RightClickNewNetwork

User Tools

Site Tools

You are here: adsetup » adsetup » options » wsus
adsetup:options:wsus

This option will create a few groups and a simple WSUS policy.

### Create the Group
    Try {Get-ADGroup "$Base WSUS Test Workstations" -Server $SelectedDC> $Null}
              Catch {New-ADGroup -GroupScope Global -Name "$Base WSUS Test Workstations"}
              Finally {
              $WSUSTestWorkstationsGUID = (Get-ADGroup "$Base WSUS Test Workstations" -Server $SelectedDC).ObjectGUID.GUID
              If ($CreateOU -eq $True) {Move-ADObject -Identity $WSUSTestWorkstationsGUID -Targetpath $GroupsOU -Server $SelectedDC}
              }
    
    Try {Get-ADGroup "$Base Workstations" -Server $SelectedDC > $Null}
              Catch {New-ADGroup -GroupScope Global -Name "$Base Workstations" -Server $SelectedDC}
              Finally {
              $WSUSWorkstationsGUID = (Get-ADGroup "$Base Workstations" -Server $SelectedDC).ObjectGUID.GUID
              If ($CreateOU -eq $True) {Move-ADObject -Identity $WSUSWorkstationsGUID -Targetpath $GroupsOU -Server $SelectedDC}
              }

    Create_GPO $GPWSUSTestPolicy $ComputersOU
    (Get-GPO $GPWSUSTestPolicy -Server $SelectedDC).Gpostatus = "UserSettingsDisabled" 
    Create_GPO $GPWSUSPolicy $ComputersOU
    (Get-GPO $GPWSUSPolicy -Server $SelectedDC).Gpostatus = "UserSettingsDisabled" 
    
              
    If ($LinkOU -eq $True) {Link_GPO $GPWSUSTestPolicy $ComputersOU}
    If ($LinkOU -eq $True) {Link_GPO $GPWSUSPolicy $ComputersOU}
    
    WriteLog "Configuring Policy $([char]0x2192) $GPWSUSTestPolicy" "Info"
    WriteLog $Line "LINE"
    Set-GPPermission -Name "$Base WSUS Test Workstations" -PermissionLevel None -TargetName "Authenticated Users" -TargetType Group -Server $SelectedDC > $Null
    Set-GPPermission -Name "$Base WSUS Test Workstations" -PermissionLevel GPOApply -TargetName "$Base WSUS Test Workstations" -TargetType Group -Server $SelectedDC > $Null
    WriteLog "Added to GP $([char]0x2192) `t`tKey`t`tName`t`tValue" "GPHeader"
    Set_GP $GPWSUSTestPolicy "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" "DWORD" "TargetGroupEnabled" 1
    Set_GP $GPWSUSTestPolicy "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" "String" "TargetGroup" "$Base WSUS Test Workstations"
    Set_GP $GPEntComputer "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" "DWORD" "AcceptTrustedPublisherCerts" 1
    Set_GP $GPEntComputer "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" "DWORD" "ElevateNonAdmins" 0
    Set_GP $GPEntComputer "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" "String" "TargetGroup" "$Base Workstations"
    Set_GP $GPEntComputer "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" "DWORD" "TargetGroupEnabled" 1
    Set_GP $GPEntComputer "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" "DWORD" "AUOptions" 2
    Set_GP $GPEntComputer "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" "DWORD" "NoAUAsDefaultShutdownOption" 1
    Set_GP $GPEntComputer "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" "DWORD" "NoAUShutdownOption" 1
    Set_GP $GPEntComputer "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" "DWORD" "NoAutoUpdate" 0
    Set_GP $GPEntComputer "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" "DWORD" "ScheduledInstallDay" 1
    Set_GP $GPEntComputer "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" "DWORD" "ScheduledInstallTime" 3

}
adsetup/options/wsus.txt · Last modified: 2017/03/31 18:38 by rob