Use this script if you have turned off the option to auto-reapprove revisions. If you have turned off this option, you will need to manage update revisions manually. By default, this script gives you the recommended approval action for updates with old revisions approved (the recommended action is to unapprove them if the new revision is marked “expired”, and otherwise to move the approval to the latest revision). When run in silent mode with the -q or -quiet command-line switch, the script applies the recommended approval action.

PowerShell
Edit|Remove
$doRecommendedAction = $false
if ($args[0] -ne $null)
{
  if (($args[0].ToUpper() -eq "-Q") -or ($args[0].ToUpper() -eq "-QUIET"))
  {
    $doRecommendedAction = $true
  }
  else
  {
    write-host "Usage: manage-approvals.ps1 [<-quiet>/<-q>]"
    exit
  }
}

# Load administration
[System.Reflection.Assembly]::LoadWithPartialName('Microsoft.UpdateServices.Administration') | out-null


# Create update server
write-host "<<< Connecting to WSUS server >>>" -foregroundcolor "yellow"
$updateServer = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer()
write-host ""

# Get all updates and loop through them to find out if there are any unapproved ones 
# with older revisions that are approved
$updates = $updateServer.GetUpdates()
$count = 1
$didNothing = $true

foreach ($update in $updates)
{
    if (($update.IsApproved -eq $false) -and ($update.HasEarlierRevision -eq $true))
    {
        $revisions = $update.GetRelatedUpdates([Microsoft.UpdateServices.Administration.UpdateRelationship]::AllRevisionsOfThisUpdate)
        
        # Find the first revision that has any approval on it
        foreach ($revision in $revisions)
        {
            if ($revision.IsApproved)
            {
                $didNothing = $false
                $approvals = $revision.GetUpdateApprovals()
                foreach ($approval in $approvals)
                {
                  $targetGroup = $approval.GetComputerTargetGroup()
                    write-host "Update #" $count
                    write-host "----------"
                    write-host " Update ID         :" $update.Id.UpdateId.ToString()
                    write-host " Update title      :"$update.Title
                    write-host " Current state     : An older revision is approved for" $approval.Action.ToString() "for target group" $targetGroup.Name
    
                    $action = "s" # skip by default
                    
                    if ($update.PublicationState -eq [Microsoft.UpdateServices.Administration.PublicationState]::Expired)
                    {
            if ($doRecommendedAction -eq $true)
            {
              # Recommended action: Decline update
              $action = "d"
            }
            else
            {
              # Recommended action: Decline update
              write-host " Recommended action: Decline this update" -foregroundcolor "blue" -backgroundcolor "yellow"
              write-host ""
              $action = read-host " Decline (d)/Skip (s or Enter)"
            }
                    }
                    else
                    {
            if ($doRecommendedAction -eq $true)
            {
              # Recommended action: Move approval to the latest revision
              $action = "m"
            }
            else
            {
              # Recommended action: Move approval to the latest revision
              write-host " Recommended action: Move this approval to the latest revision" -foregroundcolor "blue" -backgroundcolor "yellow"
              write-host ""
              $action = read-host " Move (m)/Skip (s or Enter)"
            }
                    }

                    switch ($action)
                    {
                        "d" # Decline
                        {
                            write-host " Declining update ..."
                            $approval.Delete()
                            $update.Decline()
                            write-host " Done!"
                        }
                        
                        "m" # Move
                        {
                            write-host " Moving approval ..."
                            $approval.Delete()
                            $update.Approve($approval.Action, $targetGroup, $approval.Deadline) | out-null
                            write-host " Done!"
                        }
                        
                        default
                        {
                            write-host " Skipping"
                        }
                    }
                    
                    write-host ""
                    $count = $count + 1
                }
            }
        }
    }
}

if ($didNothing -eq $true)
{
    write-host "No updates detected that have approvals for older revisions"
}

trap
{
    write-host "Error Occurred"
    write-host "Exception Message: " 
    write-host $_.Exception.Message
    write-host $_.Exception.StackTrace
    exit
}

# EOFEnumerateAD($ds.SearchRoot);