### Configure default values $TempDir = "C:\temp" # Temp location to download required setup files (not patches) $WindowsSXS = "D:\sources\sxs" # Location of Windows install files (in this case, this is the location of the windows DVD) $WSUSDir = "W:\WSUS" # Location that WSUS will store downloaded patches and files $WSUSType = 'SQLExpress' # Specifies if you want to use 'SQLExpress' or 'WID' $doInstallDotNet = $True # Set to True to download and install .net $doInstallRepViewer = $True # Set to True to download and install MS Report viewer 2012 (required for WSUS) $doDownloadSQLExpress = $True # Set to True to download and install SQL Express $doInstallSQLExpress = $True # Set to True to Install SQL Express $doWSUSConfig = $True # Set to True to configure WSUS $doInitialSync = $True # Set to True to do an initial sync $doSetProducts = $True # Set to True to configure the products that you want to sync $doSetClassifications = $True # Set to True to configure the classifications (critical, important, etc) $doConfigureAutoSync = $True # Set to True to configure the Sync settings (default: daily at midnight) #$doMonitorProgress = $True # Not sure if this works, so commented out at the moment $doDeclineUpdates = $True # Set to True to configure the declied updates $doConfigApprovals = $True # Set to True set the default approval rules # Install .Net Framework 3.5 from media function installDotNet{ write-host 'Installing .Net Framework 3.5' Install-WindowsFeature -name NET-Framework-Core -Source $WindowsSXS } # Download MS Report Viewer 2008 SP1 for WSUS reports function downloadReportViewer{ write-host "Downloading Microsoft Report Viewer 2008 SP1...please wait" $URL = "https://download.microsoft.com/download/F/B/7/FB728406-A1EE-4AB5-9C56-74EB8BDDF2FF/ReportViewer.msi" Start-BitsTransfer $URL $TempDir -RetryInterval 60 -RetryTimeout 180 -ErrorVariable err if ($err) { write-host 'Microsoft Report Viewer 2008 SP1 could not be downloaded!' -ForegroundColor Red write-host 'Please download and install it manually to use WSUS Reports.' -ForegroundColor Red write-host 'Continuing anyway...' -ForegroundColor Magenta } } # Download CLR Types for SQL server 2012 function downloadCLRTypes{ write-host 'Downloading CLR Types for SQL server 2012...' $URL = 'https://download.microsoft.com/download/F/3/C/F3C64941-22A0-47E9-BC9B-1A19B4CA3E88/ENU/x86/SQLSysClrTypes.msi' Start-BitsTransfer $URL $TempDir -RetryInterval 60 -RetryTimeout 180 -ErrorVariable err if ($err) { write-host 'CLR Types for SQL server 2012 could not be downloaded!' -ForegroundColor Red write-host 'Please download and install it manually to use WSUS Reports.' -ForegroundColor Red write-host 'Continuing anyway...' -ForegroundColor Magenta } } # Install CLR Types for SQL server 2012 function installCLRTypes{ write-host 'Installing CLR Types for SQL server 2012...' $params = '/i', "$TempDir\SQLSysClrTypes.msi", '/qb!' $setup=Start-Process msiexec.exe $params -wait -PassThru if ($setup.exitcode -eq 0) { write-host 'Successfully installed CLR Types for SQL server 2012' } else { Write-Host "error code: $setup.exitcode" write-host 'CLR Types for SQL server 2012 did not install correctly.' -ForegroundColor Red write-host 'Please download and install it manually to use WSUS Reports.' -ForegroundColor Red write-host 'Continuing anyway...' -ForegroundColor Magenta } } # Install MS Report Viewer 2008 SP1 function installReportViewer{ write-host 'Installing Microsoft Report Viewer 2008 SP1...' #$setup=Start-Process "$TempDir\ReportViewer.msi" -verb RunAs -ArgumentList '/q' -Wait -PassThru $params = '/i', "$TempDir\ReportViewer.msi", '/qb!' $setup=Start-Process msiexec.exe $params -wait -PassThru if ($setup.exitcode -eq 0) { write-host 'Successfully installed' } else { Write-Host "error code: $setup.exitcode" write-host 'Microsoft Report Viewer 2008 SP1 did not install correctly.' -ForegroundColor Red write-host 'Please download and install it manually to use WSUS Reports.' -ForegroundColor Red write-host 'Continuing anyway...' -ForegroundColor Magenta } } # Download SQL 2012 Express SP1 with tools function downloadSQLExpress2012{ write-host 'Downloading SQL 2012 Express SP1 with Tools...' Start-Sleep -Seconds 10 # wait 10 seconds in case of BITS overload error $URL = 