Removing updates that are no longer needed or that have been replaced is important to keep WSUS in a healthy state. However, in the daily routine, admins often forget to execute the wizard for WSUS cleanup manually. Hence, it is more reliable if you set up a scheduled task for it.

If you neglect the maintenance of a WSUS server, then at some point, the update files not only take up all the disk space but also database operations, such as filtering updates, become very slow. Above all, it becomes difficult to successfully run the Server Cleanup Wizard at all.

Use the PowerShell cmdlet for the scheduled task

While you cannot automate the GUI-based wizard to clean up WSUS, you can easily run the PowerShell counterpart, Invoke-WsusServerCleanup, on a regular basis via a scheduled task.

The cmdlet supports five parameters:

  • CleanupObsoleteComputers
  • CleanupObsoleteUpdates
  • CleanupUnneededContentFiles
  • DeclineExpiredUpdates
  • DeclineSupersededUpdates

Consider whether you want to start it with all switches at once or split the individual tasks for the cleanup among several commands.

Create a task using PowerShell

In order to be able to set up the scheduled task under Server Core as well, I recommend using PowerShell.

The first step is to define a trigger for the task, which in our case is fired when a certain time is reached (00:00 in this example):

$trigger = New-ScheduledTaskTrigger -Daily -At 00:00

Now you create the action for the scheduled task:

$action = New-ScheduledTaskAction `
-Execute C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe `
-Argument "-Command 'Invoke-WsusServerCleanup -DeclineExpiredUpdates -DeclineSupersededUpdates'"

This command is limited to declining expired and superseded updates.

Create a scheduled WSUS cleanup task using PowerShell

Create a scheduled WSUS cleanup task using PowerShell

To delete files or unused updates, invoke the cmdlet separately (in its own task) with the appropriate parameters. The definition of the action looks like this:

$action = New-ScheduledTaskAction `
-Execute C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe `
-Argument "-Command 'Invoke-WsusServerCleanup -CleanupObsoleteUpdates -CleanupUnneededContentFiles'"

The UpdateServer parameter can be omitted if the task runs on the local server.

Finally, enter the new task into the scheduler:

Register-ScheduledTask -TaskName WSUSCleanup -TaskPath "\WSUS\" `
-Action $action -Trigger $trigger

Test the scheduled task

It is a good idea to start the new task manually and check whether it is running correctly. To do so:

Start-ScheduledTask -TaskPath "\WSUS" -TaskName "WSUSCleanup"

Then display the result of the scheduled task with:

Get-ScheduledTaskInfo -TaskName "WSUSCleanup" -TaskPath "\WSUS\"
Testing the new scheduled task to clean up a WSUS server

Testing the new scheduled task to clean up a WSUS server

Here, look for a value of 0 under LastTaskResult. Any other value indicates an error. An overview of various error codes can be found on Microsoft's Website.


To ensure that a WSUS server is regularly cleaned of updates that are no longer required, you can set up a scheduled task by running Invoke-WsusServerCleanup. This can be done with PowerShell, and therefore also works on Server Core.

Subscribe to 4sysops newsletter!

A scheduled task is more reliable than the recurring manual launch of the GUI wizard on the WSUS console. This prevents problems with slow response times or a WSUS server running out of disk space.

  1. Avatar
    TheDeLay 9 months ago

    This was a perfect solution and worked on the first try! Many thanks!

  2. Avatar
    David Schmalzer 5 months ago

    If you check the task scheduler after creating it using powershell, it is set to run only when logged on, I would suggest changing it to Run whether user is logged on or not.

    • Avatar
      Dan White 4 months ago

      Add -user “System” to the command to fix that:

      Register-ScheduledTask -TaskName WSUSCleanup -TaskPath “\WSUS\” -Action $action -Trigger $trigger -User “System”


Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account