Function Hide-WUUpdate
{
<#
.SYNOPSIS
Get list of available updates meeting the criteria and try to hide/unhide it.
.DESCRIPTION
Use Hide-WUUpdate to get list of available updates meeting specific criteria. In next step script try to hide (or unhide) updates.
There are two types of filtering update: Pre search criteria, Post search criteria.
- Pre search works on server side, like example: ( IsInstalled = 0 and IsHidden = 0 and CategoryIds contains '0fa1201d-4330-4fa8-8ae9-b877473b6441' )
- Post search work on client side after downloading the pre-filtered list of updates, like example $KBArticleID -match $Update.KBArticleIDs
Status list:
D - IsDownloaded, I - IsInstalled, M - IsMandatory, H - IsHidden, U - IsUninstallable, B - IsBeta
.PARAMETER UpdateType
Pre search criteria. Finds updates of a specific type, such as 'Driver' and 'Software'. Default value contains all updates.
.PARAMETER UpdateID
Pre search criteria. Finds updates of a specific UUID (or sets of UUIDs), such as '12345678-9abc-def0-1234-56789abcdef0'.
.PARAMETER RevisionNumber
Pre search criteria. Finds updates of a specific RevisionNumber, such as '100'. This criterion must be combined with the UpdateID param.
.PARAMETER CategoryIDs
Pre search criteria. Finds updates that belong to a specified category (or sets of UUIDs), such as '0fa1201d-4330-4fa8-8ae9-b877473b6441'.
.PARAMETER IsInstalled
Pre search criteria. Finds updates that are installed on the destination computer.
.PARAMETER IsHidden
Pre search criteria. Finds updates that are marked as hidden on the destination computer.
.PARAMETER IsNotHidden
Pre search criteria. Finds updates that are not marked as hidden on the destination computer. Overwrite IsHidden param.
.PARAMETER Criteria
Pre search criteria. Set own string that specifies the search criteria.
.PARAMETER ShowSearchCriteria
Show choosen search criteria. Only works for pre search criteria.
.PARAMETER Category
Post search criteria. Finds updates that contain a specified category name (or sets of categories name), such as 'Updates', 'Security Updates', 'Critical Updates', etc...
.PARAMETER KBArticleID
Post search criteria. Finds updates that contain a KBArticleID (or sets of KBArticleIDs), such as 'KB982861'.
.PARAMETER Title
Post search criteria. Finds updates that match part of title, such as ''
.PARAMETER NotCategory
Post search criteria. Finds updates that not contain a specified category name (or sets of categories name), such as 'Updates', 'Security Updates', 'Critical Updates', etc...
.PARAMETER NotKBArticleID
Post search criteria. Finds updates that not contain a KBArticleID (or sets of KBArticleIDs), such as 'KB982861'.
.PARAMETER NotTitle
Post search criteria. Finds updates that not match part of title.
.PARAMETER IgnoreUserInput
Post search criteria. Finds updates that the installation or uninstallation of an update can't prompt for user input.
.PARAMETER IgnoreRebootRequired
Post search criteria. Finds updates that specifies the restart behavior that not occurs when you install or uninstall the update.
.PARAMETER ServiceID
Set ServiceIS to change the default source of Windows Updates. It overwrite ServerSelection parameter value.
.PARAMETER WindowsUpdate
Set Windows Update Server as source. Default update config are taken from computer policy.
.PARAMETER MicrosoftUpdate
Set Microsoft Update Server as source. Default update config are taken from computer policy.
.PARAMETER HideStatus
Status used in script. Default is $True = hide update.
.PARAMETER ComputerName
Specify the name of the computer to the remote connection.
.PARAMETER Debuger
Debug mode.
.EXAMPLE
Get list of available updates from Microsoft Update Server and hide it.
PS C:\> Hide-WUList -MicrosoftUpdate
Confirm
Are you sure you want to perform this action?
Performing the operation "Hide Windows Malicious Software Removal Tool x64 - December 2013 (KB890830)?" on target
"TEST".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y
ComputerName Status KB Size Title
------------ ------ -- ---- -----
TEST D--H-- KB890830 8 MB Windows Malicious Software Removal Tool x64 - December 2013 (KB890830)
.EXAMPLE
Unhide update
PS C:\> Hide-WUUpdate -Title 'Windows Malicious*' -HideStatus:$false
Confirm
Are you sure you want to perform this action?
