xWindowsUpdate icon indicating copy to clipboard operation
xWindowsUpdate copied to clipboard
verified publisher icon dsccommunity

Feature Request: Please add support for using WSUS

Open alanrothschild opened this issue 9 years ago • 7 comments

We want to use xWindowsUpdate and WSUS to patch our servers because:

  1. The servers have no internet connectivity
  2. WSUS provides necessary patch management features including reporting

alanrothschild avatar Sep 23 '16 16:09 alanrothschild

Can you elaborate a bit more what the issue you're having with using xWindowsUpate to achieve those points ?

ArieHein avatar Oct 08 '16 02:10 ArieHein

I am not sure if this is a feature request or just confusion of current functionality. Looking through the examples/docs I am under the impression that setting a machine to use a local WSUS server as the source of patching is not currently available.

Is that correct?

reicher001 avatar Dec 27 '16 04:12 reicher001

Hi,

Is there any new information regarding this request? We would also be interesed in using this resource for configuring our VMs to use a local WSUS server.

Thanks!

cguitart avatar Aug 08 '17 10:08 cguitart

*This is not an endorsement and I have not used the following resource.

I found this resource that might do what you need. https://pwrshell.net/powershell-desired-state-configuration-resources-for-wsus/

That is what we will look at when we get back to working on this for our setup.

reicher001 avatar Aug 08 '17 15:08 reicher001

Great. Thanks

cguitart avatar Aug 09 '17 07:08 cguitart

I've not used this resource, but suspect this will be a blocker for me too.

@ArieHein, I suspect what the others may be referencing, based on a quick look at the code, may be this:

    if($Source -eq 'WSUS')
    {
        throw 'The WSUS service option is not implemented.'
    }

FinickyCode avatar Apr 10 '18 05:04 FinickyCode

We are using the xWindowsUpdateAgent resource to manage clients installing updates via WSUS. To get around the terminating error that FinickyCode pasted above, we modified the resource as shown below. To make this completely work, we use a Registry resource to set the needed registry values under "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" (see "https://docs.microsoft.com/en-us/windows/deployment/update/waas-wu-settings for the specifics")

Here's the change needed for Test-TargetResourceProperties:

if($Source -eq 'WSUS')
{
    $key = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'
    $notImplemented = 'The WSUS service option is not implemented.'

    #Check to see if the WSUS source was configured via registry or GPO
    if((Get-ItemProperty -Path "$key\AU" -ErrorAction SilentlyContinue).UseWUServer -eq 1)
    {
		
        $wsusServer = (Get-ItemProperty -Path $key -ErrorAction SilentlyContinue).WUServer
        $wsusReporting = (Get-ItemProperty -Path $key -ErrorAction SilentlyContinue).WUStatusServer
		
        if((($wsusServer -like "http*") -and ($wsusReporting -like "http*")) -eq $false)
        {
	        throw $notImplemented
        }

    }
    else
    {
        throw $notImplemented
    }
}

JoeAtMsft avatar Aug 13 '19 18:08 JoeAtMsft