Private/Get-WUConfiguration.ps1
|
function Get-WUConfiguration { <# .SYNOPSIS Analyzes Windows Update configuration including WSUS settings and policies. .DESCRIPTION Comprehensive analysis of Windows Update configuration including WSUS server settings, Group Policy configurations, Windows Update for Business settings, and compatibility checks for Windows 11 24H2. .PARAMETER LogPath Path to the log file for detailed logging. .EXAMPLE $config = Get-WUConfiguration -LogPath "C:\Logs\wu.log" .NOTES This is a private function used internally by the WindowsUpdateTools module. Returns detailed Windows Update configuration analysis. #> [CmdletBinding()] param( [string]$LogPath ) Write-WULog -Message "Analyzing Windows Update configuration" -LogPath $LogPath # Initialize results object $results = [PSCustomObject]@{ WSUSConfigured = $false WSUSServer = $null WSUSStatusServer = $null UpdateSource = "Windows Update" AutoUpdateEnabled = $true TargetGroup = $null UpdatePolicy = "Default" WindowsUpdateForBusiness = $false Windows11_24H2_Compatible = $true DeferralSettings = @{} Issues = @() Configuration = @{} RegistrySettings = @{} ErrorMessage = $null } try { Write-WULog -Message "Checking WSUS configuration..." -LogPath $LogPath # Check for WSUS registry settings $wsusRegPaths = @{ "WindowsUpdate" = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" "AutoUpdate" = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" } foreach ($regKey in $wsusRegPaths.GetEnumerator()) { $regPath = $regKey.Value $keyName = $regKey.Key if (Test-Path $regPath) { Write-WULog -Message "Found $keyName registry configuration at: $regPath" -LogPath $LogPath try { $regProperties = Get-ItemProperty -Path $regPath -ErrorAction SilentlyContinue $results.RegistrySettings[$keyName] = @{} foreach ($property in $regProperties.PSObject.Properties) { if ($property.Name -notlike "PS*") { $results.RegistrySettings[$keyName][$property.Name] = $property.Value } } # Check specific WSUS settings if ($keyName -eq "WindowsUpdate") { if ($regProperties.WUServer) { $results.WSUSConfigured = $true $results.WSUSServer = $regProperties.WUServer $results.UpdateSource = "WSUS" Write-WULog -Message "WSUS Server configured: $($regProperties.WUServer)" -LogPath $LogPath } if ($regProperties.WUStatusServer) { $results.WSUSStatusServer = $regProperties.WUStatusServer Write-WULog -Message "WSUS Status Server: $($regProperties.WUStatusServer)" -LogPath $LogPath } if ($regProperties.TargetGroup) { $results.TargetGroup = $regProperties.TargetGroup Write-WULog -Message "WSUS Target Group: $($regProperties.TargetGroup)" -LogPath $LogPath } } if ($keyName -eq "AutoUpdate") { if ($regProperties.NoAutoUpdate -eq 1) { $results.AutoUpdateEnabled = $false $results.Issues += "Automatic updates are disabled via Group Policy" Write-WULog -Message "Automatic updates disabled via Group Policy" -Level Warning -LogPath $LogPath } if ($regProperties.AUOptions) { $auOption = switch ($regProperties.AUOptions) { 1 { "Automatic Updates disabled" } 2 { "Notify before download" } 3 { "Automatically download and notify of installation" } 4 { "Automatically download and schedule installation" } 5 { "Automatic Updates is required, but end users can configure" } default { "Unknown ($($regProperties.AUOptions))" } } $results.UpdatePolicy = $auOption Write-WULog -Message "Auto Update Policy: $auOption" -LogPath $LogPath } } } catch { Write-WULog -Message "Error reading $keyName registry settings: $($_.Exception.Message)" -Level Warning -LogPath $LogPath } } } # Check Windows Update for Business settings Write-WULog -Message "Checking Windows Update for Business configuration..." -LogPath $LogPath $wufbRegPaths = @( "HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Update", "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" ) foreach ($wufbPath in $wufbRegPaths) { if (Test-Path $wufbPath) { try { $wufbProperties = Get-ItemProperty -Path $wufbPath -ErrorAction SilentlyContinue # Check for Windows Update for Business indicators $wufbIndicators = @('DeferFeatureUpdates', 'DeferQualityUpdates', 'BranchReadinessLevel', 'ManagePreviewBuilds') foreach ($indicator in $wufbIndicators) { if ($null -ne $wufbProperties.$indicator) { $results.WindowsUpdateForBusiness = $true $results.DeferralSettings[$indicator] = $wufbProperties.$indicator Write-WULog -Message "Windows Update for Business setting - $indicator`: $($wufbProperties.