Performing the operation "Unhide Windows Malicious Software Removal Tool x64 - December 2013 (KB890830)?" on target
"TEST".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y
ComputerName Status KB Size Title
------------ ------ -- ---- -----
TEST D----- KB890830 8 MB Windows Malicious Software Removal Tool x64 - December 2013 (KB890830)
.NOTES
Author: Michal Gajda
Blog : http://commandlinegeeks.com/
.LINK
Get-WUServiceManager
Get-WUInstall
#>
[OutputType('PSWindowsUpdate.WUList')]
[CmdletBinding(
SupportsShouldProcess=$True,
ConfirmImpact="High"
)]
Param
(
#Pre search criteria
[ValidateSet("Driver", "Software")]
[String]$UpdateType = "",
[String[]]$UpdateID,
[Int]$RevisionNumber,
[String[]]$CategoryIDs,
[Switch]$IsInstalled,
[Switch]$IsHidden,
[Switch]$IsNotHidden,
[String]$Criteria,
[Switch]$ShowSearchCriteria,
#Post search criteria
[String[]]$Category="",
[String[]]$KBArticleID,
[String]$Title,
[String[]]$NotCategory="",
[String[]]$NotKBArticleID,
[String]$NotTitle,
[Alias("Silent")]
[Switch]$IgnoreUserInput,
[Switch]$IgnoreRebootRequired,
#Connection options
[String]$ServiceID,
[Switch]$WindowsUpdate,
[Switch]$MicrosoftUpdate,
[Switch]$HideStatus = $true,
#Mode options
[Switch]$Debuger,
[parameter(ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true)]
[String[]]$ComputerName
)
Begin
{
If($PSBoundParameters['Debuger'])
{
$DebugPreference = "Continue"
} #End If $PSBoundParameters['Debuger']
$User = [Security.Principal.WindowsIdentity]::GetCurrent()
$Role = (New-Object Security.Principal.WindowsPrincipal $user).IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
if(!$Role)
{
Write-Warning "To perform some operations you must run an elevated Windows PowerShell console."
} #End If !$Role
}
Process
{
Write-Debug "STAGE 0: Prepare environment"
######################################
# Start STAGE 0: Prepare environment #
######################################
Write-Debug "Check if ComputerName in set"
If($ComputerName -eq $null)
{
Write-Debug "Set ComputerName to localhost"
[String[]]$ComputerName = $env:COMPUTERNAME
} #End If $ComputerName -eq $null
####################################
# End STAGE 0: Prepare environment #
####################################
$UpdateCollection = @()
Foreach($Computer in $ComputerName)
{
If(Test-Connection -ComputerName $Computer -Quiet)
{
Write-Debug "STAGE 1: Get updates list"
###################################
# Start STAGE 1: Get updates list #
###################################
If($Computer -eq $env:COMPUTERNAME)
{
Write-Debug "Create Microsoft.Update.ServiceManager object"
$objServiceManager = New-Object -ComObject "Microsoft.Update.ServiceManager" #Support local instance only
Write-Debug "Create Microsoft.Update.Session object for $Computer"
$objSession = New-Object -ComObject "Microsoft.Update.Session" #Support local instance only
} #End If $Computer -eq $env:COMPUTERNAME
Else
{
Write-Debug "Create Microsoft.Update.Session object for $Computer"
$objSession = [activator]::CreateInstance([type]::GetTypeFromProgID("Microsoft.Update.Session",$Computer))
} #End Else $Computer -eq $env:COMPUTERNAME
Write-Debug "Create Microsoft.Update.Session.Searcher object for $Computer"
$objSearcher = $objSession.CreateUpdateSearcher()
If($WindowsUpdate)
{
Write-Debug "Set source of updates to Windows Update"
$objSearcher.ServerSelection = 2
$serviceName = "Windows Update"
} #End If $WindowsUpdate
ElseIf($MicrosoftUpdate)
{
Write-Debug "Set source of updates to Microsoft Update"
$serviceName = $null
Foreach ($objService in $objServiceManager.Services)
{
If($objService.Name -eq "Microsoft Update")
{
$objSearcher.ServerSelection = 3
$objSearcher.ServiceID = $objService.ServiceID
$serviceName = $objService.Name
Break
}#End If $objService.Name -eq "Microsoft Update"
}#End ForEach $objService in $objServiceManager.Services
If(-not $serviceName)
{
Write-Warning "Can't find registered service Microsoft Update. Use Get-WUServiceManager to get registered service."
