Decline WSUS Update Types

Decline several Update Types in Windows Server Update Services (WSUS). For example Beta and Preview Updates, Updates for Itanium, Drivers, Dell Hardware Drivers, Surface Hardware Drivers, SharePoint Updates in Office Channel, Language on Demand Feature updates and superseded upda

 
 
 
 
 
5 Star
(1)
2,070 times
Add to favorites
Windows Update
3/4/2018
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Add on declining of x86 and ARM?
    2 Posts | Last post Sun 2:47 PM
    • Awesome little script that has proved very useful. Is there any way of declining updates for x86/32-Bit and ARM architectures too? Tried adding it myself and couldnt work out what to put for the "PatchType -value" variable
    • [switch]$Win10x86 ,
      [switch]$Win10arm64 ,
      
      IF ($Win10x86 -eq $true)
      {
          Write-Output "Declining of Windows 10 updates for x86 (32-bit) selected, starting query."
          $Win10x86u = $WsusServerAdminProxy.GetUpdates() | ?{-not $_.IsDeclined -and $_.Title -match “Windows 10” -and $_.Title -match “x86”}
          If($Win10x86u) 
          {
            Write-Output "Found $($Win10x86u.count) 'Windows 10 x86 (32-bit)' updates to decline"
      	  IF (! $WhatIF) {$Win10x86u | %{$_.Decline()}}
            $Win10x86u | Add-Member -MemberType NoteProperty -Name PatchType -value "Windows 10 x86 (32-bit)"
            $Updates = $Updates + $Win10x86u
          }
          Else
          {"No Windows 10 x86 (32-bit) updates found that needed declining. Come back next 'Patch Tuesday' and you may have better luck."}
      }
      IF ($Win10arm64 -eq $true)
      {
          Write-Output "Declining of Windows 10 updates for arm64 selected, starting query."
          $Win10arm64u = $WsusServerAdminProxy.GetUpdates() | ?{-not $_.IsDeclined -and $_.Title -like "*Windows 10*" -and $_.Title -like "*arm64*"}
          If($Win10arm64u) 
          {
            Write-Output "Found $($Win10arm64u.count) 'Windows 10 for arm64' updates to decline"
      	  IF (! $WhatIF) {$Win10arm64u | %{$_.Decline()}}
            $Win10arm64u | Add-Member -MemberType NoteProperty -Name PatchType -value "Windows 10 for arm64"
            $Updates = $Updates + $Win10arm64u
          }
          Else
          {"No Windows 10 for arm64 updates found that needed declining. Come back next 'Patch Tuesday' and you may have better luck."}
      }
      
  • Added a section for Security Only updates
    1 Posts | Last post August 08, 2019
    • If you deploy the monthly rollups you can safely decline the security only counterparts.
      
      Add the following to the Param section on a new line somewhere in the middle:
      
      [switch]$SecurityOnly,
      
      Add this whole new section in between one of the other sections of the same format:
      
      IF ($SecurityOnly -eq $true)
      {
          Write-Output "Declining of Security Only updates selected, starting query."
          $SecurityOnlyUpdates = $WsusServerAdminProxy.GetUpdates() | ?{-not $_.IsDeclined -and $_.Title -match “Security Only”}
          Write-Output "Found $($SecurityOnlyUpdates.count) Security Only Updates to decline"
          If($SecurityOnlyUpdates) 
          {
            IF (! $WhatIF) {$SecurityOnlyUpdates | %{$_.Decline()}}
            $SecurityOnlyUpdates | Add-Member -MemberType NoteProperty -Name PatchType -value "SecurityOnly"
            $Updates = $Updates + $SecurityOnlyUpdates
          }
          Else
          {"No Security Only Updates found that needed declining. Come back next 'Patch Tuesday' and you may have better luck."}  
      }
      
      Thanks for this script. Hopefully this amendment enhances it for someone else.
      
  • "-Preview" switch isn't working
    1 Posts | Last post June 26, 2019
    • Found this script linked via this Best Practices article: https://support.microsoft.com/en-us/help/4490414/windows-server-update-services-best-practices
      
      The "-Preview" switch was delivering 0 results, fixed it with a small edit to line #123 (added a pair of parentheses):
      
      $BetaUpdates = $WsusServerAdminProxy.GetUpdates() | ?{-not $_.IsDeclined  -and ($_.Title -match “preview|beta” -or (-not $_.IsDeclined -and $_.IsBeta -eq $true))}
      
      Hope this helps someone =O)