WSUS: Get Superceded Status of Updates

I create Windows Server images and like to ensure they are patched up to date, but in the most efficient way possible. One approach would be to install every patch ever released, but that might take forever. Instead, I only want to install the latest patches for anything, i.e. ones that have not been superseded. To that end, I put together the following PowerShell snippet to run through the list of patches I currently install (exported to a text file) and show me the ones that are superseded. This snippet targets Server 2008 R2 patches only at the moment, but can easily be tweaked for other platforms.

The interesting parts are connecting to and searching the WSUS server.

[Reflection.Assembly]::LoadWithPartialName(
                       "Microsoft.UpdateServices.Administration") | Out-Null
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer(
                       "mywsus.server.net", $false)

Get-Content .\patches.txt | % {
        $wsus.SearchUpdates($_) |
        Where {$_.legacyname -like '*2008R2*SP1-X64*'} |
        Select KnowledgebaseArticles, IsSuperseded
}

via Hey, Scripting Guys! Blog

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>