Return
}#Enf If -not $serviceName
} #End Else $WindowsUpdate If $MicrosoftUpdate
ElseIf($Computer -eq $env:COMPUTERNAME) #Support local instance only
{
Foreach ($objService in $objServiceManager.Services)
{
If($ServiceID)
{
If($objService.ServiceID -eq $ServiceID)
{
$objSearcher.ServiceID = $ServiceID
$objSearcher.ServerSelection = 3
$serviceName = $objService.Name
Break
} #End If $objService.ServiceID -eq $ServiceID
} #End If $ServiceID
Else
{
If($objService.IsDefaultAUService -eq $True)
{
$serviceName = $objService.Name
Break
} #End If $objService.IsDefaultAUService -eq $True
} #End Else $ServiceID
} #End Foreach $objService in $objServiceManager.Services
} #End Else $MicrosoftUpdate If $Computer -eq $env:COMPUTERNAME
ElseIf($ServiceID)
{
$objSearcher.ServiceID = $ServiceID
$objSearcher.ServerSelection = 3
$serviceName = $ServiceID
}
Else #End Else $Computer -eq $env:COMPUTERNAME If $ServiceID
{
$serviceName = "default (for $Computer) Windows Update"
} #End Else $ServiceID
Write-Debug "Set source of updates to $serviceName"
Write-Verbose "Connecting to $serviceName server. Please wait..."
Try
{
$search = ""
If($Criteria)
{
$search = $Criteria
} #End If $Criteria
Else
{
If($IsInstalled)
{
$search = "IsInstalled = 1"
Write-Debug "Set pre search criteria: IsInstalled = 1"
} #End If $IsInstalled
Else
{
$search = "IsInstalled = 0"
Write-Debug "Set pre search criteria: IsInstalled = 0"
} #End Else $IsInstalled
If($UpdateType -ne "")
{
Write-Debug "Set pre search criteria: Type = $UpdateType"
$search += " and Type = '$UpdateType'"
} #End If $UpdateType -ne ""
If($UpdateID)
{
Write-Debug "Set pre search criteria: UpdateID = '$([string]::join(", ", $UpdateID))'"
$tmp = $search
$search = ""
$LoopCount = 0
Foreach($ID in $UpdateID)
{
If($LoopCount -gt 0)
{
$search += " or "
} #End If $LoopCount -gt 0
If($RevisionNumber)
{
Write-Debug "Set pre search criteria: RevisionNumber = '$RevisionNumber'"
$search += "($tmp and UpdateID = '$ID' and RevisionNumber = $RevisionNumber)"
} #End If $RevisionNumber
Else
{
$search += "($tmp and UpdateID = '$ID')"
} #End Else $RevisionNumber
$LoopCount++
} #End Foreach $ID in $UpdateID
} #End If $UpdateID
If($CategoryIDs)
{
Write-Debug "Set pre search criteria: CategoryIDs = '$([string]::join(", ", $CategoryIDs))'"
$tmp = $search
$search = ""
$LoopCount =0
Foreach($ID in $CategoryIDs)
{
If($LoopCount -gt 0)
{
$search += " or "
} #End If $LoopCount -gt 0
$search += "($tmp and CategoryIDs contains '$ID')"
$LoopCount++
} #End Foreach $ID in $CategoryIDs
} #End If $CategoryIDs
If($IsNotHidden)
{
Write-Debug "Set pre search criteria: IsHidden = 0"
$search += " and IsHidden = 0"
} #End If $IsNotHidden
ElseIf($IsHidden)
{
Write-Debug "Set pre search criteria: IsHidden = 1"
$search += " and IsHidden = 1"
} #End ElseIf $IsHidden
#Don't know why every update have RebootRequired=false which is not always true
If($IgnoreRebootRequired)
{
Write-Debug "Set pre search criteria: RebootRequired = 0"
$search += " and RebootRequired = 0"
} #End If $IgnoreRebootRequired
} #End Else $Criteria
Write-Debug "Search criteria is: $search"
If($ShowSearchCriteria)
{
Write-Output $search
} #End If $ShowSearchCriteria
$objResults = $objSearcher.Search($search)
} #End Try
Catch
{
