0

I have added the driver classification in wsus and now i have 100k driver updates. The supersedence is not specified so i can't easily decline old updates. I see a lot of duplicate versions for the drivers (update id is different so it's not the same update).

In the past this was bad but since i added windows 10 it's almost unmanageble.

  • Is it true that microsoft did not hire a scriptkiddy to correct the supersedence for drivers?
  • Is it true that drivers with thesame version number and other details, are thesame? Or is there some subtle difference?

Sure i could not automatically approve drivers and manually approve only the needed ones and decline old ones. I could even regex out the version numbers and use powershell to approve the newest ones. Or update the wsus database so it's correct. But that is Microsofts job.

Or am i missing something here? If i need to make some powershell script i will share it here, don't worry about that.

Swisstone
  • 6,357
  • 7
  • 21
  • 32
user189695
  • 89
  • 5

1 Answers1

0

Pressed the wrong button again, made a script to decline now (use at own risk)

$WSUS = Get-WsusServer
$FPClass = $WSUS.GetUpdateClassifications()|Where{$_.Title -eq 'Drivers'}
$u = $FPClass.GetUpdates()

# extract version
$u1 = $u |% {
    $x = $_.title -match "^(.*) (.*)$";
    [pscustomobject]@{
        "id"=$_.id;
        "v"=[version]$matches[2];
        "n"=$matches[1];
    }
}

# get max version
$u2 = $u1 |
Sort-Object -Property v | group n |%{
 [PSCustomObject]@{
     n = $_.name;
     v = ($_.Group | Sort-Object v | select -Last 1 -Property v).v; 
}}

# do decline
$u1 |% {
    $x = $_;
    [PSCustomObject]@{   
        "id"=$_.id;
        "v1"=$_.v;
        "n" = $_.n;
        "v2"=($u2 |? { $_.n -eq $x.n }).v;
    }
} |? { $_.v1 -ne $_.v2} |% {
    Deny-WsusUpdate -Update (Get-WsusUpdate -UpdateId $_.id.UpdateId);
    $_;
}
user189695
  • 89
  • 5