david/WSUS
1
0
Fork 0
Code Releases Activity
Files
87cda29a5755c95ecc20e81a43b80e5f6cf78d32
WSUS/auto-approval/readme.md
David Wuibaille 24c0c6509f Auto-commit: 2025-10-31 08:55:43
2025-10-31 08:55:43 +01:00

1.2 KiB
Raw Blame History

WSUS Automate Patch Assignment to Groups

PowerShell script to automatically promote WSUS approvals across groups after a delay, accept EULAs, and decline superseded updates when a newer update is approved in production.

What it does

  • Sync approvals after X days:
    • Pilot → Global1
    • Global1 → Global2
  • Accept license agreements when required.
  • Decline superseded updates if a superseding update is approved for Global2.
  • Write rotating logs to C:\Logs (keeps the latest 60 files).

Requirements

  • Run on the WSUS server with Administrator privileges.
  • WSUS installed (PowerShell UpdateServices module or the WSUS Admin DLL available).
  • Existing WSUS groups: Pilot, Global1, Global2 (adjust names if different).

Configuration

Edit the top of the script:

  • \$SyncApprovals define source/target groups and MinDays.
  • \$logFolder, \$maxLogs logging folder and retention.
  • Superseded-decline rule currently targets Global2.

Quick start

# Run the script (no parameters)
.\Wsus-ManageApprovals.ps1

Full documentation

https://blog.wuibaille.fr/2024/10/automate-assign-patch-to-group/

View Git Blame Copy Permalink