In addition to my earlier creations that gives you an inventory of your GPO Deployed Printers and GPP Drive Maps, I’ve now created a similiar script that makes inventory of WSUS settings in all your GPO’s.
This can very much come in handy when having an extensive amount of GPO’s that are controlling WSUS settings (e.g. for different maintenance schedules).
See the example below of the output:
<#
.SYNOPSIS
Function that find certain information about all your WSUS related GPO's.
.NOTES
File Name: Get-GPOWsusInfo
Author : Johan Dahlbom, johan[at]dahlbom.eu
The script are provided “AS IS” with no guarantees, no warranties, and it confer no rights.
Blog : 365lab.net
#>
function Get-GPOWsusInfo {
try
{
Import-Module GroupPolicy -ErrorAction Stop
}
catch
{
throw "Module GroupPolicy not Installed"
}
$GPO = Get-GPO -All
foreach ($Policy in $GPO){
$GPOID = $Policy.Id
$GPODom = $Policy.DomainName
$GPODisp = $Policy.DisplayName
[xml]$xml = Get-GPOReport -Id $GPOID -ReportType xml
$GPOSec = Get-GPPermissions -All -Guid $GPOID
$WSUSBase = Get-GPRegistryValue -Guid $GPOID -Key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate -ErrorAction SilentlyContinue
$WSUSAU = Get-GPRegistryValue -Guid $GPOID -Key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU -ErrorAction SilentlyContinue
if ($WsusBase) {
New-Object PSObject -Property @{
GPOName = $GPODisp
GPOLinks = $xml.gpo.Linksto.SOMPath
GPOFilter = ($GPOSec | Where-Object {$_.Permission -eq "GpoApply"}).trustee.name
ScheduleDay = ($WSUSAU | Where-Object {$_.ValueName -eq "ScheduledInstallDay"}).Value.tostring().Replace("0","0 - Every Day").Replace("1","1 - Sunday").Replace("2","2 - Monday").Replace("3","3 - Tuesday").Replace("4","4 - Wednesday").Replace("5","5 - Thursday").Replace("6","6 - Friday").Replace("7","7 - Saturday")
Installtime = ($WSUSAU | Where-Object {$_.ValueName -eq "ScheduledInstallTime"}).Value.tostring() + ':00'
AutoUpdateSetting = ($WSUSAU | Where-Object {$_.ValueName -eq "AUOptions"}).Value.tostring().Replace("2","2 - Notify for download and notify for install").Replace("3","3 - Auto download and notify for install").Replace("4","4 - Auto download and schedule the install").Replace("5","5 - Allow local admin to choose setting")
WSUSTargetGroup = ($WSUSBase | Where-Object {$_.ValueName -eq "TargetGroup"}).Value
WSUSServer = ($WSUSBase | Where-Object {$_.ValueName -eq "WUServer"}).Value
}
}
}
}
Hope you find this useful!
When I find the time I’ll create a more complete set of GPO reporting functions with more functionality than they have today, maybe with help from Ramblingcookiemonster that has extended and created additions to the GP Preferences functions.
Until next time, Happy GPO Reporting!
/Johan
Tailspintoys - 365lab.net 
Also, I couldn’t get the script to work until I # the Function line. But it works great Thanks again!
This script is AMAZING !!!!!! I have modified it to find other WSUS GPOs even if it doesn’t have a schedule in place ! Thank you so much !!
function Get-GPOWsusInfo {
try
{
Import-Module GroupPolicy -ErrorAction Stop
}
catch
{
throw “Module GroupPolicy not Installed”
}
$GPO = Get-GPO -All
foreach ($Policy in $GPO){
$GPOID = $Policy.Id
$GPODom = $Policy.DomainName
$GPODisp = $Policy.DisplayName
[xml]$xml = Get-GPOReport -Id $GPOID -ReportType xml
$GPOSec = Get-GPPermissions -All -Guid $GPOID
$WSUSBase = Get-GPRegistryValue -Guid $GPOID -Key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate -ErrorAction SilentlyContinue
$WSUSAU = Get-GPRegistryValue -Guid $GPOID -Key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU -ErrorAction SilentlyContinue
if (($WSUSBase | Where-Object {$_.ValueName -eq “WUServer”}).Value -and ($WSUSAU | Where-Object {$_.ValueName -eq “ScheduledInstallDay”}).Value -ne $null) {
New-Object PSObject -Property @{
GPOName = $GPODisp
GPOLinks = $xml.gpo.Linksto.SOMPath
GPOFilter = ($GPOSec | Where-Object {$_.Permission -eq “GpoApply”}).trustee.name
ScheduleDay = ($WSUSAU | Where-Object {$_.ValueName -eq “ScheduledInstallDay”}).Value.tostring().Replace(“0″,”0 – Every Day”).Replace(“1″,”1 – Sunday”).Replace(“2″,”2 – Monday”).Replace(“3″,”3 – Tuesday”).Replace(“4″,”4 – Wednesday”).Replace(“5″,”5 – Thursday”).Replace(“6″,”6 – Friday”).Replace(“7″,”7 – Saturday”)
Installtime = ($WSUSAU | Where-Object {$_.ValueName -eq “ScheduledInstallTime”}).Value.tostring() + ‘:00’
AutoUpdateSetting = ($WSUSAU | Where-Object {$_.ValueName -eq “AUOptions”}).Value.tostring().Replace(“2″,”2 – Notify for download and notify for install”).Replace(“3″,”3 – Auto download and notify for install”).Replace(“4″,”4 – Auto download and schedule the install”).Replace(“5″,”5 – Allow local admin to choose setting”)
WSUSTargetGroup = ($WSUSBase | Where-Object {$_.ValueName -eq “TargetGroup”}).Value
WSUSServer = ($WSUSBase | Where-Object {$_.ValueName -eq “WUServer”}).Value
}
}
if (($WSUSBase | Where-Object {$_.ValueName -eq “WUServer”}).Value -and ($WSUSAU | Where-Object {$_.ValueName -eq “ScheduledInstallDay”}).Value -eq $null) {
New-Object PSObject -Property @{
GPOName = $GPODisp
GPOFilter = ($GPOSec | Where-Object {$_.Permission -eq “GpoApply”}).trustee.name
WSUSTargetGroup = ($WSUSBase | Where-Object {$_.ValueName -eq “TargetGroup”}).Value
WSUSServer = ($WSUSBase | Where-Object {$_.ValueName -eq “WUServer”}).Value
}
}
}
}
## Gather Info and Display it
$WSUSInfo = Get-GPOWsusInfo
$WSUSInfo | Sort-Object -property GPOName | FT GPOName, GPOFilter, WSUSServer, Installtime, ScheduleDay, AutoUpdateSetting, GPOLinks