Release Notes - AJ Tek Corporation

Version 2024.01.2 to 2024.07.0 (Released 2024.07.01)

Bug Fix: Fixed -HelpMe displaying a bunch of errors when a connection to the WSUS server could not be established.
Bug Fix: Fixed DeclineMultipleTypesOfUpdates output having its Syntax column truncated.
Bug Fix: Fixed InstallTask not using the proper domain name when working with a remote SQL server.
Bug Fix: Fixed Fix InstallTask not working on certain locales.
Bug Fix: Fixed missing notification in IISConfiguration.
Bug Fix: Fixed rare edge-case breaking WAM when a variable named DNSHostName was present when executing WAM.
Bug Fix: Fixed some of WAM’s SQL scripts not supporting Server 2008 R2’s WID. Please note that this is a best-effort attempt to fix these issues, and certain scripts are still not fixed, such as DatabaseStoredProcedureOptimization and SQLDatabaseShrink.
Bug Fix: Fixed the ARM64 decline declining Microsoft Edge updates. The updates should instead be declined using the Microsoft Edge decline and its settings.
Bug Fix: Fixed the ComputerUpdates32bit decline declining x86 Edge WebView runtime updates.
Bug Fix: Fixed the CSS in the WAM report expanding beyond its intended size.
Bug Fix: Fixed typo in FolderPermissionChecks notice.
Bug Fix: Fixed typo in WAM’s update check causing incorrect text bolding in the WAM report.
Bug Fix: Fixed upgrade script failing to merge keys that were renamed. A one-time fix will be applied to the configuration files of users affected from this bug during the upgrade for this version of WAM.
Feature: Added -TroubleshootTask to aid in troubleshooting errors with the WAM scheduled task.
Feature: Added 16 new languages to WAM’s language declines.
Feature: Added a check to ensure that the WsusPool application pool is running prior to executing WAM.
Feature: Added a persistent update notification to remind users to upgrade to the latest version of WAM.
Feature: Added sorting support to RenameOSDescriptions.
Feature: Added Windows 11 24H2 support to RenameOSDescriptions.
Feature: Added support for using UPNs for WAM service accounts.
Feature: Added the CheckSimpleRecoveryModel notification. This notification will warn users when the WSUS database recovery model is set to use a recovery model other than SIMPLE.
Feature: Added the WsusContentUNCSharePermissionsAnonymous notification. This will check to see if the WsusContent folder is a UNC share and, if it is, whether the UNC share is an anonymous share. The UNC share is determined to be anonymous if “Everyone” has write and read permission allowed, and is not explicitly denied write access.
Feature: Reworked Microsoft Edge declines, adding more granularity to the decline options.
Update: Adjusted upgrade script to be clearer with what it is working on when merging values from the old configuration into the new.
Update: Adjusted WindowsUpdateConfigurationError notice message to be clearer.
Update: Optimized upgrade script’s logic.
Update: Overhauled error handling for WAM streams. WAM streams should be more resilient to errors and should now give more information with what when wrong when something goes wrong.
Update: Reworked the DeclineMultipleTypesOfUpdates stream to now include the number of updates that are on the WSUS server before aborting when being run on a replica server.
Update: Updated -HelpMe to include more information for helping diagnose errors, such as WSUS SSL certificate information.
Update: Updated an old, misleading verbose message in InstallTask.
Update: Upgrade-MandatoryChanges.ps1.txt will be removed from the WAM install directory for previous installations as it is no longer used.
Installer: Added a checkbox for the missing WindowsUpdateConfigurationError notice to the notice page.
Installer: Added basic screen reader support.
Installer: Reworked Microsoft Edge declines page.

Version 2024.01.1 to 2024.01.2 (Released 2024.01.14)

Bug Fix: Fix RunningUserMismatch check for Server 2012R2.
Bug Fix: Add fallback upstream connection checks.
Update: Update the WindowsUpdateConfigurationError to instruct the user of what they should do to fix the issue.

Version 2024.01.0 to 2024.01.1 (Released 2024.01.08)

Bug Fix: Upstream server connection check now uses Connect-WsusServer to test connection, which will utilize Get-WsusServer to connect if available
Bug Fix: Upstream server connection check now properly uses the port specified by the WSUS config (if available)
Bug Fix: FolderPermissionChecks will now check permission based on SID for well-known SIDs (NT AUTHORITY\NETWORK SERVICE, BUILTIN\Users and BUILTIN\Administrators) when checking permissions to avoid incorrect detections on different locales.
Bug Fix: Fix FolderPermissionChecks failing to parse root folder
Bug Fix: Adjust WSUS Content Root Folder path to work with UNC shares.
Bug Fix: RunningUserMismatch – changed behaviour to be based on SID, rather than just on a username.
Bug Fix: Skip WSUS Administration group permission check on UNC paths.

