Powershell: Automatically decline ARM64 Updates on WSUS

The PowerShell script below allows you to automatically decline ARM64 updates from Windows 10 into WSUS.

The script can be started manually or by a scheduled task.

The script must be running on the WSUS server.

Works under:

  • Windows 2012 and 2010R2
  • Windows 2016
Param(
  [string]$WsusServer = ([system.net.dns]::GetHostByName('localhost')).hostname,
  [bool]$UseSSL = $False,
  [int]$PortNumber = 8530,
  [bool]$TrialRun = $False,
  [bool]$EmailLog = $False,
  [string]$SMTPServer = "smtp.domain.intra",
  [string]$From = "[email protected]",
  [string]$To = "[email protected]",
  [string]$Subject = "WSUS :: Declining ARM Updates"
)
$script:CurrentErrorActionPreference = $ErrorActionPreference
$ErrorActionPreference = "SilentlyContinue"
$Style = "<Style>BODY{font-size:12px;font-family:verdana,sans-serif;color:navy;font-weight:normal;}" + `
      "TABLE{border-width:1px;cellpadding=10;border-style:solid;border-color:navy;border-collapse:collapse;}" + `
      "TH{font-size:12px;border-width:1px;padding:10px;border-style:solid;border-color:navy;}" + `
      "TD{font-size:10px;border-width:1px;padding:10px;border-style:solid;border-color:navy;}</Style>"
If($TrialRun){$Subject += " Trial Run"}
Function SendEmailStatus($From, $To, $Subject, $SMTPServer, $BodyAsHtml, $Body)
{	$SMTPMessage = New-Object System.Net.Mail.MailMessage $From, $To, $Subject, $Body
  $SMTPMessage.IsBodyHTML = $BodyAsHtml
  $SMTPClient = New-Object System.Net.Mail.SMTPClient $SMTPServer
  $SMTPClient.Send($SMTPMessage)
  If($? -eq $False){Write-Warning "$($Error[0].Exception.Message) | $($Error[0].Exception.GetBaseException().Message)"}
  $SMTPMessage.Dispose()
  rv SMTPClient
  rv SMTPMessage
}

#Connect to the WSUS 3.0 interface.
[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | out-null
$WsusServerAdminProxy = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($WsusServer,$UseSSL,$PortNumber);
If($? -eq $False)
{	Write-Warning "Something went wrong connecting to the WSUS interface on $WsusServer server: $($Error[0].Exception.Message)"
  If($EmailLog)
  {	$Body = ConvertTo-Html -head $Style -Body "Something went wrong connecting to the WSUS interface on $WsusServer server: $($Error[0].Exception.Message)" | Out-String
    $Body = $Body.Replace("<table>`r`n</table>", "")
    SendEmailStatus -From $From -To $To -Subject $Subject -SmtpServer $SmtpServer -BodyAsHtml $True -Body $Body
  }
  $ErrorActionPreference = $script:CurrentErrorActionPreference
  Return
}

$ARM64Updates = $WsusServerAdminProxy.GetUpdates() | ?{-not $_.IsDeclined -and $_.Title -match “ARM64”}
If($ARM64Updates)
{
  If($TrialRun -eq $False){$ARM64Updates | %{$_.Decline()}}
  $Table = @{Name="Title";Expression={[string]$_.Title}},`
    @{Name="KB Article";Expression={[string]::join(' | ',$_.KnowledgebaseArticles)}},`
    @{Name="Classification";Expression={[string]$_.UpdateClassificationTitle}},`
    @{Name="Product Title";Expression={[string]::join(' | ',$_.ProductTitles)}},`
    @{Name="Product Family";Expression={[string]::join(' | ',$_.ProductFamilyTitles)}}
  $ARM64Updates | Select $Table
  If($EmailLog)
  {	$Body = $ARM64Updates | Select $Table | ConvertTo-HTML -head $Style
    SendEmailStatus -From $From -To $To -Subject $Subject -SmtpServer $SmtpServer -BodyAsHtml $True -Body $Body
  }
}
Else
{"No ARM64 Updates found that needed declining. Come back next 'Patch Tuesday' and you may have better luck."}
$ErrorActionPreference = $script:CurrentErrorActionPreference

To enable email notifications:

Pass the $ EmailLog variable to $ True and set the $ SMTPServer, $ From, $ To.



Related Posts


How to install and configure WSUS on Windows Server
Windows Server Update Service (WSUS) is a built-in role in Windows Server, which enables the implementation of a Microsoft Updates distribution system internally. The benefits of WSUS: Monitoring the deployment of updates Reduced internet bandwidth U

WSUS: automatic approval of updates
Introduction In this tutorial, we will see how to automatically approve definition updates on WSUS. Definition updates are available almost daily, automatic approval avoids doing so. Approve updates automatically 1. Go to the WSUS console in Options

Install WSUS with a SQL Server database
Presentation Since Windows 2016 server, it is possible to install the Windows Server Update Service (WSUS) directly with a SQL Server database. In this article we will see how to proceed. Prerequisites To install WSUS with a SQL Server database you n