The Deployment Bunny

OS Deployment, Virtualization, Microsoft based Infrastructure…

  • Archives

  • Meta

Archive for the ‘Patching’ Category

Working in the Datacenter – Keeping WSUS Happy using PowerShell

Posted by Mikael Nystrom on February 3, 2016

We use WSUS in our own datacenter as well as customer sites, for many client based scenarios this is done using WSUS and ConfigMgr, but in the fabric it is either WSUS or WSUS and SCVMM. When WSUS is used for content and distribution (Nativly or with SCVMM) it needs a helping hand…

  • Someone need to deny all patches that are superseeded, this does not happen automatically.
  • Someone needs to cleanup old content, computers, patches and such, this does not happen automatically.
  • Someone needs to care for the database, this does not happen automatically.

So, over the years poeople around the globe has been providing scripts for this, and here is what we currently are using.

The script will do the following


Connect to a database

you might need to change this in the script.

#For Windows Internal Database, use $WSUSDB = ‘\\.\pipe\MICROSOFT##WID\tsql\query’
#For SQL Express, use $WSUSDB = ‘\\.\pipe\MSSQL$SQLEXPRESS\sql\query’

Get the Superseeded Updates

Here is the Posh that fixes that:

$SuperSeededUpdates = Get-WsusUpdate -Approval AnyExceptDeclined -Classification All -Status Any | Where-Object -Property UpdatesSupersedingThisUpdate -NE -Value ‘None’ -Verbose
$SuperSeededUpdates | Deny-WsusUpdate –Verbose

Cleanup WSUS

We run each step sepratly, however, you can change that and run everything in one line…

Cleanup the DB

Last part runs sqlcmd using a .SQL file from MSFT Gallery, and yes, you can download and install the PowerShell tools for SQL and use that instead. Most of your customers dont have thoose tools installed, so sqlcmd.exe it is.

Posted in Datacenter, Patching, PowerShell, WSUS | Tagged: , , , | 19 Comments »

OS Deployment – Creating a reference Image with Windows Server 2008 R2 Core could fail

Posted by Mikael Nystrom on December 28, 2015

The Issue:

There is an issue with KB3106614. The issue is that it should not be installed att all on a Windows Server 2008 R2 Core Server. That patch is a Security Update for Silverlight and it has nothing to do with the Core edition of Windows Server 2008 R2, this is what happens:

The never ending install of KB3106614 in Windows Server 2008 R2 Core.

The Solution:

We cannot change the settings on the patch(wich is in this case obvisily incorrect), but we can prevent the update process in LiteTouch to install it by adding WUMU_ExcludeKB. It is also possible to set this in customsettings.ini, but that will prevent this from being installed for other Operating System. So, IMHO, for a ref image creation the easiest way would be to block it by setting this in the Task Sequence.

Prevent the patch from ever being installed using WUMU_ExcludeKB.


Posted in OS Deployment, OSD, Patching, Windows Server 2008 R2 | Tagged: , | 2 Comments »