We have a pretty large WSUS 3.0 hierarchy and use a complicated set of GPOs to configure clients. We use client-side targeting to assign machines to computer groups in WSUS, however this setting needs to be set on each downstream server. Of course over time some of those downstream servers were configured incorrectly, causing patches not being deployed to all machines.
I decided to use a powershell script to identify and fix all downstream servers to switch them to client-side targeting. It's a very simple script with no error handling, but it's a pretty good start to do all kinds of automatic configuration changes. This needs to run on the upstream server and of course requires powershell:
----
[System.Reflection.Assembly]::LoadWithPartialName('microsoft.updateservices.administration')
$ap = new-object 'Microsoft.UpdateServices.Administration.AdminProxy'$local = $ap.GetUpdateServerInstance();
$count = 0
$downstreamservers = $local.GetDownStreamServers();
write-host $downstreamservers.count
foreach ($server in $downstreamservers) {
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($server.fulldomainname, $FALSE);
$name = $wsus.Name
$config = $wsus.GetConfiguration()
if ($config.TargetingMode -eq "Client" )
{ write-host "Targeting Mode on $name is Client" -fore Green }
else
{ write-host "Targeting Mode on $name is Server." -fore Red
write-host "Updating config..." -fore Yellow $config.TargetingMode = "Client" $config.Save($FALSE)
$count++
}
}
write-host "Updated $count servers" -fore Yellow
-----
Brief explanation: First we get the local WSUS server and get a collection of all donwstreamservers.
The script then loops thru each WSUS server it found, gets its configuration and checks the "TargetingMode" property. If it's not "Client" we change it to "Server" to client and store the configuration back to the server using the "Save" Method of the configuration object.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment