11

On each Microsoft patch day, I have a pretty large amount of new updates I want to approve to my clients. But instead of 'Approve all updates and continue', I gather information on each update at its Knowledge Base article to decide, if this is an important update for us or not.

This is a pretty tedious task, because I have to type the according KB number into my client's browser and wait for the webpage to load. I was wondering why Microsoft isn't using the update description box at the WSUS control panel to show real helpful, detailed information. Instead, all of my updates read:

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

I started to think about a little Powershell script, that adds the neccessary information for me. But I failed on the first step, which is changing an update description by hand:

PS C:\Users\Administrator> $wsus = Get-WsusServer

PS C:\Users\Administrator> $update = $wsus.SearchUpdates('KB3013791')

PS C:\Users\Administrator> $update[0].Description
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

PS C:\Users\Administrator> $update[0].Description = '"0x00000133" Stop error when there''s faulty hardware in Windows 8.1 or Windows Server 2012 R2'

PS C:\Users\Administrator> $update[0].Description
"0x00000133" Stop error when there's faulty hardware in Windows 8.1 or Windows Server 2012 R2

PS C:\Users\Administrator> $update = $wsus.SearchUpdates('KB3013791')

PS C:\Users\Administrator> $update[0].Description
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

It seems that my changes are not being committed to the database. Either I'm missing some sort of $wsus.SubmitChanges() or the $wsus.SearchUpdates() command returns an 'update.Clone()' so that my changes are saved to nowhere.

How can I acheive my goal of changing the WSUS update descriptions?

Physikbuddha
  • 291
  • 1
  • 10
  • `$update[0].Description | Get-Member` You might be able to use the `.Replace()` member function, but it isn't clear how to handle changing it. You would need to somehow call a `Set()` but I don't see right off how that works. – mortenya Jul 09 '15 at 17:12
  • A related question on SuperUser asks about what you probably already have solved: How to get a meaningful description of each update. It looks like you've already solved that part, I'd appreciate very much if you could take a look. http://superuser.com/q/878753/99136 – krlmlr Sep 24 '15 at 08:22
  • @krlmlr I must have missed your comment on this question. Now that I created an actual program for my problem described here, I posted an answer to the question above on its Superuser page. – Physikbuddha Dec 03 '15 at 11:32

1 Answers1

7

Update

By using the answer below I created a small tool that automagically adds the descriptions to my WSUS server. I decided to publish my tool on Github, so feel free to try and test it out.

https://github.com/Physikbuddha/wsus-online-descriptions/releases/latest

Sample screenshot

Original Answer

I tried to solve the problem with Get-Member, as suggested by mortenya in the comment section, but with no luck.
Finally, I ended up with directly editing the WSUS database to change the description.

Be careful! Use my solution only if you're absolutely sure what you're doing. Editing the database your server is depending on, is like performing an open heart surgery on your best friend.

My WSUS installation is using the Windows Internal Database to store the update information. Since this version does not allow remote queries, I had to use a local installation of the SQL Server Management Studio.
Connect to the database using the server name provided by the article linked above.

I was able to change the update description by running this query:

UPDATE tbPreComputedLocalizedProperty
SET Description = '"0x00000133" Stop error when there''s faulty hardware in Windows 8.1 or Windows Server 2012 R2'
FROM tbPreComputedLocalizedProperty p
JOIN tbUpdate u ON p.UpdateID = u.UpdateID
JOIN tbRevision r ON u.LocalUpdateID = r.LocalUpdateID
JOIN tbKBArticleForRevision kb ON r.RevisionID = kb.RevisionID
WHERE kb.KBArticleID LIKE '3013791' AND p.ShortLanguage = 'en'
GO

This is just a way to set the description by hand, so I'm going to do further experiments on how to get the descriptions directly from the KB website and to apply them on all new updates automatically. I'll add the information to this post.

Physikbuddha
  • 291
  • 1
  • 10
  • You should almost certainly mark your own [answer as accepted](http://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work). [Self answer is encouraged even](http://stackoverflow.com/help/self-answer). – jscott Dec 03 '15 at 10:59