If($_ -match "HRESULT: 0x80072EE2")
{
Write-Warning "Probably you don't have connection to Windows Update server"
} #End If $_ -match "HRESULT: 0x80072EE2"
Return
} #End Catch
$NumberOfUpdate = 1
$PreFoundUpdatesToDownload = $objResults.Updates.count
Write-Verbose "Found [$PreFoundUpdatesToDownload] Updates in pre search criteria"
If($PreFoundUpdatesToDownload -eq 0)
{
Continue
} #End If $PreFoundUpdatesToDownload -eq 0
Foreach($Update in $objResults.Updates)
{
$UpdateAccess = $true
Write-Progress -Activity "Post search updates for $Computer" -Status "[$NumberOfUpdate/$PreFoundUpdatesToDownload] $($Update.Title) $size" -PercentComplete ([int]($NumberOfUpdate/$PreFoundUpdatesToDownload * 100))
Write-Debug "Set post search criteria: $($Update.Title)"
If($Category -ne "")
{
$UpdateCategories = $Update.Categories | Select-Object Name
Write-Debug "Set post search criteria: Categories = '$([string]::join(", ", $Category))'"
Foreach($Cat in $Category)
{
If(!($UpdateCategories -match $Cat))
{
Write-Debug "UpdateAccess: false"
$UpdateAccess = $false
} #End If !($UpdateCategories -match $Cat)
Else
{
$UpdateAccess = $true
Break
} #End Else !($UpdateCategories -match $Cat)
} #End Foreach $Cat in $Category
} #End If $Category -ne ""
If($NotCategory -ne "" -and $UpdateAccess -eq $true)
{
$UpdateCategories = $Update.Categories | Select-Object Name
Write-Debug "Set post search criteria: NotCategories = '$([string]::join(", ", $NotCategory))'"
Foreach($Cat in $NotCategory)
{
If($UpdateCategories -match $Cat)
{
Write-Debug "UpdateAccess: false"
$UpdateAccess = $false
Break
} #End If $UpdateCategories -match $Cat
} #End Foreach $Cat in $NotCategory
} #End If $NotCategory -ne "" -and $UpdateAccess -eq $true
If($KBArticleID -ne $null -and $UpdateAccess -eq $true)
{
Write-Debug "Set post search criteria: KBArticleIDs = '$([string]::join(", ", $KBArticleID))'"
If(!($KBArticleID -match $Update.KBArticleIDs -and "" -ne $Update.KBArticleIDs))
{
Write-Debug "UpdateAccess: false"
$UpdateAccess = $false
} #End If !($KBArticleID -match $Update.KBArticleIDs)
} #End If $KBArticleID -ne $null -and $UpdateAccess -eq $true
If($NotKBArticleID -ne $null -and $UpdateAccess -eq $true)
{
Write-Debug "Set post search criteria: NotKBArticleIDs = '$([string]::join(", ", $NotKBArticleID))'"
If($NotKBArticleID -match $Update.KBArticleIDs -and "" -ne $Update.KBArticleIDs)
{
Write-Debug "UpdateAccess: false"
$UpdateAccess = $false
} #End If$NotKBArticleID -match $Update.KBArticleIDs -and "" -ne $Update.KBArticleIDs
} #End If $NotKBArticleID -ne $null -and $UpdateAccess -eq $true
If($Title -and $UpdateAccess -eq $true)
{
Write-Debug "Set post search criteria: Title = '$Title'"
If($Update.Title -notmatch $Title)
{
Write-Debug "UpdateAccess: false"
$UpdateAccess = $false
} #End If $Update.Title -notmatch $Title
} #End If $Title -and $UpdateAccess -eq $true
If($NotTitle -and $UpdateAccess -eq $true)
{
Write-Debug "Set post search criteria: NotTitle = '$NotTitle'"
If($Update.Title -match $NotTitle)
{
Write-Debug "UpdateAccess: false"
$UpdateAccess = $false
} #End If $Update.Title -notmatch $NotTitle
} #End If $NotTitle -and $UpdateAccess -eq $true
If($IgnoreUserInput -and $UpdateAccess -eq $true)
{
Write-Debug "Set post search criteria: CanRequestUserInput"
If($Update.InstallationBehavior.CanRequestUserInput -eq $true)
{
Write-Debug "UpdateAccess: false"
$UpdateAccess = $false
} #End If $Update.InstallationBehavior.CanRequestUserInput -eq $true
} #End If $IgnoreUserInput -and $UpdateAccess -eq $true
If($IgnoreRebootRequired -and $UpdateAccess -eq $true)
{
Write-Debug "Set post search criteria: RebootBehavior"
If($Update.InstallationBehavior.RebootBehavior -ne 0)
{
Write-Debug "UpdateAccess: false"
$UpdateAccess = $false
} #End If $Update.InstallationBehavior.RebootBehavior -ne 0
} #End If $IgnoreRebootRequired -and $UpdateAccess -eq $true
If($UpdateAccess -eq $true)
{
Write-Debug "Convert size"
Switch($Update.MaxDownloadSize)
{
{[System.Math]::Round($_/1KB,0) -lt 1024} { $size = [String]([System.Math]::Round($_/1KB,0))+" KB"; break }
{[System.Math]::Round($_/1MB,0) -lt 1024} { $size = [String]([System.Math]::Round($_/1MB,0))+" MB"; break }
{[System.Math]::Round($_/1GB,0) -lt 1024} { $size = [String]([System.Math]::Round($_/1GB,0))+" GB"; break }
{[System.Math]::Round($_/1TB,0) -lt 1024} { $size = [String]([System.Math]::Round($_/1TB,0))+" TB"; break }
default { $size = $_+"B" }
} #End Switch
Write-Debug "Convert KBArticleIDs"
If($Update.KBArticleIDs -ne "")
{
$KB = "KB"+$Update.KBArticleIDs
} #End If $Update.KBArticleIDs -ne ""
Else
{
$KB = ""
} #End Else $Update.KBArticleIDs -ne ""
if($Update.IsHidden -ne $HideStatus)
{
if($HideStatus)
{
$StatusName = "Hide"
} #$HideStatus
else
{
$StatusName = "Unhide"
} #Else $HideStatus
If($pscmdlet.ShouldProcess($Computer,"$StatusName $($Update.Title)?"))
{
Try
{
$Update.IsHidden = $HideStatus
}
Catch
{
Write-Warning "You haven't privileges to make this. Try start an eleated Windows PowerShell console."
}
} #$pscmdlet.ShouldProcess($Computer,"Hide $($Update.Title)?")
} #End $Update.IsHidden -ne $HideStatus
$Status = ""
If($Update.IsDownloaded) {$Status += "D"} else {$status += "-"}
If($Update.IsInstalled) {$Status += "I"} else {$status += "-"}
If($Update.IsMandatory) {$Status += "M"} else {$status += "-"}
If($Update.IsHidden) {$Status += "H"} else {$status += "-"}
If($Update.IsUninstallable) {$Status += "U"} else {$status += "-"}
If($Update.IsBeta) {$Status += "B"} else {$status += "-"}
Add-Member -InputObject $Update -MemberType NoteProperty -Name ComputerName -Value $Computer
Add-Member -InputObject $Update -MemberType NoteProperty -Name KB -Value $KB
Add-Member -InputObject $Update -MemberType NoteProperty -Name Size -Value $size
Add-Member -InputObject $Update -MemberType NoteProperty -Name Status -Value $Status
$Update.PSTypeNames.Clear()
$Update.PSTypeNames.Add('PSWindowsUpdate.WUList')
$UpdateCollection += $Update
} #End If $UpdateAccess -eq $true
$NumberOfUpdate++
} #End Foreach $Update in $objResults.Updates
Write-Progress -Activity "Post search updates for $Computer" -Status "Completed" -Completed
$FoundUpdatesToDownload = $UpdateCollection.count
Write-Verbose "Found [$FoundUpdatesToDownload] Updates in post search criteria"
#################################
# End STAGE 1: Get updates list #
#################################
} #End If Test-Connection -ComputerName $Computer -Quiet
} #End Foreach $Computer in $ComputerName
Return $UpdateCollection
} #End Process
End{}
} #In The End :)