Manual WSUS Sync using Powershell

A quick blog post tonight:

When setting up WSUS, its common practice to trial updates internally  prior to deployment across an entire environment…

For a recent WSUS setup I completed we decided to leave auto update approval on for all Windows Critical & Security updates so they could be tested after release every Patch Tuesday. After Microsoft’s recent spate of Out-Of-Band updates we were finding that machines were being updated half way through a month due the limited update controls you have with WSUS… We could opt to manually sync updates or select the longest time between syncs of “check once every 24 hours”.

Using some cool tips from the Hey Scripting Guy Blog I’ve slapped together this script that now runs as a scheduled task to download updates once a month on Patch Tuesday.

This is an impractical approach to updating, critical updates should be applied as soon as possible, however forcing a manual WSUS update could come in handy for a select few:

$ErrorActionPreference = "SilentlyContinue"

# WSUS Connection Parameters:
[String]$updateServer = ""
[Boolean]$useSecureConnection = $False
[Int32]$portNumber = 80

# Load .NET assembly

# Connect to WSUS Server
$Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($updateServer,$useSecureConnection,$portNumber)

# Perform Synchronization
$Subscription = $Wsus.GetSubscription()

Write-host “WSUS Sync Started/Queued; Check WSUS console or Event log for any Errors.”;


2 thoughts on “Manual WSUS Sync using Powershell

  1. Hey!

    That would be pretty trival to Add – theres a couple of helpful methods we could use:



    Would yield the current update count that failed to download from upstream.


    Would also show some interesting metrics:

    UpdateCount                                         : 7365
    DeclinedUpdateCount                                 : 2220
    ApprovedUpdateCount                                 : 5119
    NotApprovedUpdateCount                              : 26
    UpdatesWithStaleUpdateApprovalsCount                : 0
    ExpiredUpdateCount                                  : 0
    CriticalOrSecurityUpdatesNotApprovedForInstallCount : 3
    WsusInfrastructureUpdatesNotApprovedForInstallCount : 0
    UpdatesWithClientErrorsCount                        : 63
    UpdatesWithServerErrorsCount                        : 5
    UpdatesNeedingFilesCount                            : 5
    UpdatesNeededByComputersCount                       : 2052
    UpdatesUpToDateCount                                : 0
    CustomComputerTargetGroupCount                      : 7
    ComputerTargetCount                                 : 366
    ComputerTargetsNeedingUpdatesCount                  : 331
    ComputerTargetsWithUpdateErrorsCount                : 16
    ComputersUpToDateCount                              : 4
    UnrecognizedClientRequestedTargetGroupNames         : {DayZero-06.00, DayZeroPlusOne-06.00, SQL_UAT, WIN2008}
    ShouldDeleteUnneededRevisions                       : False

Leave a Reply

Your email address will not be published. Required fields are marked *