WSUS synchronization report

The other day I wondered how to get the equivalent of this WSUS synchronization summary and its details.
More precisely I wanted to get the summary of what you see in the mmc snap-in under the synchronizations node:
wsus-sync-01
and the details that you get when you right-click a synchronization and hit ‘Synchronization report’ but I got instead the following message telling me that the report viewer wasn’t installed
wsus-sync-02

After a few minutes, I found the following MSDN page about Reporting Newly Synchronized Updates
I first looked at the GetUpdates method that has many ways to call it.
wsus-sync-03
The msdn article proposes to use the 2nd one where you specify all the 5 arguments:

  • Microsoft.UpdateServices.Administration.ApprovedStates approvedStates,
  • datetime fromArrivalDate,
  • datetime toArrivalDate,
  • Microsoft.UpdateServices.Administration.UpdateCategoryCollection updateCategories,
  • Microsoft.UpdateServices.Administration.UpdateClassificationCollection updateClassifications

where both the updatecategories and updateclassifications are set to $null
I gave it a try but I couldn’t get reliable results 😦 even when the two collections (UpdateCategoryCollection and UpdateClassificationCollection) were properly defined and not set to null.
Forget that method, it’s too unpredictable.

I switched to the 3rd method where you just use a single updateScope object as argument instead of the above 5 arguments and finally got the expected reliability 😀

# Get the last sync info (start and end times)
$lastSync = (Get-WsusServer).GetSubscription().GetLastSynchronizationInfo()

# Create an updatescope object
$UpdateScope = New-Object -TypeName Microsoft.UpdateServices.Administration.UpdateScope

# Set the start time
$UpdateScope.FromArrivalDate = $lastSync.StartTime
# Set the end time
$UpdateScope.ToArrivalDate = $lastSync.EndTime

# Invoke the getupdates method using the update scope object
$SyncUpdates = (Get-WsusServer).GetUpdates($UpdateScope)

Now to get the summary, I just do

$SyncUpdates | 
Group-Object -Property publicationstate -NoElement

wsus-sync-04
To view the details of what was synchronized I do:

$SyncUpdates | Out-GridView
# or 
$SyncUpdates | 
Select Title,SecurityBulletins,UpdateClassificationTitle,PublicationState | 
Sort PublicationState | 
Format-Table -AutoSize

wsus-sync-05

Easy-peasy and as always PowerShell rocks 😎

Get-GPPrefRegistryValue or Get-GPRegistryValue

Someone at work recently asked me to provide the list of (web) sites assigned to an IE zone, so that he could tell me what sites are obsolete and can be removed. Yeah, we need that because IE11 intranet automatic detection mechanism doesn’t work with an httpstunnel interface and an NRPT table for those who are familiar with Direct Access scenario.

I jumped on a PowerShell console and couldn’t immediately get the answer because I got confused by the Get-GPPrefRegistryValue cmdlet. I couldn’t easily get the answer because I actually used the wrong cmdlet (my bad) 😦
I should have used the Get-GPRegistryValue cmdlet instead 🙂 . Do you see the difference between the two cmdlets?

I could actually have had my answer in less than 2 seconds by doing:

Get-GPO -Name "myGPOName" | 
Get-GPRegistryValue -Key 'HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey' |
Select ValueName,Value

Instead, I went the hard way and did the following:

# 1. Export the GPO to an XML file
Get-GPO -Name "myGPOName" | 
Get-GPOReport -ReportType Xml -Path "C:\myGPOName.xml"

# 2. Read the XML file
(
 ([xml](Get-Content "C:\myGPOName.xml")).GPO.User.ExtensionData.Extension.Policy | 
 Where Name -eq 'Site to Zone Assignment List'
).ListBox.Value.Element

Even if you’re confused, PowerShell always provides many ways to skin the cat 😀