Menu Close

Windows Update Server Auto Cleanup

If you use Windows Update Server (WSUS) to update your Windows computers, after a while you will notice that the WSUS server slows down and starts showing errors. This is because the WSUS server requires regular cleaning, and if you do not do so, cached updates and configurations may overload the WSUS database.

You can do WSUS Cleanup manually using the WSUS Server Cleanup Wizard, but doing this regularly can be a daunting task. The good news is that we can automate this task by leveraging the capabilities of PowerShell. The following PowerShell script will perform this task and send the status via email. We will automate this task by adding the script to the Windows Task Scheduler.

Step 1: Prepare the script file

  • Copy the PowerShell script code below into a text file.
  • Under the User Inputs section, modify all variable values to suit your WSUS environment.
    (If you have multiple email recipients, you can separate them with commas.)
  • Save the text file as ‘WSUSCleanupScript.ps1‘ to a folder on the WSUS server.

Note:

This script uses the send mail function without user authentication. It is likely to only work on a local mail server, such as an on-premises Exchange server. For other mail servers, you may need to enter the ‘Send-MailMessage‘ command with user credentials.

To learn more about Send-MailMessage command, read the Microsoft article, Send-MailMessage

#WSUS Auto cleanup script by Scridea Solutions

#---------------------User inputs-----------------------------
$wsusserver = "wsusserver"                           
$wsusport   = "8530"

$smtpserver  = "exchange1"              # Your SMTP mail server       
$mailfrom    = "wsus@yourdomain.com"    # Sender email address
$mailto      = "admin@yourdomain.com"   # Recipient/s email address
$mailsubject = "WSUS Cleanup Results"   # Email subject
#-------------------------------------------------------------

#Start cleanup
$err = $null
try {
    $mailbody = Get-WsusServer -Name $wsusserver -PortNumber $wsusport | Invoke-WsusServerCleanup -ErrorAction Stop -CleanupObsoleteComputers -CleanupObsoleteUpdates -CleanupUnneededContentFiles -CompressUpdates -DeclineExpiredUpdates -DeclineSupersededUpdates
    $mailsubject = $mailsubject + " [Success]"
}
catch {
    $err = $_.Exception.Message
}
finally {
    if ($err -ne $null) {
        $mailbody = 'WSUS Cleanup error: ' + $err
        $mailsubject = $mailsubject + " [Fail]"
    }

    #send mail
    $recipients = $mailto.Split(",")
    Send-MailMessage -From $mailfrom -To $recipients -Subject $mailsubject -SmtpServer $smtpserver -Body ($mailbody | out-string)
}

Step 2: Schedule a new Task

For best results, it is recommended to run the script at least once a week. To do this, we will add this cleanup script to the Windows Task Scheduler on the WSUS server.

  • On the WSUS server, open the Windows Task Scheduler application.
  • Right-click on the Task Scheduler Library in the left pane and select Create Task
  • On the General tab, enter a name for the task.
  • On the Triggers tab, click New and select Weekly under Settings. Provide a day and time that suits you.
  • On the Actions tab, click New, Browse and select the previously saved script file.
  • Click OK and enter the user password when prompted.

In some cases, especially if the WSUS server is already overloaded, the cleanup may take a long time, and the script may fail. It is a good idea to reboot the WSUS server once before running the cleanup script. We can also automate this task using the Windows Task Scheduler.

  • Create another scheduled task following the same procedure above. Give the same day as the cleanup task, but give time an hour before.
  • On the Actions tab, type Shutdown / r under ‘Program/Script’
  • Click OK.

We have completed the WSUS Auto-Cleanup setup. Wait for the email generated by the script and check the results.

Leave a Reply

Your email address will not be published. Required fields are marked *