2

When adding roles and features using the GUI, there are a few extra steps which let you do some extra configuration. For example, when installing WSUS there are a few steps labeled "Role Services" and "Content" which let you pick what database you want to use and set a location for this database. (Image below) WSUS Installation

But let's say I want to install it through powershell instead. I would type the following:

Import-Module servermanager
Install-WindowsFeature -Name UpdateServices -IncludeAllSubFeature -IncludeManagementTools

However this doesn't let me specify where I want to place the database like the GUI did. Is there any command which lets me further configure WSUS from powershell?

Thanks.

Cameron McAuley
  • 127
  • 6

2 Answers2

3

There are quite a few features like this. When I upgraded our WSUS server, I used this command to identify a custom DB location:

& "$env:programfiles\update services\tools\wsusutil.exe" postinstall CONTENT_DIR=E:\WSUS\

There were many other steps required to complete the migration to our new server - I called this util a second time after assigning a new guid on the sever.

Another example... after installing the Administration Tools Pack, then using dism.exe to enable specific tools like Active Directory Users and Computers.

Edit: ok... this was my script to get our new WSUS server going. Please member it it was specific to our environment and will likely need some massaging to work yours:

<#
Initial setup script for WSUS 6.3 (Server 2012)
Created : 12/02/2014
#>

$oldserver = "[enter DNS name of old server]"
$newserver = $env:ComputerName

$WID = "\\.\pipe\Microsoft##WID\tsql\query"
$WIDService = "MSSQL`$MICROSOFT##WID"

Function Create-Group ([String]$name, [String]$desc) {
   $objOu = [ADSI]"WinNT://$newserver"
   $objGroup = $objOU.Create("group", $name)
   $objGroup.SetInfo()
   $objGroup.Description = $desc
   $objGroup.SetInfo()
}

Function Confirm($message) {
   $caption = "Confirm"
   $yes = new-Object System.Management.Automation.Host.ChoiceDescription "&Yes","help"
   $no = new-Object System.Management.Automation.Host.ChoiceDescription "&No","help"
   $choices = [System.Management.Automation.Host.ChoiceDescription[]]($yes,$no)
   $host.ui.PromptForChoice($caption,$message,$choices,0)
}

If (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
   Write-Host "Script needs to be run as Administartor"
   Exit 0
} Else {
   If (Confirm("You are about to run the WSUS setup script. Do you want to continue?") -eq 1) {
      Exit 0
   }
}

Import-Module SQLPS

# Add the WSUS role to the server
Write-Host "Installing the WSUS Server Role - post-install configuration will be run as part of this script"
Install-WindowsFeature -Name UpdateServices -IncludeManagementTools -WhatIf
Install-WindowsFeature -Name UpdateServices -IncludeManagementTools

# Copy WSUS patches to new server
Write-Host "Copying patch repository from \\$oldserver\E$\WSUS"
Copy-Item "\\$oldserver\E$\WSUS" "\\$newserver\E$\" -Recurse

# Copy WSUS database to new server
Write-Host "Copying WSUS Database from \\$oldserver\E$\WSUS DB Backups\Backup.bak"
Copy-Item "\\$oldserver\E$\WSUS DB Backups\Backup.bak" "\\$newserver\E$\TEMP"

# Create WSUS Security groups on new server
Write-Host "Creating WSUS access groups"
Create-Group "WSUS Administrators" "WSUS Administrators can administer the Windows Server Update Services server."
Create-Group "WSUS Reporters" "WSUS Administrators who can only run reports on the Windows Server Update Services server."
# Populate groups via group policy
gpupdate /force

# Ensure the Windows Internal Database (WID) is running and set to auto startup
Write-Host "Checking Windows Internal Database"
(Get-Service -Name $WIDService -ComputerName $newserver).Start
Set-Service -Name $WIDService -ComputerName $newserver -StartupType Automatic
Start-Sleep -s 5

# Create a blank DB for new WSUS instance
Write-Host "Creating blank DB for WSUS"
$sql = New-Object Microsoft.SqlServer.Management.Smo.Server($WID)
$db = New-Object Microsoft.SqlServer.Management.Smo.Database($sql, "SUSDB")
$db.Create()
Write-Host "DB created on " $db.CreateDate
Start-Sleep -s 5

Write-Host "Restoring \\$newserver\E$\WSUS DB Backups\Backup.bak to new server"
Write-Host "Note: there WILL be one warning"
# Drop the newly created DB
Invoke-SqlCmd -InputFile ".\SUSDB_Drop.sql" -ServerInstance $WID -OutputSqlErrors $True -Verbose
Start-Sleep -s 5
# Restore the previous DB over the blank DB
Invoke-SqlCmd -InputFile ".\SUSDB_Restore.sql" -ServerInstance $WID -OutputSqlErrors $True -Verbose
Start-Sleep -s 5

# Run the WSUS postinstall command with the patch folder
Write-Host "Identifying WSUS repository as E:\WSUS"
& "$env:programfiles\update services\tools\wsusutil.exe" postinstall CONTENT_DIR=E:\WSUS\

# Give the WSUS instance a new identity (powershell)
Write-Host "Creating new ID for WSUS server"
$updateServer = Get-WsusServer -Name $newserver -Port 8530
$config = $updateServer.GetConfiguration()
$config.ServerId = [System.Guid]::NewGuid()
$config.Save()

# Re-run the postinstall with the new identity
Write-Host "Running WSUS postinstall with for ID"
& "$env:ProgramFiles\Update Services\Tools\wsusutil.exe" postinstall

# Change the WSUS service to run on port 80 (as per current server)
Write-Host "Changing default WSUS port to port 80"
& "$env:programfiles\update services\tools\wsusutil.exe" usecustomwebsite false

# Replicate SQL security using query provided by DST
Write-Host "Restoring SQL permissions"
Invoke-SqlCmd -InputFile ".\SUSDB_RoleUsers.sql" -ServerInstance $WID -OutputSqlErrors $True -Verbose
xXhRQ8sD2L7Z
  • 685
  • 5
  • 12
  • Thanks. Yea I had the issue where I couldn't find AD Users and Computers, and it was because I had not installed the RSAT-ADDS WindowsFeature. Out of interest, do you know if there is a list anywhere of all the steps you would need to talk to stall WSUS for example? So far I have been referring to the add roles/functions wizard and trying to find a command for every step. – Cameron McAuley Sep 08 '15 at 08:01
2

Once a feature has been installed via PowerShell configuration can be completed with the PowerShell module for that feature.

However not all windows features have complete modules yet, your WSUS task of moving the WSUS database location, is one such example. However this does not mean that PowerShell cannot be used to complete the task only that there are additional steps required.

Microsoft has a technet article here that demonstrates setting the database location by making use of the wsusutil command line program.

Persistent13
  • 643
  • 3
  • 13