Assign Patch to Pilot Group

After each WSUS synchronization, new updates are automatically assigned to the Pilot group. This creates a safe soak period before broader deployment.

Assign Patch to Other Targets

Script

The GitHub script promotes approvals from Pilot → Global1 → Global2 after a configurable delay (default: 5 days) and accepts EULAs when required.

  • Edit group names and the minimum number of days directly in the script.

Assigned to Global1: After the configured delay, the update is approved for the Global1 group.

Assigned to Global2: After another delay, the same update is approved for the Global2 group.

Schedule Task

Use Windows Task Scheduler to run the script on your preferred cadence (daily in labs, weekly in production).

  • Run the task under the SYSTEM account with highest privileges.
  • In labs, schedule it daily; in production, weekly (e.g., every Monday) is usually enough.
  • Point the action to the .ps1 script path (e.g., C:\Scripts\Wsus-ManageApprovals.ps1).

David Wuibaille

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.