<# .SYNOPSIS .NOTES Version: 1.0 Author: Hubert CORNET Creation Date: Purpose/Change: Initial script development .LINK https://www.tips-of-mine.fr .EXEMPLE .DESCRIPTION .PARAMETER .INPUTS .OUTPUTS .log> #> #---------------------------------------------------------[Initialisations]-------------------------------------------------------- # Définir l'action d'erreur pour continuer silencieusement $ErrorActionPreference = "SilentlyContinue" # Bibliothèques de fonctions requises #----------------------------------------------------------[Declarations]---------------------------------------------------------- # Version Script $sScriptVersion = "1.0" #Log File Info $sLogPath = "C:\Tmp" $sLogName = ".log" $sLogFile = Join-Path -Path $sLogPath -ChildPath $sLogName $WsusServerFqdn='SWADMAPPP01' $WsusSourceGroup = 'ServersPREPRD' $WsusTargetGroup = 'ServersPRD' $LOG = 'C:\Exploit\Logs\Approved_Updates_ServersPRD' $Timestamp = Get-Date -Format FileDate $LOGFILE = "$LOG.$Timestamp.log" $i = 0 #-----------------------------------------------------------[Functions]------------------------------------------------------------ #------------------------------------------------------------[Script]-------------------------------------------------------------- cls [void][reflection.assembly]::LoadWithPartialName( “Microsoft.UpdateServices.Administration”) $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer( $WsusServerFqdn, $False, ‘8530’) $Groups = $wsus.GetComputerTargetGroups() $WsusSourceGroupObj = $Groups | Where {$_.Name -eq $WsusSourceGroup} $WsusTargemtGroupObj = $Groups | Where {$_.Name -eq $WsusTargetGroup} $Updates = $wsus.GetUpdates() ForEach ($Update in $Updates) { If ($Update.GetUpdateApprovals($WsusSourceGroupObj).Count -ne 0 -and $Update.GetUpdateApprovals($WsusTargetGroupObj).Count -eq 0) { $i ++ Write-Output (“Approving ” + $Update.Title) | Out-File $LOGFILE -Append $Update.Approve(‘Install’,$WsusTargetGroupObj) | Out-Null } } Write-Output (“Approved {0} updates for target group {1}” -f $i, $WsusTargetGroup)