- Context
A PM.org member asked to the list:
We use MBSA with a few down-level OS’s as well as Windows 10 in several offline environments, and until this month, it still worked.
- Problem
It appears that MBSA isn’t supported anymore: https://docs.microsoft.com/en-us/windows/security/threat-protection/mbsa-removal-and-guidance
- Solution
Another member suggested the following:
Why not use WUA script to scan for updates offline ?
https://docs.microsoft.com/en-us/windows/win32/wua_sdk/using-wua-to-scan-for-updates-offline
If you’ve a downloaded version of the wsusscn2.cab file that you indicate as the FilePath parameter of the following script, you can do:
Start-WUOfflineScan -FilePath C:\temp\wsusscn2.cab -Verbose
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Start-WUOfflineScan { | |
| <# | |
| .SYNOPSIS | |
| Start an offline WUA scan | |
| .DESCRIPTION | |
| Start an offline WUA (Windows Update Agent) scan using wsusscn2.cab. | |
| .PARAMETER FilePath | |
| Specifies the path to the wsusscn2.cab file to be used to perform the offline scan. | |
| .PARAMETER IncludeSupersededUpdate | |
| Specifies to include superseded updates in the results if any. | |
| .EXAMPLE | |
| Start-WUOfflineScan -FilePath C:\temp\wsusscn2.cab -Verbose | |
| .NOTES | |
| You can get the offline wsusscn2.cab from: | |
| http://download.windowsupdate.com/microsoftupdate/v6/wsusscan/wsusscn2.cab | |
| Official doc is: | |
| https://docs.microsoft.com/en-us/windows/win32/wua_sdk/using-wua-to-scan-for-updates-offline | |
| #> | |
| [CmdletBinding()] | |
| Param( | |
| [Parameter(Mandatory)] | |
| [ValidateScript({Test-Path -Path $_ -PathType Leaf})] | |
| $FilePath, | |
| [switch]$IncludeSupersededUpdate | |
| ) | |
| Begin { | |
| if ($FilePath -match '^~') { | |
| $FilePath = $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath($FilePath) | |
| } | |
| try { | |
| $UpdateSvc = New-Object -ComObject Microsoft.Update.ServiceManager | |
| } catch { | |
| Write-Warning -Message "Failed to query if server is configured against a WSUS server because $($_.Exception.Message)" | |
| } | |
| Function Test-WUARebootRequired { | |
| try { | |
| (New-Object -ComObject 'Microsoft.Update.SystemInfo').RebootRequired | |
| } catch { | |
| Write-Warning -Message "Failed to query COM object because $($_.Exception.Message)" | |
| } | |
| } | |
| } | |
| Process { | |
| if (-not(Test-WUARebootRequired)) { | |
| try { | |
| # Create a session | |
| $Session = New-Object -ComObject Microsoft.Update.Session | |
| # Import the the offline cab | |
| $UpdateService = $UpdateSvc.AddScanPackageService('Offline Sync Service',"$($FilePath)", 1) | |
| $Searcher = $Session.CreateUpdateSearcher() | |
| $Searcher.ServerSelection = 3 #ssOthers | |
| if ($IncludeSupersededUpdate) { | |
| $Searcher.IncludePotentiallySupersededUpdates = $true | |
| } | |
| $Searcher.ServiceID = $UpdateService.ServiceID.ToString() | |
| $Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1" | |
| # Search for updates | |
| $SearchResult = $Searcher.Search($Criteria) | |
| } catch { | |
| Write-Warning -Message "Failed to search for missing updates because $($_.Exception.Message)" | |
| if ($SearchResult) { | |
| Write-Warning -Message "The search result status code was $($SearchResult.ResultCode)" | |
| } | |
| break | |
| } | |
| if ($SearchResult.ResultCode -eq 2) { | |
| # Output what was found | |
| if (($SearchResult.Updates).Count -ne 0) { | |
| $SearchResult.Updates | | |
| ForEach-Object { | |
| Write-Verbose -Message "Missing update: $($_.Title)" | |
| $_ | |
| } | |
| } else { | |
| Write-Verbose -Message 'There are no updates to install' -Verbose | |
| } | |
| } else { | |
| Write-Warning -Message 'Failed to search for updates' | |
| Write-Warning -Message "The search result status code was $($SearchResult.ResultCode)" | |
| } | |
| } else { | |
| Write-Warning -Message 'A reboot is pending' | |
| } | |
| } | |
| End {} | |
| } |
>_ 
I am getting error The term ‘Start-WUOfflineScan’ is not recognized as the name of a cmdlet, function, script file,
or operable program.
Please suggest
Hello,
You need to copy/paste the code in the gist (https://gist.githubusercontent.com/p0w3rsh3ll/4eafda6a42297b78f75239bc900f4c36/raw/bdd696902eba2bbbfd453ad66d8f3b8245bceb91/Start-WUOfflineScan.ps1) and execute it before invoking the Start-WUOfflineScan function.
You can have it in the ISE (F5 to execute) or in a .ps1 file. In this case, you’ll load the file by dot sourcing.