Random Notes about WSUS

#Install the PowerShell Windows Update module
$checkModule=Get-Module -ListAvailable -Name PSWindowsUpdate
if(!($checkModule)){
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    # Set PowerShell Gallery as Trusted to bypass prompts
    #$trustPSGallery=(Get-psrepository -Name 'PSGallery').InstallationPolicy
    If($trustPSGallery -ne 'Trusted'){
        Install-PackageProvider -Name Nuget -Force
        #Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted
        }        
    Install-Module PSWindowsUpdate -Confirm:$false
    }
    
# Perform Updates
set-executionpolicy bypass -force
# Register Microsoft Update Service if it has not been registered
$microsoftUpdateId='7971f918-a847-4430-9279-4a52d1efe18d'
if (!($microsoftUpdateId -in (Get-WUServiceManager).ServiceID)){
    Add-WUServiceManager -ServiceID $microsoftUpdateId -Confirm:$false
    }
Get-WindowsUpdate -AcceptAll -WindowsUpdate -Install -IgnoreReboot

[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer(“wsusserver01”,$False,8530)
However we have now reconfigured the WSUS server to use HTTPS and I don't seem to be able to connect any more.
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer(“wsusserver01.domain.com”,$True,8531)

Function Force-WSUSCheckin($Computer)
{
   Invoke-Command -computername $Computer -scriptblock { Start-Service wuauserv -Verbose }
   # Have to use psexec with the -s parameter as otherwise we receive an "Access denied" message loading the comobject
   $Cmd = '$updateSession = new-object -com "Microsoft.Update.Session";
   $updates=$updateSession.CreateupdateSearcher().Search($criteria).Updates'
   & c:\bin\psexec.exe -s \\$Computer powershell.exe -command $Cmd
   Write-host "Waiting 10 seconds for SyncUpdates webservice to complete to add to the wuauserv queue so that it can be reported on"
   Start-sleep -seconds 10
   Invoke-Command -computername $Computer -scriptblock
   {
      # Now that the system is told it CAN report in, run every permutation of commands to actually trigger the report in operation
      wuauclt /detectnow
      (New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
      wuauclt /reportnow
      c:\windows\system32\UsoClient.exe startscan
   }
}

# Set Domain Joined computers to use Domain Hierarchy time source propagation protocol as well as manual as fall-back
Function setClientNTP{
	param($externalTimeSources='0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org')
    $clientNTPSetting="w32tm /config /syncfromflags:domhier /manualpeerlist:$externalTimeSources /update"
    Invoke-Expression $clientNTPSetting
    reg add "HKLM\system\CurrentControlSet\Services\W32Time\Parameters" /v SpecialPollInterval /t REG_DWORD /d 3600 /f    
    $w32TimeStartType=(Get-Service w32time).StartType
    if ($w32TimeStartType -ne "Automatic"){
        Set-Service –Name w32time –StartupType "Automatic"
        start-service w32time
        }
    restart-service W32Time
    write-host "Triggering time sync..."
    w32tm -resync
    w32tm /query /status
}
setClientNTP

Leave a Reply

Your email address will not be published. Required fields are marked *