Skip to content
PowerShell script to run the maintenance routines for Windows Server Update Services
Branch: master
Clone or download
Digressive Major fix: the script should now not run the cleanup process twice an…
…d report if the service isn't running before starting.
Latest commit 57b93dc Apr 23, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.

Automated WSUS Maintenance

PowerShell script to run the maintenance routines for Windows Server Update Services

Automated WSUS Maintenance can also be downloaded from:


Tweet me if you have questions: @mikegalvin_

Features and Requirements

  • The script will run the WSUS server cleanup process, which will delete obsolete updates, as well as declining expired and superseded updates.
  • The script can optionally create a log file and e-mail the log file to an address of your choice.
  • The script can be run locally on a WSUS server, or on a remote sever.
  • The script requires that the WSUS management tools be installed.
  • The script has been tested on Windows 10 and Windows Server 2016.

Generating A Password File

The password used for SMTP server authentication must be in an encrypted text file. To generate the password file, run the following command in PowerShell, on the computer that is going to run the script and logged in with the user that will be running the script. When you run the command you will be prompted for a username and password. Enter the username and password you want to use to authenticate to your SMTP server.

Please note: This is only required if you need to authenticate to the SMTP server when send the log via e-mail.

$creds = Get-Credential
$creds.Password | ConvertFrom-SecureString | Set-Content c:\scripts\ps-script-pwd.txt

After running the commands, you will have a text file containing the encrypted password. When configuring the -Pwd switch enter the path and file name of this file.


Here’s a list of all the command line switches and example configurations.


The WSUS server to run the maintenance routine on.


The port WSUS is running on.


The path to output the log file to. The file name will be Wsus-Maintenance.log


The e-mail address the log should be sent to.


The from address the log should be sent from.


The DNS name or IP address of the SMTP server.


The user account to connect to the SMTP server.


The password for the user account.


Connect to the SMTP server using SSL.


Wsus-Maintenance.ps1 -Server wsus01 -Port 8530 -L E:\scripts -SendTo -From -Smtp -User -Pwd P@ssw0rd -UseSsl

This will run the maintenance on the WSUS server on wsus01 hosted on port 8530. A log will be output to E:\scripts and e-mailed via a authenticated smtp server using ssl.

You can’t perform that action at this time.