$indicator)" -LogPath $LogPath } } } catch { Write-WULog -Message "Error reading Windows Update for Business settings from $wufbPath`: $($_.Exception.Message)" -Level Warning -LogPath $LogPath } } } # Check for Windows 11 24H2 compatibility issues Write-WULog -Message "Checking Windows 11 24H2 compatibility..." -LogPath $LogPath $osVersion = (Get-CimInstance Win32_OperatingSystem).Version if ($results.WSUSConfigured -and $osVersion -like "10.0.22*") { Write-WULog -Message "Windows 11 system with WSUS detected - checking 24H2 compatibility" -LogPath $LogPath # Check for the critical Windows 11 24H2 registry fix $featureManagementPath = "HKLM:\SYSTEM\CurrentControlSet\Control\FeatureManagement\Overrides\8\3000950414" if (Test-Path $featureManagementPath) { try { $featureProps = Get-ItemProperty -Path $featureManagementPath -ErrorAction SilentlyContinue if ($featureProps.EnabledState -eq 1) { Write-WULog -Message "Windows 11 24H2 feature management registry fix is applied" -LogPath $LogPath } else { $results.Windows11_24H2_Compatible = $false $results.Issues += "Windows 11 24H2 feature management registry fix not properly configured" Write-WULog -Message "Windows 11 24H2 compatibility issue - EnabledState not set to 1" -Level Warning -LogPath $LogPath } } catch { $results.Windows11_24H2_Compatible = $false $results.Issues += "Could not verify Windows 11 24H2 feature management settings" Write-WULog -Message "Error checking Windows 11 24H2 feature management: $($_.Exception.Message)" -Level Warning -LogPath $LogPath } } else { $results.Windows11_24H2_Compatible = $false $results.Issues += "Windows 11 24H2 feature management registry not found - may cause upgrade issues" Write-WULog -Message "Windows 11 24H2 feature management registry not found" -Level Warning -LogPath $LogPath } } # Check for additional configuration issues Write-WULog -Message "Checking for additional configuration issues..." -LogPath $LogPath # Check if Windows Update service is properly configured try { $wuServiceConfig = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\wuauserv" -ErrorAction SilentlyContinue if ($wuServiceConfig) { if ($wuServiceConfig.Start -eq 4) { # 4 = Disabled $results.Issues += "Windows Update service is disabled at the system level" Write-WULog -Message "Windows Update service is disabled at system level" -Level Warning -LogPath $LogPath } } } catch { Write-WULog -Message "Could not check Windows Update service configuration" -Level Warning -LogPath $LogPath } # Check for metered connection settings that might block updates try { $meteredPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\DefaultMediaCost" if (Test-Path $meteredPath) { $meteredProps = Get-ItemProperty -Path $meteredPath -ErrorAction SilentlyContinue if ($meteredProps -and $meteredProps.Default -gt 1) { $results.Issues += "Metered connection settings may prevent automatic updates" Write-WULog -Message "Metered connection settings detected" -Level Warning -LogPath $LogPath } } } catch { Write-WULog -Message "Could not check metered connection settings" -Level Warning -LogPath $LogPath } # Check for proxy settings that might affect Windows Update try { $proxyPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" if (Test-Path $proxyPath) { $proxyProps = Get-ItemProperty -Path $proxyPath -ErrorAction SilentlyContinue if ($proxyProps.ProxyEnable -eq 1) { Write-WULog -Message "System proxy configured: $($proxyProps.ProxyServer)" -LogPath $LogPath $results.Configuration["ProxyEnabled"] = $true $results.Configuration["ProxyServer"] = $proxyProps.ProxyServer # Check if Windows Update URLs are bypassed if ($proxyProps.ProxyOverride -and $proxyProps.ProxyOverride -like "*microsoft.com*") { Write-WULog -Message "Microsoft domains appear to be proxy-bypassed" -LogPath $LogPath } else { $results.Issues += "Proxy configuration may interfere with Windows Update connectivity" Write-WULog -Message "Proxy may interfere with Windows Update" -Level Warning -LogPath $LogPath } } } } catch { Write-WULog -Message "Could not check proxy configuration" -Level Warning -LogPath $LogPath } # Build configuration summary $results.Configuration["UpdateSource"] = $results.UpdateSource $results.Configuration["AutoUpdateEnabled"] = $results.AutoUpdateEnabled $results.Configuration["UpdatePolicy"] = $results.UpdatePolicy $results.Configuration["WSUSConfigured"] = $results.WSUSConfigured $results.Configuration["WindowsUpdateForBusiness"] = $results.WindowsUpdateForBusiness } catch { $results.ErrorMessage = $_.Exception.Message Write-WULog -Message "Critical error during configuration analysis: $($_.Exception.Message)" -Level Error -LogPath $LogPath } # Summary Write-WULog -Message "Windows Update configuration analysis completed:" -LogPath $LogPath Write-WULog -Message " Update Source: $($results.UpdateSource)" -LogPath $LogPath Write-WULog -Message " WSUS Configured: $($results.WSUSConfigured)" -LogPath $LogPath Write-WULog -Message " Auto Update Enabled: $($results.AutoUpdateEnabled)" -LogPath $LogPath Write-WULog -Message " WUfB Configured: $($results.WindowsUpdateForBusiness)" -LogPath $LogPath Write-WULog -Message " Windows 11 24H2 Compatible: $($results.Windows11_24H2_Compatible)" -LogPath $LogPath Write-WULog -Message " Configuration Issues: $($results.Issues.Count)" -LogPath $LogPath if ($results.Issues.Count -gt 0) { Write-WULog -Message "Configuration issues found:" -LogPath $LogPath foreach ($issue in $results.Issues) { Write-WULog -Message " - $issue" -Level Warning -LogPath $LogPath } } return $results } |