Powershell Group Policy Management
WSUS Policies
#requires Windows 2008 R2 with Group Policy Management Console installed
#install GPM on a Windows 2008 R2
import-module -name servermanager
add-windowsfeature -name GPMC
import-module grouppolicy
#list interesting gpo's
get-gpo -all -domain usa.DOMAIN.com | where {$_.DisplayName -like "Software Update*"} | select displayname
$gpname = "Software Update Services WSUS Asia"
#retrieve an individual object
$gpobj = get-gpo -name $gpo
#When was an object modified?
$modified = $gpobj.ModificationTime
$key = "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
#get specific value assigned by GPO
get-gpregistryvalue -name $gpname -key $key\au -valuename noautoupdate
#get all values beneath a key
get-gpregistryvalue -name $gpname -key $key
####################################################################################################################################
#
# NOTES for WSUS
#
# - Is WSUS enabled?
# Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\au
# Value: noautoupdate = 0 (enabled) or 1 (disabled)
#
# - IF ENABLED, what update option is selected?
# Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\au
# Value: auoptions = 2 (notify before download), 3 (Download & notify), 4 (autodownload and install on scheduled day)
#
# - IF ENABLED, IF OPTION 4, what scheduled day?
# Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\au
# Value: ScheduledInstallDay = 0 (every day), 1 (Sundays), 2 (Mondays), 3 (Tuesdays), 4 (Wednesdays), etc
#
# - IF ENABLED, IF OPTION 4, what schedule time?
# Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\au
# Value: ScheduledInstallTime = number specifying the hour in a 24 hour day = 14 (2pm)
#
#Set a value
# For example - set day of week for scheduled install to Saturday:
# set-gpregistryvalue -name $gpname -key $key\au -valuename scheduledinstallday -type DWORD -value 7
No comments:
Post a Comment