How to Connect to WSUS with PowerShell

With a simple code, you can connect to WSUS with PowerShell. I will show you how to connect to the WSUS server using PowerShell and run a few basic commands.

You manage WSUS with a GUI, WSUS administration console, but with PowerShell, you can automate your work with WSUS for more efficiency.

Windows Server Update Services (WSUS) enables the administrators to deploy the latest Microsoft product updates. WSUS is a Windows Server role and when you install it, you can efficiently manage and deploy the updates.

With WSUS console, you can pretty much configure most of the changes that you require. By connecting to WSUS using PowerShell, you can perform some advanced tasks.

For example, you can approve or deny an update, check the failed or not needed updates, get the critical and unapproved updates from WSUS etc.

If you are using WSUS along with SCCM to manage and deploy software updates, you rarely need to open the WSUS console. Most of the administrative tasks can be done from SCCM console.

How to Connect to WSUS with PowerShell

The below PowerShell script by Microsoft helps you to connect to WSUS. The script must be executed on the server where the WSUS Administration Console is installed.

Before you connect to WSUS with PowerShell, few changes that you need to make:

  • Before you run the PowerShell code, you must specify $WSUSServer value which is your WSUS Server FQDN.
  • If you have enabled SSL on WSUS Server, the $UseSSL value must be set to true otherwise false.

You can either save the below PowerShell code to a file with filename.ps1 as extension or directly run the code which lets you connect to WSUS with PowerShell.

$WSUSServer = 'WSUS'
# This is your WSUS Server Name
$Port = 8530
# This is 8531 when SSL is enabled
$UseSSL = $False
#This is $True when SSL is enabled
    $Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($WSUSServer,$UseSSL,$Port)
    Write-Warning "$($WSUSServer)<$($Port)>: $($_)"
Connect to WSUS with PowerShell
Connect to WSUS with PowerShell

After you run the above PowerShell code, there is no confirmation message that lets you know if you have connected to WSUS. You need not worry because the code pretty much works fine and has been tested on several WSUS setups.

While connecting to WSUS with PowerShell, you may encounter the following error:

Exception calling "GetUpdateServer" with "3" argument(s): "The remote server returned an error: (403) Forbidden."

To resolve the above error, you can try flushing the DNS cache on the problematic server or enter only the server name (without FQDN).

Get Critical Unapproved updates in WSUS using PowerShell

Once you connect to WSUS using PowerShell, let’s run some basic commands and find out information from WSUS.

The below PowerShell command lists all the critical unapproved updates in WSUS.

Get-WsusUpdate -Classification Critical -Approval Unapproved -Status Any
Get Critical Unapproved updates in WSUS using PowerShell
Get Critical Unapproved updates in WSUS using PowerShell

There’s so much that you can do with WSUS and PowerShell. Now that you’re connected, with PowerShell commands you can now automate just about any task you need to in WSUS!

Leave a Reply

Your email address will not be published. Required fields are marked *