-
Notifications
You must be signed in to change notification settings - Fork 74
/
Set-ClientWSUSSetting.ps1
359 lines (330 loc) · 37.9 KB
/
Set-ClientWSUSSetting.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
Function Set-ClientWSUSSetting {
<#
.SYNOPSIS
Sets the wsus client settings on a local or remove system.
.DESCRIPTION
Sets the wsus client settings on a local or remove system.
.PARAMETER Computername
Name of computer to connect to. Can be a collection of computers.
.PARAMETER UpdateServer
URL of the WSUS server. Must use Https:// or Http://
.PARAMETER TargetGroup
Name of the Target Group to which the computer belongs on the WSUS server.
.PARAMETER DisableTargetGroup
Disables the use of setting a Target Group
.PARAMETER Options
Configure the Automatic Update client options.
Accepted Values are: "Notify","DownloadOnly","DownloadAndInstall","AllowUserConfig"
.PARAMETER DetectionFrequency
Specifed time (in hours) for detection from client to server.
Accepted range is: 1-22
.PARAMETER DisableDetectionFrequency
Disables the detection frequency on the client.
.PARAMETER RebootLaunchTimeout
Set the timeout (in minutes) for scheduled restart.
Accepted range is: 1-1440
.PARAMETER DisableRebootLaunchTimeout
Disables the reboot launch timeout.
.PARAMETER RebootWarningTimeout
Set the restart warning countdown (in minutes)
Accepted range is: 1-30
.PARAMETER DisableRebootWarningTimeout
Disables the reboot warning timeout
.PARAMETER RescheduleWaitTime
Time (in minutes) that Automatic Updates should wait at startup before applying updates from a missed scheduled installation time.
.PARAMETER DisableRescheduleWaitTime
Disables the RescheduleWaitTime
.PARAMETER ScheduleInstallDay
Specified Day of the week to perform automatic installation. Only valid when Options is set to "DownloadAndInstall"
Accepted values are: "Everyday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday","Sunday"
.PARAMETER ElevateNonAdmins
Allow non-administrators to approve or disapprove updates
Accepted values are: "Enable","Disable"
.PARAMETER AllowAutomaticUpdates
Enables or disables Automatic Updates
Accepted values are: "Enable","Disable"
.PARAMETER UseWSUSServer
Enables or disables use of a Windows Update Server
Accepted values are: "Enable","Disable"
.PARAMETER AutoInstallMinorUpdates
Enables or disables silent installation of minor updates.
Accepted values are: "Enable","Disable"
.PARAMETER AutoRebootWithLoggedOnUsers
Enables or disables automatic reboots after patching completed whether users or logged into the machine or not.
Accepted values are: "Enable","Disable"
.NOTES
Name: Set-WSUSClient
Author: Boe Prox
https://learn-powershell.net
DateCreated: 02DEC2011
DateModified: 28Mar2014
To do: Add -PassThru support
.LINK
http://technet.microsoft.com/en-us/library/cc708449(WS.10).aspx
.EXAMPLE
Set-ClientWSUSSetting -UpdateServer "http://testwsus.com" -UseWSUSServer Enable -AllowAutomaticUpdates Enable -DetectionFrequency 4 -Options DownloadOnly
Description
-----------
Configures the local computer to enable automatic updates and use testwsus.com as the update server. Also sets the update detection
frequency to occur every 4 hours and only downloads the updates.
.EXAMPLE
Set-ClientWSUSSetting -UpdateServer "http://testwsus.com" -UseWSUSServer Enable -AllowAutomaticUpdates Enable -DetectionFrequency 4 -Options DownloadAndInstall -RebootWarningTimeout 15
-ScheduledInstallDay Monday -ScheduledInstallTime 20
Description
-----------
Configures the local computer to enable automatic updates and use testwsus.com as the update server. Also sets the update detection
frequency to occur every 4 hours and performs the installation automatically every Monday at 8pm and configured to reboot 15 minutes (with a timer for logged on users) after updates
have been installed.
