Status of Update per Update ID from WSUS server

With the Current issue with Ransome Wancrypt we had a requirement where we had WSUS only to get report. WSUS reports are there but the reports were not friendly.

So we had to write two scripts using powershell , one to Get the Summary of Update Installation Status for a Specific or a Set of Updates  and second one to get the list of computers where a updated is needed for a specific Update or for a set of updates.

Thought of Sharing the same as it could be useful for few who are using WSUS as their Patching Mechanism.

  1. Updates Status Primary for a Specific or a Group of Updates.  (These Update ID are for KB4012212,KB4012213,4012214,KB4012598)
#Script to get the Report from WSUS for Updates Status Primary for a Specific or a Group of Updates
#Version 1.0 File Name Report_Summary.ps1
# Output  Folder file path is  $outputfile a
#Created by: Sudheesh Narayanaswamy
#Created for Any WSUS server
#Created on: 5/16/2017
#Run this script in the WSUS server
$outputfile = "C:\Temp\"
$outputfile = $outputfile + "Report_Summary_" + $env:COMPUTERNAME + ".csv"
#Change server name and port number and $True if it is on SSL
[String]$updateServer1 = $env:COMPUTERNAME
[Boolean]$useSecureConnection = $False
[Int32]$portNumber =80
# Load .NET assembly
# Connect to WSUS Server
$updateServer = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($updateServer1,$useSecureConnection,$portNumber)
write-host "<<<Connected sucessfully >>>" -foregroundcolor "yellow"
$computerscope = New-Object Microsoft.UpdateServices.Administration.ComputerTargetScope
$updatescope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
$updatescope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::LatestRevisionApproved
$updatescope.IncludedInstallationStates = [Microsoft.UpdateServices.Administration.UpdateInstallationStates]::NotInstalled
$updatescope.FromArrivalDate = [datetime]"1/1/2017"
$u=$updateServer.GetUpdates($updatescope )
foreach ($u1 in $u )
if ($updateid -contains $u1.UpdateId)
$needed= $u1.DownloadedCount + $u1.NotInstalledCount +$u1.InstalledPendingRebootCount
$Title= $updateServer.GetUpdate($u1.UpdateId).Title
$o= New-Object PSObject
$o | Add-Member NoteProperty Title $Title
$o | Add-Member NoteProperty Installed $u1.InstalledCount
$o | Add-Member NoteProperty Required $needed
$o | Add-Member NoteProperty  Failed $u1.FailedCount
$o | Add-Member NoteProperty Notapplicable $u1.NotApplicableCount
$o | export-csv $outputfile -Append -NoTypeInformation
write-host "<<<Finished sucessfully >>>" -foregroundcolor "yellow"
write-host "Error Occurred"
write-host "Exception Message: "
write-host $_.Exception.Message
write-host $_.Exception.StackTrace

2. Computers which require a specific update or a set of updates

#Script to get the Report from WSUS for Computers which require a specific update or a set of updates
#Version 1.0 File Name Report_detailed.ps1
# Output  Folder file path is  $outputfile a
#Created by: Sudheesh Narayanaswamy
#Created for Any WSUS server
#Created on: 5/16/2017
#Run this script in the WSUS server

$outputfile = "C:\Temp\"
$outputfile = $outputfile + "Report_Detail_" + $env:COMPUTERNAME + ".csv"

#Change server name and port number and $True if it is on SSL
[String]$updateServer1 = $env:COMPUTERNAME
[Boolean]$useSecureConnection = $False
[Int32]$portNumber =80
# Load .NET assembly
# Connect to WSUS Server
$updateServer = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($updateServer1,$useSecureConnection,$portNumber)
write-host "<<<Connected sucessfully >>>" -foregroundcolor "yellow"
$computerscope = New-Object Microsoft.UpdateServices.Administration.ComputerTargetScope
$updatescope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
$updatescope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::LatestRevisionApproved
$updatescope.IncludedInstallationStates = [Microsoft.UpdateServices.Administration.UpdateInstallationStates]::NotInstalled
$updatescope.FromArrivalDate = [datetime]"1/1/2017"
$Update=$updateServer.GetUpdates($updatescope )
foreach ($u1 in $Update)

if ($updateid -contains $u1.Id.UpdateId)
$Computers= $u1.GetUpdateInstallationInfoPerComputerTarget($ComputerScope)
$Title= $updateServer.GetUpdate($u1.Id.UpdateId).Title
foreach ($C1 in $Computers)

if ($C1.UpdateInstallationState -ne "Installed" -and  $C1.UpdateInstallationState -ne "NotApplicable" )

$ComputerName= $updateServer.GetComputerTarget($C1.ComputerTargetId).FullDomainName

$o= New-Object PSObject
$o | Add-Member NoteProperty Title $Title
$o | Add-Member NoteProperty ComputerName $ComputerName
$o | Add-Member NoteProperty Status   $C1.UpdateInstallationState
$o | export-csv $outputfile -Append -NoTypeInformation




write-host "<<<Finished sucessfully >>>" -foregroundcolor "yellow"

write-host "Error Occurred"
write-host "Exception Message: "
write-host $_.Exception.Message
write-host $_.Exception.StackTrace

Hope This would be helpful

Sudheesh Narayanaswamy