- New Group Policy settings in Windows 11 23H2 - Mon, Nov 20 2023
- Windows Server 2025 will support SMB over QUIC in all editions - Fri, Nov 17 2023
- Switch between Windows Terminal and the legacy console - Thu, Nov 16 2023
If you neglect the maintenance of a WSUS server, then at some point, the update files not only take up all the disk space but also database operations, such as filtering updates, become very slow. Above all, it becomes difficult to successfully run the Server Cleanup Wizard at all.
Use the PowerShell cmdlet for the scheduled task
While you cannot automate the GUI-based wizard to clean up WSUS, you can easily run the PowerShell counterpart, Invoke-WsusServerCleanup, on a regular basis via a scheduled task.
The cmdlet supports five parameters:
- CleanupObsoleteComputers
- CleanupObsoleteUpdates
- CleanupUnneededContentFiles
- DeclineExpiredUpdates
- DeclineSupersededUpdates
Consider whether you want to start it with all switches at once or split the individual tasks for the cleanup among several commands.
Create a task using PowerShell
In order to be able to set up the scheduled task under Server Core as well, I recommend using PowerShell.
The first step is to define a trigger for the task, which in our case is fired when a certain time is reached (00:00 in this example):
$trigger = New-ScheduledTaskTrigger -Daily -At 00:00
Now you create the action for the scheduled task:
$action = New-ScheduledTaskAction ` -Execute C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe ` -Argument "-Command 'Invoke-WsusServerCleanup -DeclineExpiredUpdates -DeclineSupersededUpdates'"
This command is limited to declining expired and superseded updates.
Create a scheduled WSUS cleanup task using PowerShell
To delete files or unused updates, invoke the cmdlet separately (in its own task) with the appropriate parameters. The definition of the action looks like this:
$action = New-ScheduledTaskAction ` -Execute C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe ` -Argument "-Command 'Invoke-WsusServerCleanup -CleanupObsoleteUpdates -CleanupUnneededContentFiles'"
The UpdateServer parameter can be omitted if the task runs on the local server.
Finally, enter the new task into the scheduler:
Register-ScheduledTask -TaskName WSUSCleanup -TaskPath "\WSUS\" ` -Action $action -Trigger $trigger
Test the scheduled task
It is a good idea to start the new task manually and check whether it is running correctly. To do so:
Start-ScheduledTask -TaskPath "\WSUS" -TaskName "WSUSCleanup"
Then display the result of the scheduled task with:
Get-ScheduledTaskInfo -TaskName "WSUSCleanup" -TaskPath "\WSUS\"
Testing the new scheduled task to clean up a WSUS server
Here, look for a value of 0 under LastTaskResult. Any other value indicates an error. An overview of various error codes can be found on Microsoft's Website.
Summary
To ensure that a WSUS server is regularly cleaned of updates that are no longer required, you can set up a scheduled task by running Invoke-WsusServerCleanup. This can be done with PowerShell, and therefore also works on Server Core.
Subscribe to 4sysops newsletter!
A scheduled task is more reliable than the recurring manual launch of the GUI wizard on the WSUS console. This prevents problems with slow response times or a WSUS server running out of disk space.
Read the latest IT news and community updates!
Join our IT community and read articles without ads!
Do you want to write for 4sysops? We are looking for new authors.
This was a perfect solution and worked on the first try! Many thanks!
If you check the task scheduler after creating it using powershell, it is set to run only when logged on, I would suggest changing it to Run whether user is logged on or not.
Add -user “System” to the command to fix that:
Register-ScheduledTask -TaskName WSUSCleanup -TaskPath “\WSUS\” -Action $action -Trigger $trigger -User “System”