#>
[cmdletbinding(
SupportsShouldProcess = $True
)]
Param (
[parameter(Position=0,ValueFromPipeLine = $True)]
[string[]]$Computername = $Env:Computername,
[parameter(Position=1)]
[string]$UpdateServer,
[parameter(Position=2)]
[string]$TargetGroup,
[parameter(Position=3)]
[switch]$DisableTargetGroup,
[parameter(Position=4)]
[ValidateSet('Notify','DownloadOnly','DownloadAndInstall','AllowUserConfig')]
[string]$Options,
[parameter(Position=5)]
[ValidateRange(1,22)]
[Int32]$DetectionFrequency,
[parameter(Position=6)]
[switch]$DisableDetectionFrequency,
[parameter(Position=7)]
[ValidateRange(1,1440)]
[Int32]$RebootLaunchTimeout,
[parameter(Position=8)]
[switch]$DisableRebootLaunchTimeout,
[parameter(Position=9)]
[ValidateRange(1,30)]
[Int32]$RebootWarningTimeout,
[parameter(Position=10)]
[switch]$DisableRebootWarningTimeout,
[parameter(Position=11)]
[ValidateRange(1,60)]
[Int32]$RescheduleWaitTime,
[parameter(Position=12)]
[switch]$DisableRescheduleWaitTime,
[parameter(Position=13)]
[ValidateSet('EveryDay','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday','Sunday')]
[ValidateCount(1,1)]
[string[]]$ScheduleInstallDay,
[parameter(Position=14)]
[ValidateRange(0,23)]
[Int32]$ScheduleInstallTime,
[parameter(Position=15)]
[ValidateSet('Enable','Disable')]
[string]$ElevateNonAdmins,
[parameter(Position=16)]
[ValidateSet('Enable','Disable')]
[string]$AllowAutomaticUpdates,
[parameter(Position=17)]
[ValidateSet('Enable','Disable')]
[string]$UseWSUSServer,
[parameter(Position=18)]
[ValidateSet('Enable','Disable')]
[string]$AutoInstallMinorUpdates,
[parameter(Position=19)]
[ValidateSet('Enable','Disable')]
[string]$AutoRebootWithLoggedOnUsers
)
Begin {
}
Process {
$PSBoundParameters.GetEnumerator() | ForEach {
Write-Verbose ("{0}" -f $_)
}
ForEach ($Computer in $Computername) {
If (Test-Connection -ComputerName $Computer -Count 1 -Quiet) {
$WSUSEnvhash = @{}
$WSUSConfigHash = @{}
$ServerReg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$Computer)
#Check to see if WSUS registry keys exist
$temp = $ServerReg.OpenSubKey('Software\Policies\Microsoft\Windows',$True)
If (-NOT ($temp.GetSubKeyNames() -contains 'WindowsUpdate')) {
#Build the required registry keys
$temp.CreateSubKey('WindowsUpdate\AU') | Out-Null
}
#Set WSUS Client Environment Options
$WSUSEnv = $ServerReg.OpenSubKey('Software\Policies\Microsoft\Windows\WindowsUpdate',$True)
If ($PSBoundParameters['ElevateNonAdmins']) {
If ($ElevateNonAdmins -eq 'Enable') {
If ($pscmdlet.ShouldProcess("Elevate Non-Admins","Enable")) {
$WsusEnv.SetValue('ElevateNonAdmins',1,[Microsoft.Win32.RegistryValueKind]::DWord)
}
} ElseIf ($ElevateNonAdmins -eq 'Disable') {
If ($pscmdlet.ShouldProcess("Elevate Non-Admins","Disable")) {
$WsusEnv.SetValue('ElevateNonAdmins',0,[Microsoft.Win32.RegistryValueKind]::DWord)
}
}
}
If ($PSBoundParameters['UpdateServer']) {
If ($pscmdlet.ShouldProcess("WUServer","Set Value")) {
$WsusEnv.SetValue('WUServer',$UpdateServer,[Microsoft.Win32.RegistryValueKind]::String)
}
If ($pscmdlet.ShouldProcess("WUStatusServer","Set Value")) {
$WsusEnv.SetValue('WUStatusServer',$UpdateServer,[Microsoft.Win32.RegistryValueKind]::String)
}
}
If ($PSBoundParameters['TargetGroup']) {
If ($pscmdlet.ShouldProcess("TargetGroup","Enable")) {
$WsusEnv.SetValue('TargetGroupEnabled',1,[Microsoft.Win32.RegistryValueKind]::Dword)
}
If ($pscmdlet.ShouldProcess("TargetGroup","Set Value")) {
