Skip to content

Instantly share code, notes, and snippets.

@p0w3rsh3ll

p0w3rsh3ll/Test-WSUS.Tests.ps1 Secret

Created September 13, 2016 12:20
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save p0w3rsh3ll/659dfb7d60bf7c9012ed6c17e29569e8 to your computer and use it in GitHub Desktop.
Save p0w3rsh3ll/659dfb7d60bf7c9012ed6c17e29569e8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Test-WSUS.Tests.ps1
$here = Split-Path -Parent $MyInvocation.MyCommand.Path
$sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.Tests\.', '.'
. "$here\$sut"
Describe 'Testing WSUS server locally' {
Context 'Windows Features' {
BeforeAll {
$WindowsFeatures = Get-WindowsFeature
}
# 'Web-Server',
#'Web-WebServer',
# 'Web-Common-Http',
'Web-Default-Doc',
'Web-Static-Content',
# 'Web-Performance',
'Web-Dyn-Compression',
# 'Web-Security',
'Web-Filtering',
'Web-Windows-Auth',
#'Web-App-Dev',
'Web-Net-Ext45',
'Web-Asp-Net45',
'Web-ISAPI-Ext',
'Web-ISAPI-Filter',
# 'Web-Mgmt-Tools',
'Web-Mgmt-Console',
# 'Web-Mgmt-Compat',
'Web-Metabase',
# 'UpdateServices',
'UpdateServices-WidDB',
'UpdateServices-Services',
# 'NET-Framework-45-Features',
'NET-Framework-45-Core',
'NET-Framework-45-ASPNET',
# 'NET-WCF-Services45',
'NET-WCF-TCP-PortSharing45',
#'RSAT-Role-Tools',
#'UpdateServices-RSAT',
'UpdateServices-API',
'UpdateServices-UI',
#'User-Interfaces-Infra',
'Server-Gui-Mgmt-Infra',
'Windows-Internal-Database',
#'PowerShellRoot',
'PowerShell',
#'PowerShell-ISE',
#'WAS',
'WAS-Config-APIs',
'WoW64-Support' | ForEach-Object {
$name = $_
It "Feature $($_) should be Installed" {
($WindowsFeatures | Where Name -eq $name).Installed | Should be $true
}
}
}
Context 'IIS' {
BeforeAll {
Import-Module Webadministration -ErrorAction SilentlyContinue
}
It 'Certiticate should be imported in the Cert:\localmachine\My' {
Test-Path -Path "Cert:\LocalMachine\my\$($ThumbPrint)" | Should Be $true
}
It 'Certificate should be valid' {
(dir -Path "Cert:\LocalMachine\my\$($ThumbPrint)").NotAfter.toString('dd/MM/yyyy HH:mm') | Should Be $CertExpiryDate
}
It 'Certiticate should be present in IIS' {
(dir -Path IIS:\SslBindings\0.0.0.0!$($Port)).Thumbprint | should be "$($ThumbPrint)"
}
}
Context 'Services' {
It 'the WsusService service is in Automatic start mode' {
(Get-WmiObject -Query "Select * FROM Win32_service WHERE Name = 'WsusService'").StartMode | Should Be 'Auto'
}
It 'the WsusService service is running' {
(Get-Service -Name WsusService).Status | Should Be 'Running'
}
}
Context 'Firewall' {
Get-NetFirewallProfile | ForEach-Object {
It "Firewall profile $($_.Name) is Enabled" {
$_.Enabled | Should be $true
}
}
Get-NetFirewallRule -Name 'IIS-WebServerRole-HTTPS-In-TCP' | ForEach-Object {
It "Firewall rule $($_.Name) should be Enabled" {
$_.Enabled | Should be $true
}
It "Firewall rule $($_.Name) action should be Allow" {
$_.Action | Should be 'Allow'
}
}
Get-NetFirewallRule -Name 'IIS-WebServerRole-HTTP-In-TCP' | ForEach-Object {
It "Firewall rule $($_.Name) should be Enabled" {
$_.Enabled | Should be $true
}
It "Firewall rule $($_.Name) action should be Allow" {
$_.Action | Should be 'Allow'
}
}
}
Context 'Console connection' {
BeforeAll {
Add-Type -Path "$($env:ProgramFiles)\Update Services\Api\Microsoft.UpdateServices.Administration.dll"
}
It 'should connect to the console' {
{ [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer("$($FQDN)",$true,$Port) } | Should Not Throw
}
}
Context 'Configuration' {
BeforeAll {
$WSUSServer = Get-WsusServer
$DB = (Get-WsusServer).GetDatabaseConfiguration()
$WSUSConfig = (Get-WsusServer).GetConfiguration()
}
It 'Shoule be ready' {
((Get-WsusServer).GetConfiguration().GetUpdateServerConfigurationState()).value__ | Should be '0'
}
It 'BypassApiRemoting should be False' {
$WSUSServer.BypassApiRemoting | Should be $false
}
It 'IsConnectionSecureForApiRemoting should be True' {
$WSUSServer.IsConnectionSecureForApiRemoting | Should be $true
}
It 'IsServerLocal should be True' {
$WSUSServer.IsServerLocal | Should be $true
}
It "PortNumber should be $($Port)" {
