleteUpdates = $true |
To cleanup update revisions:
<See point 5 for that>
2) Computers not contacting the server
For the second option shown in the GUI we can use the following PowerShell command:
|
1 |
$cleanUpScope.CleanupObsoleteComputers = $true |
3) Unneeded update files
This option can be a real storage saver as I found out myself. To cleanup all unneeded update files:
|
1 |
$cleanUpScope.CleanupUnneededContentFiles = $true |
4) Expired Updates
As time passes some updates may become expired. To cleanup (in fact: decline) those updates:
|
1 |
$cleanUpScope.DeclineExpiredUpdates = $true |
5) Superseded Updates
And the last option in the GUI, to cleanup (in fact: decline) superseded updates:
|
1 |
$cleanUpScope.DeclineSupersededUpdates = $true |
Other options available
Although the CleanUp Manager wizard did not show more options, there actually is one… Compressing updates.
I found this option by accident since I was using PowerShell ISE and its IntelliSense feature… which gave me a list with options available… and there it was, standing between the other options.
This can be configured with the following command:
|
1 |
$cleanUpScope.CompressUpdates = $true |
Executing the tasks
Now that we’ve got our variables set, we can execute the cleanup task(s) based on those variables.
First we would have to load the WSUS server into a variable. This can be done by using that assembly again, with a little adaptation so that we can use the cleanup manager later on:
|
1 |
$WSUSServer= [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer() |
Now that the server is loaded into a variable, we can use that variable to call for the CleanUp Manager:
|
1 |
$cleanUpManager = $WSUSServer.GetCleanupManager() |
Alright. The assembly is loaded, settings for the tasks have been configured, the update server is stored in a variable and the CleanUp Manager is called.
Now, to execute the actual tasks:
|
1 |
$CleanUpManager.PerformCleanup($cleanupScope) |
My approach
Although the options (1-5) have the order in the GUI as I numbered them in this post, I’ve chosen to execute them in the following order:
1)Â $CleanUpScope.CleanupObsoleteComputers = $true
2)Â $CleanUpScope.DeclineSupersededUpdates = $true
3)Â $CleanUpScope.DeclineExpiredUpdates = $true
4)Â $CleanUpScope.CleanObsoleteUpdates = $true
5)Â $CleanUpScope.CleanupUnneededContentFiles = $true
6)Â $CleanUpScope.CompressUpdates = $true
Why this order?
Well, think about it. First you would want to cleanup the list of computers, then the updates, then the actual content files and last you would want to compress the files that are left… right?
My script
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | Out-Null $WSUSServer = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer() $CleanUpScope = New-Object Microsoft.UpdateServices.Administration.CleanupScope $CleanUpScope.CleanupObsoleteComputers = $true $CleanUpScope.DeclineSupersededUpdates = $true $CleanUpScope.DeclineExpiredUpdates = $true $CleanUpScope.CleanObsoleteUpdates = $true $CleanUpScope.CleanupUnneededContentFiles = $true $CleanUpScope.CompressUpdates = $true $CleanUpManager = $WSUSServer.GetCleanupManager() $CleanUpManager.PerformCleanup($CleanUpScope) |
There is also SQL DB optimization script, which builds some indexes in DB to make queries run faster. It’s from WSUS team, so it should be safe to use. I tried it myself on long-running WSUS DB and had positive results. Check it out: http://gallery.technet.microsoft.com/scriptcenter/6f8cde49-5c52-4abd-9820-f1d270ddea61
Hi BLiTZ,
I’ve passed the script to the SQL guys at my customer since just about never do SQL scripting…
Thanks for sharing 🙂
Jeff.
You’re welcome!
Here is another nice SQL trick for WSUS: if you’re need to download lots of updates quickly (freshrebuilded WSUS), you can switch WSUS to the “foreground” mode. This will stop WSUS from saving your bandwidth and force it to download updates at full speed: http://blogs.technet.com/b/msaad/archive/2010/09/24/increase-wsus-3-updates-download-speed.aspx
I found I needed to change line 8 to add the word “up” to ClenObsoleteUpdates to make it work.
can this be run on SCCM 2012R2 with WSUS installed or not recommended?
I wouldn’t recommend it. There is functionality in ConfigMgr that does this already and when you were to do it in WSUS, ConfigMgr would simply re-download the content and your back to the point where you started…