'http://download.microsoft.com/download/5/2/9/529FEF7B-2EFB-439E-A2D1-A1533227CD69/SQLEXPRWT_x64_ENU.exe' Start-BitsTransfer $URL $TempDir -RetryInterval 60 -RetryTimeout 180 -ErrorVariable err if ($err) { write-host 'Microsoft SQL 2012 Express SP1 could not be downloaded! Please check internet availability.' -ForegroundColor Red write-host 'The script will stop now.' -ForegroundColor Red break } } # Install SQL 2012 Express with defaults function installSQLExpress2012{ write-host 'Installing SQL Server 2012 SP1 Express with Tools...' $setup=Start-Process "$TempDir\SQLEXPRWT_x64_ENU.exe" -verb RunAs -ArgumentList '/QUIETSIMPLE /IACCEPTSQLSERVERLICENSETERMS /ACTION=INSTALL /ROLE=ALLFEATURES_WITHDEFAULTS /INSTANCENAME=SQLEXPRESS /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS" /UPDATEENABLED=TRUE /UPDATESOURCE="MU"' -Wait -PassThru if ($setup.exitcode -eq 0) { write-host 'Successfully installed' } else { write-host 'SQL Server 2012 SP1 Express did not install correctly.' -ForegroundColor Red write-host 'Please check the Summary.txt log at C:\Program Files\Microsoft SQL Server\110\Setup Bootstrap\Log' -ForegroundColor Red write-host 'The script will stop now.' -ForegroundColor Red break } } # Install WID function installWSUSWID{ write-host 'Installing WSUS for WID (Windows Internal Database)' Install-WindowsFeature -Name UpdateServices -IncludeManagementTools } # Install WSUS function installWSUSSQL{ write-host 'Installing WSUS for SQL Database' Install-WindowsFeature -Name UpdateServices-Services,UpdateServices-DB -IncludeManagementTools } # Run WSUS Post-Configuration function WSUSConfig{ if ($WSUSType -eq 'WID') { Set-Location 'C:\Program Files\Update Services\Tools' .\wsusutil.exe postinstall CONTENT_DIR=$WSUSDir } if ($WSUSType -eq 'SQLExpress') { Set-Location 'C:\Program Files\Update Services\Tools' .\wsusutil.exe postinstall SQL_INSTANCE_NAME="%COMPUTERNAME%\SQLEXPRESS" CONTENT_DIR=$WSUSDir } # Get WSUS Server Object $wsus = Get-WSUSServer # Connect to WSUS server configuration $wsusConfig = $wsus.GetConfiguration() # Set to download updates from Microsoft Updates Set-WsusServerSynchronization -SyncFromMU # Set Update Languages to English and save configuration settings $wsusConfig.AllUpdateLanguagesEnabled = $false $wsusConfig.SetEnabledUpdateLanguages("en") $wsusConfig.Save() } # Get WSUS Subscription and perform initial synchronization to get latest categories function initialSync{ $wsus = Get-WSUSServer $subscription = $wsus.GetSubscription() $subscription.StartSynchronizationForCategoryOnly() write-host 'Beginning first WSUS Sync to get available Products etc' -ForegroundColor Magenta write-host 'Will take some time to complete' While ($subscription.GetSynchronizationStatus() -ne 'NotProcessing') { Write-Host "." -NoNewline Start-Sleep -Seconds 5 } write-host ' ' Write-Host 'Sync is done.' -ForegroundColor Green } # Configure the Platforms that we want WSUS to receive updates function setProducts{ write-host 'Setting WSUS Products' Get-WsusProduct | where-Object { $_.Product.Title -in ( 'Report Viewer 2005', 'Report Viewer 2008', 'Report Viewer 2010', 'Visual Studio 2005', 'Visual Studio 2008', 'Visual Studio 2010 Tools for Office Runtime', 'Visual Studio 2010', 'Visual Studio 2012', 'Visual Studio 2013', 'Microsoft Lync 2010', 'Microsoft SQL Server 2008 R2 - PowerPivot for Microsoft Excel 2010', 'Dictionary Updates for Microsoft IMEs', 'New Dictionaries for Microsoft IMEs', 'Office 2003', 'Office 2010', 'Office 2013', 'Silverlight', 'System Center 2012 - Orchestrator', 'Windows 7', 'Windows 8.1 Drivers', 'Windows 8.1 Dynamic Update', 'Windows 8', 'Windows Dictionary Updates', 'Windows Server 2008 R2', 'Windows Server 2008', 'Windows Server 2012 R2', 'Windows Server 2012', 'Windows XP 64-Bit Edition Version 2003', 'Windows XP x64 Edition', 'Windows XP') } | Set-WsusProduct } # Configure the Classifications function setClassifications{ write-host 'Setting WSUS Classifications' Get-WsusClassification | Where-Object { $_.Classification.Title -in ( 'Critical Updates', 'Definition Updates', 'Feature Packs', 'Security Updates', 'Service Packs', 'Update Rollups', 'Updates') } | Set-WsusClassification write-host 'Before continuing, please open the WSUS Console, cancel the WSUS Configuration Wizard,' - -ForegroundColor Red write-host 'Go to Options > Products and Classifications, and check that the Products are set correctly.' - -ForegroundColor Red write-host 'Pausing script' -ForegroundColor Yellow $Shell = New-Object -ComObject "WScript.Shell" $Button = $Shell.Popup('Click OK to continue.', 0, 'Script Paused', 0) # Using Pop-up in case script is running in ISE } # Configure Synchronizations function configureAutoSync{ write-host 'Enabling WSUS Automatic Synchronisation' $wsus = Get-WSUSServer $subscription = $wsus.GetSubscription() $subscription.SynchronizeAutomatically=$true # Set synchronization scheduled for midnight each night $subscription.SynchronizeAutomaticallyTimeOfDay= (New-TimeSpan -Hours 0) $subscription.NumberOfSynchronizationsPerDay=1 $subscription.Save() # Kick off a synchronization $subscription.StartSynchronization() } # Monitor Progress of Synchronisation function monitorProgress{ $wsus = Get-WSUSServer $subscription = $wsus.GetSubscription() write-host 'Starting WSUS Sync, will take some time' -ForegroundColor Magenta Start-Sleep -Seconds 60 # Wait for sync to start before monitoring while ($subscription.GetSynchronizationProgress().ProcessedItems -ne $subscription.GetSynchronizationProgress().TotalItems) { Write-Progress -PercentComplete ( $subscription.GetSynchronizationProgress().ProcessedItems*100/($subscription.GetSynchronizationProgress().TotalItems) ) -Activity 'WSUS Sync Progress' } Write-Host 'Sync is done.' -ForegroundColor Green } # Decline Unwanted Updates function declineUpdates{ $wsus = Get-WSUSServer $subscription = $wsus.GetSubscription() if ($DeclineUpdates -eq $True) { write-host 'Declining Unwanted Updates' $approveState = 'Microsoft.UpdateServices.Administration.ApprovedStates' -as [type] # Declining All Internet Explorer 10 $updateScope = New-Object Microsoft.UpdateServices.Administration.UpdateScope -Property @{ TextIncludes = '2718695' ApprovedStates = $approveState::Any } $wsus.GetUpdates($updateScope) | ForEach-Object { Write-Verbose ("Declining {0}" -f $_.Title) -Verbose $_.Decline() } # Declining Microsoft Browser Choice EU $updateScope = New-Object Microsoft.UpdateServices.Administration.UpdateScope -Property @{ TextIncludes = '976002' ApprovedStates = $approveState::Any } $wsus.GetUpdates($updateScope) | ForEach-Object { Write-Verbose ("Declining {0}" -f $_.Title) -Verbose $_.Decline() } # Declining all Itanium Update $updateScope = New-Object Microsoft.UpdateServices.Administration.UpdateScope -Property @{ TextIncludes = 'itanium' ApprovedStates = $approveState::Any } $wsus.GetUpdates($updateScope) | ForEach-Object { Write-Verbose ("Declining {0}" -f $_.Title) -Verbose $_.Decline() } } } # Configure Default Approval Rule function configApprovals{ $wsus = Get-WSUSServer if ($DefaultApproval -eq $True) { write-host 'Configuring default automatic approval rule' [void][reflection.assembly]::LoadWithPartialName('Microsoft.UpdateServices.Administration') $rule = $wsus.GetInstallApprovalRules() | Where-Object {$_.Name -eq 'Default Automatic Approval Rule'} $class = $wsus.GetUpdateClassifications() | Where-Object {$_.Title -In ( 'Critical Updates', 'Definition Updates', 'Feature Packs', 'Security Updates', 'Service Packs', 'Update Rollups', 'Updates')} $class_coll = New-Object Microsoft.UpdateServices.Administration.UpdateClassificationCollection $class_coll.AddRange($class) $rule.SetUpdateClassifications($class_coll) $rule.Enabled = $True $rule.Save() } } ###### MAIN ###### if($doInstallDotNet -eq $true) {installDotNet} if ($doInstallRepViewer -eq $True){ downloadCLRTypes downloadReportViewer installCLRTypes installReportViewer } if ($doDownloadSQLExpress -eq $True) { downloadSQLExpress2012 } if ($doInstallSQLExpress -eq $True) { installSQLExpress2012 } if ($WSUSType -eq 'SQLExpress' -eq $True) { installWSUSSQL } if ($WSUSType -eq 'WID') { installWSUSWID } if ($doWSUSConfig -eq $True) { WSUSConfig } if ($doInitialSync -eq $True) { initialSync } if ($doSetProducts -eq $True) { setProducts } if ($doSetClassifications -eq $True) { setClassifications } if ($doConfigureAutoSync -eq $True) { configureAutoSync } if ($doMonitorProgress -eq $True) { monitorProgress } if ($doDeclineUpdates -eq $True) { declineUpdates } if ($doConfigApprovals -eq $True) { ConfigApprovals }