Press "Enter" to skip to content

Powershell: Automatically decline ARM64 Updates on WSUS

0

The PowerShell script below allows you to automatically decline ARM64 updates from Windows 10 into WSUS.

The script can be started manually or by a scheduled task.

The script must be running on the WSUS server.

Works under:

  • Windows 2012 and 2010R2
  • Windows 2016
Param(
  [string]$WsusServer = ([system.net.dns]::GetHostByName('localhost')).hostname,
  [bool]$UseSSL = $False,
  [int]$PortNumber = 8530,
  [bool]$TrialRun = $False,
  [bool]$EmailLog = $False,
  [string]$SMTPServer = "smtp.domain.intra",
  [string]$From = "[email protected]",
  [string]$To = "[email protected]",
  [string]$Subject = "WSUS :: Declining ARM Updates"
)
$script:CurrentErrorActionPreference = $ErrorActionPreference
$ErrorActionPreference = "SilentlyContinue"
$Style = "<Style>BODY{font-size:12px;font-family:verdana,sans-serif;color:navy;font-weight:normal;}" + `
      "TABLE{border-width:1px;cellpadding=10;border-style:solid;border-color:navy;border-collapse:collapse;}" + `
      "TH{font-size:12px;border-width:1px;padding:10px;border-style:solid;border-color:navy;}" + `
      "TD{font-size:10px;border-width:1px;padding:10px;border-style:solid;border-color:navy;}</Style>"
If($TrialRun){$Subject += " Trial Run"}
Function SendEmailStatus($From, $To, $Subject, $SMTPServer, $BodyAsHtml, $Body)
{	$SMTPMessage = New-Object System.Net.Mail.MailMessage $From, $To, $Subject, $Body
  $SMTPMessage.IsBodyHTML = $BodyAsHtml
  $SMTPClient = New-Object System.Net.Mail.SMTPClient $SMTPServer
  $SMTPClient.Send($SMTPMessage)
  If($? -eq $False){Write-Warning "$($Error[0].Exception.Message) | $($Error[0].Exception.GetBaseException().Message)"}
  $SMTPMessage.Dispose()
  rv SMTPClient
  rv SMTPMessage
}

#Connect to the WSUS 3.0 interface.
[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | out-null
$WsusServerAdminProxy = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($WsusServer,$UseSSL,$PortNumber);
If($? -eq $False)
{	Write-Warning "Something went wrong connecting to the WSUS interface on $WsusServer server: $($Error[0].Exception.Message)"
  If($EmailLog)
  {	$Body = ConvertTo-Html -head $Style -Body "Something went wrong connecting to the WSUS interface on $WsusServer server: $($Error[0].Exception.Message)" | Out-String
    $Body = $Body.Replace("<table>`r`n</table>", "")
    SendEmailStatus -From $From -To $To -Subject $Subject -SmtpServer $SmtpServer -BodyAsHtml $True -Body $Body
  }
  $ErrorActionPreference = $script:CurrentErrorActionPreference
  Return
}

$ARM64Updates = $WsusServerAdminProxy.GetUpdates() | ?{-not $_.IsDeclined -and $_.Title -match “ARM64”}
If($ARM64Updates)
{
  If($TrialRun -eq $False){$ARM64Updates | %{$_.Decline()}}
  $Table = @{Name="Title";Expression={[string]$_.Title}},`
    @{Name="KB Article";Expression={[string]::join(' | ',$_.KnowledgebaseArticles)}},`
    @{Name="Classification";Expression={[string]$_.UpdateClassificationTitle}},`
    @{Name="Product Title";Expression={[string]::join(' | ',$_.ProductTitles)}},`
    @{Name="Product Family";Expression={[string]::join(' | ',$_.ProductFamilyTitles)}}
  $ARM64Updates | Select $Table
  If($EmailLog)
  {	$Body = $ARM64Updates | Select $Table | ConvertTo-HTML -head $Style
    SendEmailStatus -From $From -To $To -Subject $Subject -SmtpServer $SmtpServer -BodyAsHtml $True -Body $Body
  }
}
Else
{"No ARM64 Updates found that needed declining. Come back next 'Patch Tuesday' and you may have better luck."}
$ErrorActionPreference = $script:CurrentErrorActionPreference

To enable email notifications:

Pass the $ EmailLog variable to $ True and set the $ SMTPServer, $ From, $ To.



Related Posts


WSUS: Set up client-side targeting
Presentation The client-side targeting on WSUS, when enabled, allows you to directly assign to a group declare in the console. This declaration is not done GPO or by modifying the register of the customer workstation. %start_p_primary%Once activated,

MDT: Install updates with WSUS
Presentation In this tutorial, I'll explain how to enable Windows updates to a WSUS server when deploying an image with MDT. Enable updates Open the properties of an installation sequence, go to the Task Sequence << 1 >> tab and activate

How to install and configure WSUS on Windows Server
Windows Server Update Service (WSUS) is a built-in role in Windows Server, which enables the implementation of a Microsoft Updates distribution system internally. The benefits of WSUS: Monitoring the deployment of updates Reduced internet bandwidth U

It looks like you're using an adblocker.
We use ads to keep our content free. Please support us by turning off your adblocker.