Skip to content

Instantly share code, notes, and snippets.

Working from home

Cody Mathis CodyMathis123

Working from home
View GitHub Profile
CodyMathis123 / Undecline-AllDeclineWSUSUpdates.ps1
Created February 15, 2023 17:13
Undecline ALL currently declined WSUS updates....
View Undecline-AllDeclineWSUSUpdates.ps1
$wsus = Get-WsusServer
$scope = [Microsoft.UpdateServices.Administration.UpdateScope]::new()
$scope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::Declined
$updates = $wsus.GetUpdates($scope)
$AllComputersTargetGroup = $wsus.GetComputerTargetGroup([Microsoft.UpdateServices.Administration.ComputerTargetGroupId]::AllComputers)
foreach($computerGroup in $AllComputersTargetGroup.GetChildTargetGroups()){
foreach($update in $updates){
$update.Approve([Microsoft.UpdateServices.Administration.UpdateApprovalAction]::NotApproved, $computerGroup)
View set-islocallypublishedwid.ps1
Searches the local WSUS for all PMPC updates and marks them as IsLocallyPublished = 0 in the SUSDB
This script is used to force all PMPC updates to show in the WSUS console. This is useful when you are in a WSUS
standalone scenarion and will not be managing updates through ConfigMgr or some other method.
By default, third party updates do not show in WSUS. This is a workound. Use at your own risk as it is a database edit.
C:\PS> Set-PMPCUpdatesToShowInWSUS.ps1
View get-var-orch.sql
--Originally Written by: Narayana Vyas Kondreddi
--Modified By: Jon Mattivi
--Purpose: Search all tables and columns in the Orchestrator database to find variable instances
DECLARE @VarName nvarchar(100), @VarID nvarchar(100)
SET @VarName = 'MyVariableName'
SET @VarID = (Select VARIABLES.UniqueID
CodyMathis123 / SystemInfo-JSON.ps1
Created September 3, 2021 15:14
View SystemInfo-JSON.ps1
$props = @('Name', 'Model', 'Manufacturer', 'Username', 'SystemSKUNumber', 'TotalPhysicalMemory')
$calculatedProps = @{ Name = 'RAM (GB)'; Expression = { [int]($_.TotalPhysicalMemory / 1GB) } }, @{ Name = 'Processor Name'; Expression = { (Get-CimInstance -Query 'SELECT Name FROM Win32_Processor').Name.Trim() } }
$fullPropsToSelect = foreach ($propToSelect in $($props, $calculatedProps)) {
Get-CimInstance -Query "SELECT $($props -Join ',') FROM Win32_ComputerSystem" | Select-Object -Property $fullPropsToSelect -ExcludeProperty TotalPhysicalMemory | ConvertTo-Json
View Package_NotOn_AllDP_Group.sql
DECLARE @allDPgroupID uniqueidentifier = (SELECT TOP 1 GroupID FROM v_SMS_DistributionPointGroup ORDER BY membercount DESC)
DECLARE @allDPgroupMemberCount int = (SELECT TOP 1 MemberCount FROM v_SMS_DistributionPointGroup ORDER BY membercount DESC)
, p.packagetype
, bycount.TargeteddDPCount
FROM v_DPGroupPackages dpgp
JOIN v_package p ON p.packageid = dpgp.PkgID
SELECT cdss.pkgid
View New-CCMScheduleStartTime.ps1
Function New-CCMScheduleStartTime {
Recreate a CMSchedule object with a new start time
Natively, the CMSchedule objects do not allow you to write to the StartTime property. This makes it
difficult to adjust the start time of an existing maintenance window. This function can be used to
'recreate' a CMSchedule based on the input schedule, with a new start time.
View PSADT-WaaS-InteractiveStart-CachedSnippet.ps1
This snippet is for use in a PSADT script. It assumes you have added parameters, or hardcoded the following
* $DeploymentID - The deployment ID of the task sequence you want to check the cache for, and which will be invoked
* $CheckAC - A boolean (or switch) that determines if you want to force the user to plug in prior to upgrading. This step is only check if
the pre-caching has passed
#region Validate that all content is pre-cached so we do not bother the user until the TS is ready to start
$TS = Get-WmiObject -Namespace ROOT\ccm\Policy\Machine\ActualConfig -Class CCM_SoftwareDistribution -Filter "ADV_AdvertisementID='$DeploymentID'" -Property PKG_PackageID, PKG_Name
if ($null -ne $TS) {
View Set-ContentNoSSL.ps1
#region detection
$SitePath = 'WSUS Administration/Content'
$getWebConfigurationPropertySplat = @{
Filter = '/system.webServer/security/Access'
Name = 'sslFlags'
Location = $SitePath
try {
View Set-ApiRemoting30SSL.ps1
#region detection
$SitePath = 'WSUS Administration/ApiRemoting30'
$getWebConfigurationPropertySplat = @{
Filter = '/system.webServer/security/Access'
Name = 'sslFlags'
Location = $SitePath
Get-WebConfigurationProperty @getWebConfigurationPropertySplat
View Set-WSUSContentDirAnonAuth.ps1
$Remediate = $false
Import-Module WebAdministration
$UseAppPoolIdentity = (Get-WebConfigurationProperty -Filter 'system.WebServer/security/authentication/AnonymousAuthentication' -Name username -Location 'WSUS Administration/Content') -eq ''
switch ($UseAppPoolIdentity) {
$true {
$false {
switch ($Remediate) {
$true {