When looking at the WSUS 3.0 API, there is no way I can find if a given update is needed or not. The UpdateInstallationState enum has a NotApplicable
value with the following description: "The update is not applicable to the client computer".
Meeaning, that update may be already installed and therefore is not applicable anymore to the target computer.
The Powershell code will count for each update the number of computer target on which the update is applicable.
$updateScope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
$updateScope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::Any
$updateScope.IncludedInstallationStates = [Microsoft.UpdateServices.Administration.UpdateInstallationStates]::All
$updatesCount = @{}
ForEach ($cpt in $WSUS.GetComputerTargets().GetEnumerator())
{
ForEach ($updt in $cpt.GetUpdateInstallationInfoPerUpdate($updateScope))
{
If (-not $updatesCount.ContainsKey($updt.UpdateId))
{
$updatesCount.Set_Item($updt.UpdateId, 0)
}
If ($updt.UpdateInstallationState -eq [Microsoft.UpdateServices.Administration.UpdateInstallationState]::NotApplicable)
{
Continue
}
$updatesCount[$updt.UpdateId] += 1
}
}
Running this code on my WSUS server I will get no update that are not applicable (count equals 0). However, in the WSUS Console Administration, I do see some updates that are not needed.
How can I know if an update is really needed by a computer target and calculate the Needed Count value as shown in the WSUS Administration Console?
The solution was in the Update object itself with its
State
member.The
NotNeeded
state is set only if the update server stores the packages locally so this needs to be checked from the configuration.Also the state of the package is bound to the approval state. So if the package has been approved but is neither downloaded nor installed, the package is assumed not needed.
I checked and this reflects the behavior of the WSUS Administration Console.