How it works...

In step 1, you create the $WSUSServer object using Get-WsusServer and use the GetStatus method to view the status of Windows updates on the WSUS server:

In step 2, you review the computer targets configured in WSUS with the GetComputerTargets method:

In step 3, you use two different methods to view the installed updates. The first is Get-Hotfix, and the second is Get-SilWindowsUpdate, which is one of the SoftwareInventoryLogging module cmdlets introduced in PowerShell version 5. These cmdlets use CIM sessions to connect to computers and gather inventory information:

In step 4, you use the SearchUpdates method on the $WSUSServer to search the available updates by title, then use Where-Object to filter on the UpdateClassificationTitle property for security updates and then sort them from newest to oldest. You then use Get-Member to examine the Update object, noting the many methods and properties:

In step 5, you view the security updates that matched your search. Note that each displays a knowledge base (KB) ID that is useful for identifying and researching individual updates:

In step 6, you filter the selected updates for a single update that you wish to approve using Where-Object to match on the KnowledgebaseArticles property:

In step 7, you define the computer target group for the Domain Controllers using the GetComputerTargetGroups method of the $WSUSServer object, filtered by Where-Object:

In step 8, you use the Approve method of the $SelectedUpdate object-which takes two parameters:, an UpdateApprovalAction and a TargetGroup-and approve the selected update for the Domain Controllers target group:

In step 9, you select an update to decline, using Where-Object to filter the selection to a single update using the KnowledgebaseArticles property:

In step 10, you use the Decline method of the update object, and provide the TargetGroup object as a parameter to decline this update for the Domain Controllers target group computers: