When looking at the WSUS 3.0 API, there is no way I can find if a given update is needed or not. The UpdateInstallationState enum has a NotApplicable
value with the following description: "The update is not applicable to the client computer".
Meeaning, that update may be already installed and therefore is not applicable anymore to the target computer.
The Powershell code will count for each update the number of computer target on which the update is applicable.
$updateScope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
$updateScope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::Any
$updateScope.IncludedInstallationStates = [Microsoft.UpdateServices.Administration.UpdateInstallationStates]::All
$updatesCount = @{}
ForEach ($cpt in $WSUS.GetComputerTargets().GetEnumerator())
{
ForEach ($updt in $cpt.GetUpdateInstallationInfoPerUpdate($updateScope))
{
If (-not $updatesCount.ContainsKey($updt.UpdateId))
{
$updatesCount.Set_Item($updt.UpdateId, 0)
}
If ($updt.UpdateInstallationState -eq [Microsoft.UpdateServices.Administration.UpdateInstallationState]::NotApplicable)
{
Continue
}
$updatesCount[$updt.UpdateId] += 1
}
}
Running this code on my WSUS server I will get no update that are not applicable (count equals 0). However, in the WSUS Console Administration, I do see some updates that are not needed.
How can I know if an update is really needed by a computer target and calculate the Needed Count value as shown in the WSUS Administration Console?