Moving computers in WSUS console - Possible to automate?

SRCL used Ask the Experts™
Hello Experts,

I am not the WSUS admin, so hopefully all of my terminology is correct. I am curious if there is a way to automagically move computers into a specific container? Currently we have a series of computers groups; 1st pilot group, 2nd pilot group, users, servers, test, etc). If we want to move users from one computer group to another we have to manually search for the computer and pin it into its desired group.

Question is, if i have a large list of computer names that need a specific patch (Internet Explorer 11) and we dont want to deploy to an entire computer group, can we import a CSV or something of that nature to automate this process? Otherwise the alternative is the WSUS admin has to spend hours on large testing groups manually moving one computer at a time.

thanks in advance!
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2017

No, using wsus you can not deploy updates/installation on a computer by computer basis. You can differentiate based on wsus groups while using AD GPO to place computer in different WSus groups is the way to manage what you ....

Users are in users groups, computers are in computer groups, not sure what you mean by moving a user to a different computer group.

Scripting moving user object or computer objects among the different location is possible using vbscript, powershell, dsquery|dsget/......

Wsus has two modes of operation, GPO or registry based. GPO provides for central management ......


The WSUS console has different "Computer groups" which we have defined.

Heres a look at what i am seeing in the console:

What i am looking to do, is based on a defined list of computers (in a .csv), move them automatically from Users - NA to IE11 Install.

Currently the process is, the wsus admin clicks through a series of screens and moves each computer individually.

Distinguished Expert 2017

Have you considered using GPO to manage the affiliation of the computers to the WSUS Computer groups

GPO can be stacked.
One GPO publishes the INTRANET site of the WSUS server.
Then a GPO that sets the WSUS Computer client target associations and the install mode are individually applied to the OU...

This way the placement of the Computer Object in the AD will control where the computer will end up within the WSUS client targeting.

There are examples that have powershell interfacing with the WSUS but I've seen ones dealing with approving updates, not relocating computer objects from one group to another.
20012R2 cmdlet reference for wsus.

In your case when configuring the WSUS it was elected to manually place computers in their respective objects.
Systems Administrator and Solutions Architect
PowerShell Script to add List of Computers to a Group in WSUS

#Script to add machines to a WSUS group automatically:
#The script needs Admin credentials and the WSUS Administration Console installed on the machine where it runs
$wsusparentgroup="All Computers"
$serverlist=Get-Content ".\srvlist.txt"
$date = [string]$ + $date.month + $date.year + $date.hour + $date.minute
$succeslog=".\logs\" +$date +"_success.log"
$errorlog=".\logs\" + $date +"_errors.log"
$WindowsUpdateServer= "wsus01"
#Required WSUS Assembly – auto installed with WSUS Administration Tools
if (!$wsus) {
        $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($WindowsUpdateServer,$False)
$updategroup=$UpdateGroups | Where-Object{$_.Name -eq $wsusgroup} | Where-Object{$_.getparenttargetgroup().name -eq $wsusparentgroup}
$computerScope = new-object Microsoft.UpdateServices.Administration.ComputerTargetScope
$computerScope.IncludedInstallationStates = [Microsoft.UpdateServices.Administration.UpdateInstallationStates]::All
$computers = $wsus.GetComputerTargets($computerScope)
#Create arrays with shortname and FQDN of all servers in WSUS
Write-Host "Collecting Server List from WSUS…"
$computers | foreach-object {
 #cut off DNS suffix and store shortname
 $WsusServers += $WsusServer
 $WsusServersShortNames += $WsusServerShortName
#loop to add servers to group
ForEach ($server in $serverlist)  {
 #Check if server Netbios name is present in WSUS, if present move to group – if not log an error
 $WsusComputer=($WsusServersShortNames -eq $server)
 If ($WsusComputer) {
  $WsusComputer=($WsusServers -like "$server*" )
  If ($wsuscomputer.count -eq 1) {
   Write-Host "$WsusComputer will be added to $($ group"
   out-file -append -inputobject "$Server added to $($ group" -filepath $succeslog
     #there are two servers in WSUS with ambiguous name – this should never happen but in that case an error is logged
     write-host "count $($wsuscomputer.count)"
     Out-File -append -inputobject "$Server has ambiguous name – check server in WSUS and add to group manually" -filepath $errorlog
Else {
 Write-Host "$Server not found in WSUS"
 out-file -append -inputobject "$Server not found in WSUS" -filepath $errorlog

Open in new window

Credits to:

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial