WSUS Server Cleanup

less than 1 minute read


Follow these steps to clear WSUS server updates that are bloating the server.

To Resolve:

Update 2017-10: I don’t bother with native Windows WSUS cleanup as it doesn’t do anything worthwhile. Instead, download the WSUS clean up script (link removed => lookup adam wsus).

  1. Set the email variables from lines 607-629

  2. Optionally add the line “[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { return $true }” After line 3247

  3. Place in C:\scripts

  4. Open admin shell and type “Set-Executionpolicy bypass”

  5. Type “.\clean-wsus.ps1 -FirstRun”

    • This will run the script and install the scheduled task.
  6. Now type: “Set-Executionpolicy RemoteSigned”

    • For an ad hoc clean, I usually run something like my script here.

  1. Make sure the option: “Download update files to this server only when updates are approved” is checked

  2. Disapprove any unwanted updates.

  3. Close any open WSUS windows and stop the Update Services service.

  4. Delete ALL files and folders in the WSUSContent folder (C:WSUSWsusContent on my machine)

  5. Start the Update Services service.

  6. Open a command prompt and navigate to the folder: C:Program FilesUpdate ServicesTools and type: WSUSUtil.exe RESET

  7. You could create a script in Powershell v5 that you can set to run automatically:

    • Invoke-WsusServerCleanup -CleanupObsoleteComputers -CleanupObsoleteUpdates -CleanupUnneededContentFiles -CompressUpdates -DeclineExpiredUpdates -DeclineSupersededUpdates