Powershell: Generating WSUS Reports
In a large environment the WSUS report can take a while to generate and even then it requires you to flip through what could be thousands of pages just to view which computers are missing what.
Figuring out a way to generate a CSV report that would display all the computers in a given WSUS group along with any updates they were missing. With some help from some Powershell Guru's you can build a script together that generates a report.
Overview
The script can be run from any directory and will drop a CSV named after the group you queried in the same directory as the script.
The user is prompted with a menu that has three options.
- Option 1 List WSUS Groups found on your WSUS server.
- Option 2 Pulls all the computers and their update information from the group specified. (Ex. Servers)
- The script will query your WSUS server directly to pull the latest information. (Dependent on your WSUS server and clients communicating properly for accurate information)
- Option 3 Quit
Examples:
Code:
001.####################################################################
002.# #
003.# Author: Christopher Cardenas #
004.# Creation Date: 9/5/2015 #
005.# Last Modified: 06/23/2015 #
006.# #
007.# *Modified for release to TechNet Wiki Articles. #
008.# #
009.# #
010.# #
011.# #
012.####################################################################
013.#######################################################################################################################################
014.# The following section was taken from http://blogs.msdn.com/b/virtual_pc_guy/archive/2010/09/23/a-self-elevating-#powershell-script.aspx
015.# This section is used to ensure we are running the script "As Administrator" so we don't get access denied errors when we #run
016.# commands that require administrator permissions.
017.# Get the ID and security principal of the current user account
018.$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
019.$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
020.# Get the security principal for the Administrator role
021.$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
022.# Check to see if we are currently running "as Administrator"
023.if ($myWindowsPrincipal.IsInRole($adminRole))
024.{
025. # We are running "as Administrator" - so change the title and background color to indicate this
026. $Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
027. $Host.UI.RawUI.BackgroundColor = "DarkBlue"
028. clear-host
029.}
030.else
031.{
032. # We are not running "as Administrator" - so relaunch as administrator
033. # Create a new process object that starts PowerShell
034. $newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";
035. # Specify the current script path and name as a parameter
036. $newProcess.Arguments = $myInvocation.MyCommand.Definition + " -Step $Step";
037. # Indicate that the process should be elevated
038. $newProcess.Verb = "runas";
039. # Start the new process
040. [System.Diagnostics.Process]::Start($newProcess);
041. # Exit from the current, unelevated, process
042. exit
043.}
044.#######################################################################################################################################
045.$MyDir = [System.IO.Path]::GetDirectoryName($myInvocation.MyCommand.Definition)
046.Set-Location $MyDir
047.[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | Out-Null
048.$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer('GSSCCM2',$False,8530) #Change to SCCM server name
049.
050.$computerscope = New-Object Microsoft.UpdateServices.Administration.ComputerTargetScope
051.$updatescope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
052.#Exclude the following states from update list
053.$updatescope.ExcludedInstallationStates = 'NotApplicable','Unknown','Installed'
054.
055.#Create Forward and Reverse lookup
056.$groups = @{}
057.$dataHolder = @()
058.$wsus.GetComputerTargetGroups() | ForEach {$groups[$_.Name]=$_.id;$groups[$_.ID]=$_.name}
059.
060.Do {
061.$keepRunning = $true
062.Write-Host "
063.----------MENU----------------------------
064.1 = List WSUS Groups
065.2 = Pull Updates For Entire WSUS Group
066.3 = Quit
067.------------------------------------------"
068.$choice1 = read-host -prompt "Select number & press enter:"
069.
070.Switch ($choice1) {
071."1" {$wsus.GetComputerTargetGroups().Name}
072."2" {
073. $DataHolder = @()
074. $computerscope4 = New-Object Microsoft.UpdateServices.Administration.ComputerTargetScope
075. $updatescope4 = New-Object Microsoft.UpdateServices.Administration.UpdateScope
076. #Only list updates that are needed
077. $updatescope4.ExcludedInstallationStates = 'NotApplicable','Unknown','Installed'
078. #Only list updates that are approved
079. $updatescope4.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::LatestRevisionApproved;
080.
081. $TargetGroup = Read-Host -prompt "Please enter a group name:"
082.
083. $pcgroup = @($wsus.GetComputerTargets($computerscope4) | Where {$_.ComputerTargetGroupIds -eq $groups[$TargetGroup]}) | Select -expand Id
084.
085. $pcinfo = $wsus.GetSummariesPerComputerTarget($updatescope4,$computerscope4) | Where {$pcgroup -Contains $_.ComputerTargetID} | ForEach {
086. $computerscope2 = New-Object Microsoft.UpdateServices.Administration.ComputerTargetScope
087. $computerscope2.NameIncludes = $wsus.GetComputerTarget(([guid]$_.ComputerTargetId)).FullDomainName
088.
089. $pcupSum = ($wsus.GetSummariesPerUpdate($updatescope4,$computerscope2) | ForEach-Object {($wsus.GetUpdate($_.UpdateId).Title)})
090.
091.
092. $data = New-Object PSObject -Property @{
093. "Client" = $wsus.GetComputerTarget(([guid]$_.ComputerTargetId)).FullDomainName
094. "IP Address" = $wsus.GetComputerTarget(([guid]$_.ComputerTargetId)).IPAddress
095. "Group" = $wsus.GetComputerTarget(([guid]$_.ComputerTargetId)).RequestedTargetGroupName
096. "Updates" = ($_.NotInstalledCount + $_.DownloadedCount)
097. "Failed" = $_.FailedCount
098. "LastSync" = $wsus.GetComputerTarget(([guid]$_.ComputerTargetId)).LastReportedStatusTime
099. "Titles" = $pcupSum | Out-String
100. }
101.
102. $DataHolder += $data | Select Client,"IP Address",Group,Updates,Failed,LastSync,Titles | Where {$_.Updates -ne "0"}
103.
104. }
105. #Display table in PS Window. Commented out due to being too large of a table to display properly.
106. #$DataHolder | Select Client,"IP Address",Group,Updates,Failed,LastSync,Titles| Sort LastSync -Descending |
107. #Format-Table -Wrap -Autosize @{L="Last Sync with WSUS";E={$_.LastSync};align='left'},@{L="Host Name";E={$_.Client};align='center'},"IP Address",@{L="WSUS Group";E={$_.Group};align='center'},@{L="# Needed";E={$_.Updates};align='center'},@{L="Failed";E={$_.Failed};align='center'},@{L="Updates Titles";E={$_.Titles};align='left'}
108.
109. #Create CSV
110. $DataHolder | Select LastSync,Client,"IP Address",Group,Updates,Failed,Titles | Sort LastSync -Descending | Export-Csv "$TargetGroup.csv" -NoTypeInformation
111. #Display GridView Popup
112. $DataHolder | Select LastSync,Client,"IP Address",Group,Updates,Failed,Titles | Sort LastSync -Descending | Out-GridView -Title $TargetGroup
113.
114. $DataHolder= @()
115. $pcupSum = ""
116. }
117."3" {$keepRunning = $False
118. exit
119. }
120.}
121.} while ($keepRunning -eq $true)
Requirements:
- Powershell 2.0 or higher
- WSUS Server