$WsusEnv.SetValue('TargetGroup',$TargetGroup,[Microsoft.Win32.RegistryValueKind]::String)
}
}
If ($PSBoundParameters['DisableTargetGroup']) {
If ($pscmdlet.ShouldProcess("TargetGroup","Disable")) {
$WsusEnv.SetValue('TargetGroupEnabled',0,[Microsoft.Win32.RegistryValueKind]::Dword)
}
}
#Set WSUS Client Configuration Options
$WSUSConfig = $ServerReg.OpenSubKey('Software\Policies\Microsoft\Windows\WindowsUpdate\AU',$True)
If ($PSBoundParameters['Options']) {
If ($pscmdlet.ShouldProcess("Options","Set Value")) {
If ($Options -eq 'Notify') {
$WsusConfig.SetValue('AUOptions',2,[Microsoft.Win32.RegistryValueKind]::DWord)
} ElseIf ($Options = 'DownloadOnly') {
$WsusConfig.SetValue('AUOptions',3,[Microsoft.Win32.RegistryValueKind]::DWord)
} ElseIf ($Options = 'DownloadAndInstall') {
$WsusConfig.SetValue('AUOptions',4,[Microsoft.Win32.RegistryValueKind]::DWord)
} ElseIf ($Options = 'AllowUserConfig') {
$WsusConfig.SetValue('AUOptions',5,[Microsoft.Win32.RegistryValueKind]::DWord)
}
}
}
If ($PSBoundParameters['DetectionFrequency']) {
If ($pscmdlet.ShouldProcess("DetectionFrequency","Enable")) {
$WsusConfig.SetValue('DetectionFrequencyEnabled',1,[Microsoft.Win32.RegistryValueKind]::DWord)
}
If ($pscmdlet.ShouldProcess("DetectionFrequency","Set Value")) {
$WsusConfig.SetValue('DetectionFrequency',$DetectionFrequency,[Microsoft.Win32.RegistryValueKind]::DWord)
}
}
If ($PSBoundParameters['DisableDetectionFrequency']) {
If ($pscmdlet.ShouldProcess("DetectionFrequency","Disable")) {
$WsusConfig.SetValue('DetectionFrequencyEnabled',0,[Microsoft.Win32.RegistryValueKind]::DWord)
}
}
If ($PSBoundParameters['RebootWarningTimeout']) {
If ($pscmdlet.ShouldProcess("RebootWarningTimeout","Enable")) {
$WsusConfig.SetValue('RebootWarningTimeoutEnabled',1,[Microsoft.Win32.RegistryValueKind]::DWord)
}
If ($pscmdlet.ShouldProcess("RebootWarningTimeout","Set Value")) {
$WsusConfig.SetValue('RebootWarningTimeout',$RebootWarningTimeout,[Microsoft.Win32.RegistryValueKind]::DWord)
}
}
If ($PSBoundParameters['DisableRebootWarningTimeout']) {
If ($pscmdlet.ShouldProcess("RebootWarningTimeout","Disable")) {
$WsusConfig.SetValue('RebootWarningTimeoutEnabled',0,[Microsoft.Win32.RegistryValueKind]::DWord)
}
}
If ($PSBoundParameters['RebootLaunchTimeout']) {
If ($pscmdlet.ShouldProcess("RebootLaunchTimeout","Enable")) {
$WsusConfig.SetValue('RebootLaunchTimeoutEnabled',1,[Microsoft.Win32.RegistryValueKind]::DWord)
}
If ($pscmdlet.ShouldProcess("RebootLaunchTimeout","Set Value")) {
$WsusConfig.SetValue('RebootLaunchTimeout',$RebootLaunchTimeout,[Microsoft.Win32.RegistryValueKind]::DWord)
}
}
If ($PSBoundParameters['DisableRebootLaunchTimeout']) {
If ($pscmdlet.ShouldProcess("RebootWarningTimeout","Disable")) {
$WsusConfig.SetValue('RebootLaunchTimeoutEnabled',0,[Microsoft.Win32.RegistryValueKind]::DWord)
}
}
If ($PSBoundParameters['ScheduleInstallDay']) {
If ($pscmdlet.ShouldProcess("ScheduledInstallDay","Set Value")) {
If ($ScheduleInstallDay = 'EveryDay') {
$WsusConfig.SetValue('ScheduledInstallDay',0,[Microsoft.Win32.RegistryValueKind]::DWord)
} ElseIf ($ScheduleInstallDay = 'Monday') {
$WsusConfig.SetValue('ScheduledInstallDay',1,[Microsoft.Win32.RegistryValueKind]::DWord)
} ElseIf ($ScheduleInstallDay = 'Tuesday') {
$WsusConfig.SetValue('ScheduledInstallDay',2,[Microsoft.Win32.RegistryValueKind]::DWord)
} ElseIf ($ScheduleInstallDay = 'Wednesday') {
