Posted by After seeing a lot of unusual scripts on the internet, I decided to find out the wheel by myself. Tested this script against 900 different 2016/2019 servers with different configurations. The cool thing is that 95% of all the servers reported directly to WSUS. The only requirement is that your firewalls are edited for allowing traffic on ports 8530 or 8531. Here you are:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
$Tgg = "YourTargetGroup" $Wup = "http://yourprimarywsus.contoso.local:8530" $Wur = "http://yourprimaryorsecudairywsus.contoso.local:8530" #Stop all before the magic can happen stop-service wuauserv -Force stop-service bits -Force stop-service usosvc -Force stop-service cryptsvc -Force #Removing all old Remove-item -Path 'C:\windows\SoftwareDistribution' -Recurse -Force -Confirm:$false -ErrorAction SilentlyContinue Remove-item -Path 'C:\windows\SoftwareDistribution\Datastore' -Recurse -Force -Confirm:$false -ErrorAction SilentlyContinue Remove-item -Path 'C:\windows\SoftwareDistribution\Download' -Recurse -Force -Confirm:$false -ErrorAction SilentlyContinue #Force set WU client settings New-Item –Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -ErrorAction SilentlyContinue New-ItemProperty –Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" –Name TargetGroup -Value $Tgg -PropertyType "String" -Force -ErrorAction SilentlyContinue New-ItemProperty –Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" –Name WUServer -Value $Wup -PropertyType "String" -Force -ErrorAction SilentlyContinue New-ItemProperty –Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" –Name WUStatusServer -Value $Wup -PropertyType "String" -Force -ErrorAction SilentlyContinue New-ItemProperty –Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" –Name UpdateServiceUrlAlternate -Value $Wur -PropertyType "String" -Force -ErrorAction SilentlyContinue New-ItemProperty –Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" –Name TargetGroupEnabled -Value 1 -PropertyType DWord -Force -ErrorAction SilentlyContinue New-ItemProperty –Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" –Name DoNotConnectToWindowsUpdateInternetLocations -Value 1 -PropertyType DWord -Force -ErrorAction SilentlyContinue New-Item –Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -ErrorAction SilentlyContinue New-ItemProperty –Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" –Name UseWUServer -Value 1 -PropertyType DWord -Force -ErrorAction SilentlyContinue New-ItemProperty –Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" –Name NoAutoUpdate -Value 1 -PropertyType DWord -Force -ErrorAction SilentlyContinue #Start all necessary services start-service wuauserv start-service bits start-service usosvc start-service cryptsvc #Detect and reset auth start-sleep -s 60 cmd /c "wuauclt /resetauthorization /detectnow" $updatesession = [activator]::CreateInstance([type]::GetTypeFromProgID("Microsoft.Update.Session",$env:COMPUTERNAME)) $updatesearcher = $updatesession.CreateUpdateSearcher() try{ $searchresult = $updatesearcher.Search("IsInstalled=1") } Catch {} if(!$searchresult){ stop-service wuauserv -force Start-Service wuauserv start-sleep -s 60 $updatesession = [activator]::CreateInstance([type]::GetTypeFromProgID("Microsoft.Update.Session",$env:COMPUTERNAME)) $updatesearcher = $updatesession.CreateUpdateSearcher() $searchresult = $updatesearcher.Search("IsInstalled=1") } start-sleep -s 60 cmd /c "wuauclt /reportnow" |