WSUS get Unapproved required patches RRS feed

  • Question

  • Hi All,

    I see lot of snippets for extracting info for approved updates everywhere. The problem is when I approve updates for QA / Development server Group, all those are already marked as approved, im finding very difficult to find those approved updates in Development groups and approve the same to production group in the next patching cycle. Any Idea how to get the unapproved patches for a group against approved patches in some other WSUS group?


    • Moved by Bill_Stewart Friday, August 18, 2017 2:49 PM Move to more appropriate forum
    Friday, August 18, 2017 1:27 PM

All replies

  • Post inn WSUS forum to get assistance with WSUS management.  The simple answer is to select the group the update is approved for and to not take the defaults which approve for all groups.

    Here is a basic tutorial on using the WSUS CmdLets: https://blogs.technet.microsoft.com/heyscriptingguy/2013/05/27/use-the-updateservices-module-to-manage-wsus/


    • Edited by jrv Friday, August 18, 2017 2:08 PM
    Friday, August 18, 2017 2:06 PM
  • Hi,

    That's fine, i'm used by tutorials comfortably. The simple approach didn't suffice the requirement.

    Here is what im trying to fetch, if I approve kb's A,B,C for a development group if all goes well I want to approve the same patch on production group. Now KB's A,B,C flags will be already approved (iSapproved) and wont show up for any unapproved filter, if you have KB's like A-Z how do you automate to approve the same set on different computer group ?


    Friday, August 18, 2017 2:58 PM
  • Approvals are by target group so the query must specify the group.


    Friday, August 18, 2017 2:59 PM
  • Yes I'm aware, but still couldn't make it work. Trying with WSUSDB views any better approach ?
    Friday, August 18, 2017 5:07 PM
  • Just approve the updates for the group.  If they haven't been approved for the group they will be approved.

    Be sure to add MissingOrFailed to the criteria.


    Friday, August 18, 2017 5:16 PM
  • Sorry, looks like you haven't got my request!

    This conversation started with the same question, I want to approve the same updates on the production group which was already approved on development group few weeks back . How do I find out the updates which I had approved in the last session and take only security or cumulative Server updates from them? Yes, I can do manually with couple of man hours, but how to automate ? 

    Saturday, August 19, 2017 11:27 AM
  • You will have to save the list of updates and then specify them on the new group when ready.  Save the updates approved as a collection and export the collection using Export-CliXml.  YOU can import this when you are ready.

    This is more of a release process design issue than a scripting issue.


    • Proposed as answer by Yan Li_ Monday, August 21, 2017 6:25 AM
    Saturday, August 19, 2017 4:40 PM
  • Hello,

    You may create an update view for approved updates for specific group, you can filter by only showing updates synced in one week:

    This way, you can select specific updates to apply for other groups.


    Yan Li

    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, August 22, 2017 3:05 AM