$WsusConfig.SetValue('ScheduledInstallDay',3,[Microsoft.Win32.RegistryValueKind]::DWord)
} ElseIf ($ScheduleInstallDay = 'Thursday') {
$WsusConfig.SetValue('ScheduledInstallDay',4,[Microsoft.Win32.RegistryValueKind]::DWord)
} ElseIf ($ScheduleInstallDay = 'Friday') {
$WsusConfig.SetValue('ScheduledInstallDay',5,[Microsoft.Win32.RegistryValueKind]::DWord)
} ElseIf ($ScheduleInstallDay = 'Saturday') {
$WsusConfig.SetValue('ScheduledInstallDay',6,[Microsoft.Win32.RegistryValueKind]::DWord)
} ElseIf ($ScheduleInstallDay = 'Sunday') {
$WsusConfig.SetValue('ScheduledInstallDay',7,[Microsoft.Win32.RegistryValueKind]::DWord)
}
}
}
If ($PSBoundParameters['RescheduleWaitTime']) {
If ($pscmdlet.ShouldProcess("RescheduleWaitTime","Enable")) {
$WsusConfig.SetValue('RescheduleWaitTimeEnabled',1,[Microsoft.Win32.RegistryValueKind]::DWord)
}
If ($pscmdlet.ShouldProcess("RescheduleWaitTime","Set Value")) {
$WsusConfig.SetValue('RescheduleWaitTime',$RescheduleWaitTime,[Microsoft.Win32.RegistryValueKind]::DWord)
}
}
If ($PSBoundParameters['DisableRescheduleWaitTime']) {
If ($pscmdlet.ShouldProcess("RescheduleWaitTime","Disable")) {
$WsusConfig.SetValue('RescheduleWaitTimeEnabled',0,[Microsoft.Win32.RegistryValueKind]::DWord)
}
}
If ($PSBoundParameters['ScheduleInstallTime']) {
If ($pscmdlet.ShouldProcess("ScheduleInstallTime","Set Value")) {
$WsusConfig.SetValue('ScheduleInstallTime',$ScheduleInstallTime,[Microsoft.Win32.RegistryValueKind]::DWord)
}
}
If ($PSBoundParameters['AllowAutomaticUpdates']) {
If ($AllowAutomaticUpdates -eq 'Enable') {
If ($pscmdlet.ShouldProcess("AllowAutomaticUpdates","Enable")) {
$WsusConfig.SetValue('NoAutoUpdate',1,[Microsoft.Win32.RegistryValueKind]::DWord)
}
} ElseIf ($AllowAutomaticUpdates -eq 'Disable') {
If ($pscmdlet.ShouldProcess("AllowAutomaticUpdates","Disable")) {
$WsusConfig.SetValue('NoAutoUpdate',0,[Microsoft.Win32.RegistryValueKind]::DWord)
}
}
}
If ($PSBoundParameters['UseWSUSServer']) {
If ($UseWSUSServer -eq 'Enable') {
If ($pscmdlet.ShouldProcess("UseWSUSServer","Enable")) {
$WsusConfig.SetValue('UseWUServer',1,[Microsoft.Win32.RegistryValueKind]::DWord)
}
} ElseIf ($UseWSUSServer -eq 'Disable') {
If ($pscmdlet.ShouldProcess("UseWSUSServer","Disable")) {
$WsusConfig.SetValue('UseWUServer',0,[Microsoft.Win32.RegistryValueKind]::DWord)
}
}
}
If ($PSBoundParameters['AutoInstallMinorUpdates']) {
If ($AutoInstallMinorUpdates -eq 'Enable') {
If ($pscmdlet.ShouldProcess("AutoInstallMinorUpdates","Enable")) {
$WsusConfig.SetValue('AutoInstallMinorUpdates',1,[Microsoft.Win32.RegistryValueKind]::DWord)
}
} ElseIf ($AutoInstallMinorUpdates -eq 'Disable') {
If ($pscmdlet.ShouldProcess("AutoInstallMinorUpdates","Disable")) {
$WsusConfig.SetValue('AutoInstallMinorUpdates',0,[Microsoft.Win32.RegistryValueKind]::DWord)
}
}
}
If ($PSBoundParameters['AutoRebootWithLoggedOnUsers']) {
If ($AutoRebootWithLoggedOnUsers -eq 'Enable') {
If ($pscmdlet.ShouldProcess("AutoRebootWithLoggedOnUsers","Enable")) {
$WsusConfig.SetValue('NoAutoRebootWithLoggedOnUsers',1,[Microsoft.Win32.RegistryValueKind]::DWord)
}
} ElseIf ($AutoRebootWithLoggedOnUsers -eq 'Disable') {
If ($pscmdlet.ShouldProcess("AutoRebootWithLoggedOnUsers","Disable")) {
$WsusConfig.SetValue('NoAutoRebootWithLoggedOnUsers',0,[Microsoft.Win32.RegistryValueKind]::DWord)
}
}
}
} Else {
Write-Warning ("{0}: Unable to connect!" -f $Computer)
}
}
}
}