So, I am restructuring some WSUS groups to make them easier to report on, but I already had a large number of approvals on one group that I wanted to retain.
There are already a few interpretations of this on the web, but none that in my opinion are as slick as this, or provide quite the same level of functionality. Another PowerShell script, should be useful for someone.
Run the script below, then call it using the following syntax:
Copy-WsusGroupApprovals -WsusServerFqdn wsus.domain.co.uk -SourceGroupName "OldServers" -TargetGroupName "NewServers"
You can optionally specify a port, the default being 8530. You can also specify to use a secure connection. The group names are both case sensitive though.
# ----------------------------------------------------------------------------------------------------------
# PURPOSE: WSUS - Copy Approvals from one Group to another Group
#
# VERSION DATE USER DETAILS
# 1 21/01/2016 Craig Tolley First Version
#
# ----------------------------------------------------------------------------------------------------------
#.SYNOPSIS
# Copies all approvals from the specified source group to the specified destination group.
# Group names are case sensitive.
# Unless specified the default WSUS port of 8530 will be used to connect.
function Copy-WsusGroupApprovals
{
param
(
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[String]$WsusServerFqdn,
[Int]$WsusServerPort = 8530,
[Boolean]$WsusServerSecureConnect = $false,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[String]$SourceGroupName,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[String]$TargetGroupName
)
# Load the assembly required
try
{
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
}
catch
{
Write-Error "Unable to load the Microsoft.UpdateServices.Administration assembly: $($_.Exception.Message)"
break
}
# Attempt the connection to the WSUS Server
try
{
$WsusServer = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($WsusServerFqdn, $WsusServerSecureConnect, $WsusServerPort)
}
catch
{
Write-Error "Unable to connect to the WSUS Server: $($_.Exception.Message)"
break
}
# Get all of the Wsus Groups, and check that the specified source and destination groups exist
$Groups = $WsusServer.GetComputerTargetGroups()
If ($Groups.Name -notcontains $SourceGroupName -or $Groups.Name -notcontains $TargetGroupName)
{
Write-Error "Source or Destination group names cannot be found in the list of groups on the WSUS Server. Group names are case sensitive. Please check your names."
break
}
$SourceGroupObj = $Groups | Where {$_.Name -eq $SourceGroupName}
$TargetGroupObj = $Groups | Where {$_.Name -eq $TargetGroupName}
# Get all of the updates on the server
Write-Progress -Activity "Getting Details of all updates"
$Updates = $WsusServer.GetUpdates()
# Go through each of the updates. If the update has an approval for the source group, then create an approval for the destination group.
$i = 0
$Approved = 0
ForEach ($Update in $Updates)
{
$i ++
Write-Progress -Activity "Copying update approvals" -PercentComplete (($i/$($Updates.Count))*100) -Status "$i of $($Updates.Count)"
if ($Update.GetUpdateApprovals($SourceGroupObj).Count -ne 0 -and $Update.GetUpdateApprovals($TargetGroupObj).Count -eq 0)
{
Write-Host ("Approving {0} for {1}" -f $Update.Title, $TargetGroupObj.Name)
$Update.Approve('Install',$TargetGroupObj) | Out-Null
$Approved ++
}
}
Write-Progress -Activity "Copying update approvals" -Completed
Write-Output ("Approved {0} updates for target group {1}" -f $Approved, $TargetGroupName)
}
You are the man Craig!!! This is exactly what I’ve been looking for. Thanks!
Thanks for the script. Very usefull
No problem at all.