david/WSUS
1
0
Fork 0
Code Releases Activity
Files
main
WSUS/auto-approval/readme.md
David Wuibaille 24c0c6509f Auto-commit: 2025-10-31 08:55:43
2025-10-31 08:55:43 +01:00

31 lines
1.2 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# WSUS Automate Patch Assignment to Groups
PowerShell script to automatically **promote WSUS approvals** across groups after a delay, accept EULAs, and decline superseded updates when a newer update is approved in production.
## What it does
- Sync approvals after X days:
- `Pilot → Global1`
- `Global1 → Global2`
- Accept license agreements when required.
- Decline superseded updates if a superseding update is approved for **Global2**.
- Write rotating logs to `C:\Logs` (keeps the latest 60 files).
## Requirements
- Run on the WSUS server with **Administrator** privileges.
- WSUS installed (PowerShell `UpdateServices` module or the WSUS Admin DLL available).
- Existing WSUS groups: `Pilot`, `Global1`, `Global2` (adjust names if different).
## Configuration
Edit the top of the script:
- `\$SyncApprovals` define source/target groups and `MinDays`.
- `\$logFolder`, `\$maxLogs` logging folder and retention.
- Superseded-decline rule currently targets `Global2`.
## Quick start
```powershell
# Run the script (no parameters)
.\Wsus-ManageApprovals.ps1
```
## Full documentation
https://blog.wuibaille.fr/2024/10/automate-assign-patch-to-group/
View Git Blame Copy Permalink