事情是這樣的:
環境中的WSUS,隨著時間的增長,不知不覺長成一個回不去的月半子。
只能不停地擴充空間搭配伺服器清理精靈,一直撐著。
終於該來的還是來了,伺服器清理精靈也罷工了(每次在不需要更新的檔案清理都會造成服務連線逾時),接著展開一段漫長的WSUS減月巴之旅,
舉凡網路上的各種偏方(調整DB、IIS、PS....)能嘗試的都試過了,大概就只剩下WSUSUtil RESET還沒做了!
就在已經做好打掉重練,原地重建的時候。
皇天不負苦心人,讓我爬到這篇Deleting Updates from WSUS
裡面提到了,還很貼心的附上參考連結
To prevent the next WSUS sites from inheriting unnecessary updates, there's a script to delete the updates that the Server Wizard is not removing after declining
結果該參考連結網誌已經移除了(天啊~~真是晴天霹靂)
不過還好谷歌大神有網頁快取的功能,趕快去爬那篇連結,順利抄作業,就當我信心滿滿以為可以順利解決的時候,還是出現連線逾時.............(當下內心真的是又一次的晴天霹靂)
所幸皇天不負苦心人,在該篇網誌下方有位熱心的鄉民Alexey Petrenko留下了一段珍貴的解決方法
You can stop time out by narrow down list of updates or drivers. I resolved it like this:
[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | out-null
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($UpdateServer, $UseSSL, $Port);
$updatescope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
# you can choose one of these attributes:
#$updatescope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::NotApproved
#$updatescope.IncludedInstallationStates = [Microsoft.UpdateServices.Administration.UpdateInstallationStates]::NotInstalled
#$updatescope.FromArrivalDate = [datetime]”03/11/2020"
#$updatescope.ToArrivalDate = [datetime]”04/02/2020"
$updatescope.UpdateTypes = [Microsoft.UpdateServices.Administration.UpdateTypes]::Driver
#$updatescope.UpdateTypes = [Microsoft.UpdateServices.Administration.UpdateTypes]::SoftwareUpdate
Then you can remove your updates
$wsus.getupdates($updatescope) | Where {$_.UpdateClassificationTitle -eq 'Drivers'} | ForEach-Object { $wsus.DeleteUpdate($_.Id.UpdateID); Write-Host $_.Title removed }
Check for classification 'Drivers' second time is abundant in that case but you can leave it. It will work anyway.
加入了限縮條件之後就可以順利的減月巴了,看著慢慢瘦下來的WSUS,真的很欣慰。
希望能幫到一起在WSUS減肥之路上的小夥伴們。
以下為參考範例,自己修改後存成PowerShell後執行(有哪些條件可以參考下方微軟提供的連結)
[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | out-null
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($UpdateServer, $UseSSL, $Port);
$updatescope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
# you can choose one of these attributes:
$updatescope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::Declined
#$updatescope.IncludedInstallationStates = [Microsoft.UpdateServices.Administration.UpdateInstallationStates]::NotInstalled
$updatescope.FromArrivalDate = [datetime]”04/01/2021"
$updatescope.ToArrivalDate = [datetime]”04/16/2020"
$updatescope.UpdateTypes = [Microsoft.UpdateServices.Administration.UpdateTypes]::Driver
#$updatescope.UpdateTypes = [Microsoft.UpdateServices.Administration.UpdateTypes]::SoftwareUpdate
#Then you can remove your updates
$wsus.getupdates($updatescope) | Where {$_.UpdateClassificationTitle -eq 'Drivers'} | ForEach-Object { $wsus.DeleteUpdate($_.Id.UpdateID); Write-Host $_.Title removed }
Deploy中的無法直接刪除,此時可以先Decline 在做刪除的動作,作法也很簡單,僅列出差異,詳情可以參考下方第二個連結。
$updatescope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::Any
$updates=$wsus.getupdates($updatescope) | Where {$_.UpdateClassificationTitle -eq 'Drivers'}
$updates.decline()
$updates| ForEach-Object { $wsus.DeleteUpdate($_.Id.UpdateID); Write-Host $_.Title removed }
)
Reference
Deleting Updates from WSUS
WSUS and PowerShell: Declining and Deleting updates based on keywords
Microsoft.UpdateServices.Administration Namespace