$WSUSServer.PortNumber | Should be "$($Port)"
}
It 'PreferredCulture should be en' {
$WSUSServer.PreferredCulture | Should be 'en'
}
It "ServerName should be $($FQDN)" {
$WSUSServer.ServerName | Should be "$($FQDN)"
}
It 'UseSecureConnection should be True' {
$WSUSServer.UseSecureConnection | Should be 'True'
}
It "WebServiceUrl should be https://$($FQDN):$($Port)/ApiRemoting30/WebService.asmx" {
$WSUSServer.WebServiceUrl | Should be "https://$($FQDN):$($Port)/ApiRemoting30/WebService.asmx"
}
It 'Should use SUSDB' {
$DB.DatabaseName | Should be 'SUSDB'
}
It 'Should use a DB server named' {
$DB.ServerName | Should be 'MICROSOFT##WID'
}
It 'Should use a DB server named' {
$DB.IsUsingWindowsInternalDatabase | Should be $true
}
It 'Should use the Windows Auth mode' {
$DB.AuthenticationMode | Should be 'WindowsAuthentication'
}
It 'Should have data on D:\WSUS.Content\WsusContent' {
$WSUSConfig.LocalContentCachePath | Should be 'D:\WSUS.Content\WsusContent'
}
It 'Should sync from MU' {
$WSUSConfig.SyncFromMicrosoftUpdate | Should be $true
}
It 'Should use a proxy' {
$WSUSConfig.UseProxy | Should be $true
}
It "Proxy Should be set to $($Proxy)" {
$WSUSConfig.ProxyName | Should be "$($Proxy)"
}
It "Proxy port Should be set to $($ProxyPort)" {
$WSUSConfig.ProxyServerPort | Should be "$($ProxyPort)"
}
It 'Proxy use same proxy for SSL ' {
$WSUSConfig.UseSeparateProxyForSsl | Should be $false
}
It 'Should be targeting clients using Groups and GPO' {
$WSUSConfig.TargetingMode | Should be 'Client'
}
}
Context 'Products' {
BeforeAll {
$Categories = (Get-WsusServer).GetSubscription().GetUpdateCategories()
}
It 'Should have the Office 2010 product' {
($Categories| Where Id -eq '84f5f325-30d7-41c4-81d1-87a0e6535b66').Title | Should be 'Office 2010'
}
It 'Should have the Windows 7 product' {
($Categories| Where Id -eq 'bfe5b177-a086-47a0-b102-097e4fa1f807').Title | Should be 'Windows 7'
}
It 'Should have the Windows Defender product' {
($Categories| Where Id -eq '8c3fcc84-7410-4a95-8b89-a166a0190486').Title | Should be 'Windows Defender'
}
}
Context 'Classification' {
BeforeAll {
$Classifications = (Get-WsusServer).GetSubscription().GetUpdateClassifications()
}
It 'Should have enabled the Critical Updates' {
($Classifications | Where Id -eq 'e6cf1350-c01b-414d-a61f-263d14d133b4').Title | Should be 'Critical Updates'
}
It 'Should have enabled the Definition Updates' {
($Classifications | Where Id -eq 'e0789628-ce08-4437-be74-2495b842f43b').Title | Should be 'Definition Updates'
}
It 'Should have enabled the Feature Packs' {
($Classifications | Where Id -eq 'b54e7d24-7add-428f-8b75-90a396fa584f').Title | Should be 'Feature Packs'
}
It 'Should have enabled the Security Updates' {
($Classifications | Where Id -eq '0fa1201d-4330-4fa8-8ae9-b877473b6441').Title | Should be 'Security Updates'
}
It 'Should have enabled the Service Packs' {
($Classifications | Where Id -eq '68c5b0a3-d1a6-4553-ae49-01d3a7827828').Title | Should be 'Service Packs'
}
It 'Should have enabled the Update Rollups' {
($Classifications | Where Id -eq '28bc880e-0592-4cbf-8f95-c79b17911d5f').Title | Should be 'Update Rollups'
}
It 'Should have enabled the Updates' {
($Classifications | Where Id -eq 'cd5ffd1e-e932-4e3a-bf74-18bf0b1bbd83').Title | Should be 'Updates'
}
}
Context 'Languages' {
It 'should only sync English language' {
(Get-WsusServer).GetConfiguration().GetEnabledUpdateLanguages() | Should be 'en'
}
}
Context 'Sync schedule' {
It 'Should sync manually' {
(Get-WsusServer).GetSubscription().SynchronizeAutomatically | Should be $false
}
}
Context 'Auto approval rules' {
It 'Should not have automatic approval rules' {
((Get-WsusServer).GetInstallApprovalRules() | Where Name -eq 'Default Automatic Approval Rule').Enabled | Should be $false
}
}
Context 'Computer target groups' {
It 'Should have a Windows 7 x64 target group' {
((Get-WsusServer).GetComputerTargetGroups() | Where Name -eq 'Windows 7 x64').Name | should be 'Windows 7 x64'
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment