Powershell: Automatically decline ARM64 Updates on WSUS

The PowerShell script below allows you to automatically decline ARM64 updates from Windows 10 into WSUS.

The script can be started manually or by a scheduled task.

The script must be running on the WSUS server.

Works under:

  • Windows 2012 and 2010R2
  • Windows 2016
Param(
  [string]$WsusServer = ([system.net.dns]::GetHostByName('localhost')).hostname,
  [bool]$UseSSL = $False,
  [int]$PortNumber = 8530,
  [bool]$TrialRun = $False,
  [bool]$EmailLog = $False,
  [string]$SMTPServer = "smtp.domain.intra",
  [string]$From = "[email protected]",
  [string]$To = "[email protected]",
  [string]$Subject = "WSUS :: Declining ARM Updates"
)
$script:CurrentErrorActionPreference = $ErrorActionPreference
$ErrorActionPreference = "SilentlyContinue"
$Style = "<Style>BODY{font-size:12px;font-family:verdana,sans-serif;color:navy;font-weight:normal;}" + `
      "TABLE{border-width:1px;cellpadding=10;border-style:solid;border-color:navy;border-collapse:collapse;}" + `
      "TH{font-size:12px;border-width:1px;padding:10px;border-style:solid;border-color:navy;}" + `
      "TD{font-size:10px;border-width:1px;padding:10px;border-style:solid;border-color:navy;}</Style>"
If($TrialRun){$Subject += " Trial Run"}
Function SendEmailStatus($From, $To, $Subject, $SMTPServer, $BodyAsHtml, $Body)
{	$SMTPMessage = New-Object System.Net.Mail.MailMessage $From, $To, $Subject, $Body
  $SMTPMessage.IsBodyHTML = $BodyAsHtml
  $SMTPClient = New-Object System.Net.Mail.SMTPClient $SMTPServer
  $SMTPClient.Send($SMTPMessage)
  If($? -eq $False){Write-Warning "$($Error[0].Exception.Message) | $($Error[0].Exception.GetBaseException().Message)"}
  $SMTPMessage.Dispose()
  rv SMTPClient
  rv SMTPMessage
}

#Connect to the WSUS 3.0 interface.
[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | out-null
$WsusServerAdminProxy = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($WsusServer,$UseSSL,$PortNumber);
If($? -eq $False)
{	Write-Warning "Something went wrong connecting to the WSUS interface on $WsusServer server: $($Error[0].Exception.Message)"
  If($EmailLog)
  {	$Body = ConvertTo-Html -head $Style -Body "Something went wrong connecting to the WSUS interface on $WsusServer server: $($Error[0].Exception.Message)" | Out-String
    $Body = $Body.Replace("<table>`r`n</table>", "")
    SendEmailStatus -From $From -To $To -Subject $Subject -SmtpServer $SmtpServer -BodyAsHtml $True -Body $Body
  }
  $ErrorActionPreference = $script:CurrentErrorActionPreference
  Return
}

$ARM64Updates = $WsusServerAdminProxy.GetUpdates() | ?{-not $_.IsDeclined -and $_.Title -match “ARM64”}
If($ARM64Updates)
{
  If($TrialRun -eq $False){$ARM64Updates | %{$_.Decline()}}
  $Table = @{Name="Title";Expression={[string]$_.Title}},`
    @{Name="KB Article";Expression={[string]::join(' | ',$_.KnowledgebaseArticles)}},`
    @{Name="Classification";Expression={[string]$_.UpdateClassificationTitle}},`
    @{Name="Product Title";Expression={[string]::join(' | ',$_.ProductTitles)}},`
    @{Name="Product Family";Expression={[string]::join(' | ',$_.ProductFamilyTitles)}}
  $ARM64Updates | Select $Table
  If($EmailLog)
  {	$Body = $ARM64Updates | Select $Table | ConvertTo-HTML -head $Style
    SendEmailStatus -From $From -To $To -Subject $Subject -SmtpServer $SmtpServer -BodyAsHtml $True -Body $Body
  }
}
Else
{"No ARM64 Updates found that needed declining. Come back next 'Patch Tuesday' and you may have better luck."}
$ErrorActionPreference = $script:CurrentErrorActionPreference

To enable email notifications:

Pass the $ EmailLog variable to $ True and set the $ SMTPServer, $ From, $ To.



Related Posts


WSUS: Set up client-side targeting
Presentation The client-side targeting on WSUS, when enabled, allows you to directly assign to a group declare in the console. This declaration is not done GPO or by modifying the register of the customer workstation. %start_p_primary%Once activated,

WSUS: automatic approval of updates
Introduction In this tutorial, we will see how to automatically approve definition updates on WSUS. Definition updates are available almost daily, automatic approval avoids doing so. Approve updates automatically 1. Go to the WSUS console in Options

Install WSUS with a SQL Server database
Presentation Since Windows 2016 server, it is possible to install the Windows Server Update Service (WSUS) directly with a SQL Server database. In this article we will see how to proceed. Prerequisites To install WSUS with a SQL Server database you n