Maintaining WSUS Like a Boss!

For those of you using WSUS standalone for your updates, here is a collection of tips and tricks:

What if you are using the Windows Internal Database (WID)?

Typically I like to use either the full SQL Server (if the customer have the license), or SQL Express for the WSUS database because they are slightly easier to manage. But what if you already have WSUS using WID? Well, no need to worry, you can still download SQL Server 2014 Management Studio from Microsoft: http://msdn.microsoft.com/en-us/sqlserver2014express.aspx and use it to connect to the database for management:

To connect to the Windows Server 2012 R2 Windows Internal Database, use the following connection: \\.\pipe\microsoft##WID\tsql\query

Note: If your account wasn't used to install WID, run SQL Server 2014 Management Studio as Administrator.

image
Connecting to the WSUS Windows Internal Database in Windows Server 2012 R2.

Cleanup WSUS every now and then

Cleaning out obsolete and deleted updates is key to have your WSUS healthy. Even though it's available via the UI, please don't, use PowerShell for automation. Use the WSUS Server Cleanup script from Kaido J√§rvemets.  That script will run the WSUS cleanup and mail a nice HTML report with the status of the job (you can also just comment out the mailing part, and only use the HTML report created).

image
Sample report from the PowerShell script.

Rebuild the WSUS database indexes

Use the Re-index the WSUS 3.0 Database script from Microsoft Script Center, also works great with WSUS 4.0. Use either Sqlcmd or PowerShell (Invoke-Sqlcmd cmdlet ) to automate it.

Note: If you only want to check the fragmentation level, just run the first part of the script.

image
Running the rebuild in SQL Server 2014 Management Studio.

Don't do driver updates

For a start, do not use WSUS to update drivers, You will bloat the WSUS database with updates. Let your deployment solution handle drivers, and if you need to update a driver (like say an Intel Wireless driver) push it out via a normal application install.

What if "someone" enable driver updates already? Well then use either PowerShell or SQL edits to delete them. The PowerShell command below will delete between 200 – 600 drivers per hour.

[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer();
$wsus.GetUpdates() | Where {$_.IsDeclined -eq $true} | ForEach-Object {$wsus.DeleteUpdate($_.Id.UpdateId.ToString()); Write-Host $_.Title removed }

If you can't wait a few days to delete all drivers via PowerShell (last customer I run into had 65000 drivers added), you can use unsupported SQL edits to delete them in 10 seconds. Check this great post from Dennis Suhanovs:

How to Delete Driver Updates from WSUS
http://www.flexecom.com/how-to-delete-driver-updates-from-wsus-3-0/

About the author

Johan Arwidmark

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

>