2012-09-17

Delete old/unwanted updates from WSUS

I wanted to delete all updates related to the "Drivers" classification in WSUS, as we no longer uses this solution for such updates.

I discovered that the "Server Cleanup Wizard" would not help me.

First of all, I removed all approvals/declines for all Drivers in the WSUS MMC (or GUI if you like). By running the cleanup wizard, all downloaded files where removed. The updates were still in the WSUS database (SUSDB).

I did some searches, and found PoshWSUS, and the "Remove-WSUSUpdate" commandlet. This uses the WSUS API and removes updates from the database based on the search feature in the API. Some experimenting by providing some known driver vendor names, confirmed that this worked.

I still wanted to remove all updates from the driver classification, and preferably automatic.

There seems to be few methods in the WSUS API to filter on classifications (other than the create-new-auto-approve method), so I had to use my limping Powershell powers and write something myself.
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer('localhost',$False)
[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | Out-Null
$wsus.getupdates() | Where {$_.UpdateClassificationTitle -eq 'Drivers'} | ForEach-Object { $wsus.DeleteUpdate($_.Id. UpdateID); Write-Host $_.Title removed }

As I write this, these lines are happily removing my odd 18 thousand drivers updates (slooooow).
Screenshot



If you ever stumble upon this blog, searching for something like this,I have to warn you that I will not guarantee any success using this, and that you might end up with a broken WSUS install.

13 comments:

  1. holy cow, thank you for this! I did have to change this a little bit. if anyone is getting errors with the above try this one. All I did was rearrange the order amd remove a space

    [reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | Out-Null
    $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer()
    $wsus.getupdates() | Where {$_.UpdateClassificationTitle -eq 'Drivers'} | ForEach-Object { $wsus.DeleteUpdate($_.Id.UpdateID); Write-Host $_.Title removed }

    ReplyDelete
  2. Thank you Rune and thank you krumpaul! I also performed this on my own Server!

    ReplyDelete
  3. Dear Rune,
    i have same problem my ex collegue downloaded driver categories in wsus.i wanted to remove but unable to. couls you please help me do that step by step

    appricate ur time and cooperation

    ReplyDelete
  4. Waseem Raja, perhaps my post on Technibble might be of assistance? I just wrote it today in part based on information I gained from this thread...

    http://www.technibble.com/forums/showthread.php?p=369149#post369149

    ReplyDelete
  5. Cant believe this is still a problem with WSUS, many thanks for saving the brick wall I was starting to bash!

    ReplyDelete
  6. Good job Rune, though the Krumpaul's solution worked for me.

    ReplyDelete
  7. I got "operation timed out" .. I guess i have around 71000 drivers :-/ ... Will it start to delete it a few each time or does it query the database for all updates first before it starts to delete (guess so)?? .. In that case i have to think of something else :(

    ReplyDelete
    Replies
    1. I re-indexed my database and it seems better now. Running a query to remove all the declined updates at the moment. Takes a long time.. 10 updates per minute.

      Delete
  8. This comment has been removed by the author.

    ReplyDelete