My apologies in advance for asking a similar question to the one I asked two months ago, is update approved for specific group via powershell? I thought I had this covered, but as I've found time to continue to work on this project I see that it does not.
I have a script that iterates through updates and if the release date is older than 30 days and they have not already been “Approved for Install” or “Approved for Removal” for a specific group it approves them. I am currently faced with the dilemma that when an update is set to “Not Approved” for the specific group I’m working on it does not come across in my group’s approvals and there for I cannot detect its current state to know if I should approve it. In other words, I don’t want to approve an update that I set to not approved for a specific group.
I am currently achieving all this so far by connecting to my WSUS server and getting any and all updates via $all = $wsus.GetUpdates(). I Then get my group’s approved updates via $groupApproved = $wsus.GetUpdateApprovals($GroupScope) where ApprovedStates = "Any" and ApprovedComputerTargetGroups.Add($current_wsus_group). While iterating through $all I grab updates that are older than 30 days and check to see if the updateID exists in my $groupApproved. If it does not, I approve the update. Like I said before, an explicitly unapproved update for my group does not show up in my $groupApproved. I understand it’s because of my GetUpdateApprovals($GroupScope) being just that and only getting approved for install or uninstall, but even when I try to simply GetUpdates($GroupScope) I am still not returned explicitly unapproved updates. Below is a screen shot of what I mean by explicitly setting an update to unapproved for a group. I’ve read up on ApprovedStates and possible enumerated values and it does include "NotApproved" defined as "Includes updates that have not been approved or declined.".
Hope all that makes sense, thanks for the help.