Version 2023.07.3 to 2024.01.0 (Released 2024.01.01)

Feature: Added support for using Group Managed Service Accounts to run WAM.
Feature: Added support for Centralized Certificate Stores to the SSLExpiryWarning notification.
Feature: Added a decline for Windows 11 23H2 to the Decline Multiple Types of Updates stream.
Feature: Added the FolderPermissionChecks notification to ensure that WSUS related folders all have their required permissions.
Feature: Added the IISConfiguration notification to check if the WSUS IIS website is configured incorrectly.
Feature: Added the ContentDirectoriesMatch notification to check that all WSUS related paths point to the same folder (and are correctly configured).
Feature: Added the WsusPoolIdentity notification to check that the WSUS application pool is running as the NetworkService user.
Feature: Added the WindowsUpdateConfigurationError notification to check for common misconfigurations for Windows Update registry settings.
Feature: Added the RunningUserMismatch notification to warn users if the WAM scheduled task is configured to run as a different user than what WAM expects from its configuration.
Feature: Added the WAMUpdateCheck notification to notify users if new updates for WAM are available to download, as well as what has changed between the current version of WAM and the new version. This feature requires an Internet connection and access to https://www.ajtek.ca to check for updates, and can be easily disabled by disabling the WAMUpdateCheck notification.
Feature: Added additional output to aid in debugging certificate expiry notification errors.
Bug Fix: Fixed a bug in the Database Stored Procedure Optimization stream.
Bug Fix: Fixed a bug in RenameOSDescriptions where the renamed computers were not properly displayed.
Bug Fix: Fixed a bug when stopping WAM with CTRL+C and using -HelpMe.
Bug Fix: Fixed SQLDatabaseBackup stream hanging when failing to install required PowerShell modules.
Bug Fix: Fixed DBO not being set properly in the InstallTask stream for WSUS installations using a local SQL server.
Bug Fix: Fixed WAM not reporting errors when it is no longer functional.
Bug Fix: Fixed several errors in the SSLExpiryWarning notification.
Update: Updated HelpMe proxy information output.
Update: Updated HelpMe output to include SPN information.
Update: Updated FirstRun to always save the report in both TXT and HTML.
Update: Updated output messages when testing internet connection/connection to WSUS servers.
Update: Removed unnecessary output in the InstallTask stream’s text (TXT format) output.
Update: Fixed a typo in SQLDatabaseBackup.
Update: Updated warning to include error message when failing to import the SqlServer module in the SQLDatabaseBackup stream.
Update: Added offline installation instructions to the SQLDatabaseBackup stream when failing to install required PowerShell modules
Update: Optimized the Remove Drivers SQL script (thanks to Dan Ringhiser).
Update: Updated notices for impending WAM expirations to better reflect what action should be taken.
Update: Updated licence checking to be more resilient with network errors.
Update: Removed an unused variable from the WAM configuration.
Installer: Overhauled the installer to provide a better user experience.
Installer: Added a shortcut to the latest WAM release notes in the WAM start menu folder.
Installer: Added missing HideDBOErrorDBMaintenance notification to the notifications page in the installer.
Installer: Fixed system requirements check incorrectly detecting that the ODBC driver needed for WAM is installed. Version 18+ of the ODBC driver is NOT supported as there are breaking changes released in version 18 and even the latest SQLCMD does not support v18+.
Installer: Updated the Microsoft Command Line Utilities link in the system requirements page of the installer to point towards the ODBC version. SQLCMD (Go) is NOT supported as Microsoft does not support the WID with SQLCMD (Go).
Documentation: Added instructions for installing WAM on Windows Server Core installations.
Documentation: Added an alternate method to import WSUS updates.
Documentation: Added instructions for installing WAM on offline/Internet restricted systems.
Documentation: Added an explanation for the “Exclude upgrades classification” setting of the Remove Declined Updates stream.

Version 2023.07.2 to 2023.07.3 (Released 2023.07.20)

Bug Fix: Upgrades using SQL 2008 Failed.
Feature: Added SQL information into the HelpMe file.
Update: Improve error output for Rename OS Descriptions Stream.
Update:Adjust SQL Database Shrink’s error handling.
Update: Adjust WSUS hosts for internet connection check.

Version 2023.07.1 to 2023.07.2 (Released 2023.07.15)

Bug Fix: Fixed WSUS Proxy logic for testing licence type.
Bug Fix: Fix Server Cleanup Wizard from terminating WAM’s execution.
Feature: Added additional information into the HelpMe file.
Update: Improve error output.
Update: Fix missing verbose output.
Update: HelpMe section rework.

Version 2023.07.1 to 2023.07.2 (Released 2023.07.03)

Bug Fix: Fixed Version Information & Expiry.
Bug Fix: Licence type logic.

Version 2023.01 to 2023.07.0 (Released 2023.07.01)

Bug Fix: Fixed an arithmetic overflow occurring in DatabaseMaintenance. Thanks Pim Zandbergen!
Bug Fix: Fixed -SetMailAuthentication and -SetServiceAccountCredentials not working when in a self-healing state.
Bug Fix: Fixed a typo in the licence expiry notice.
Bug Fix: Fixed a warning erroneously occurring regarding WAM’s service account configuration.
Bug Fix: Fixed missing languages from the SpecificLanguageUpdates decline.
Bug Fix: Fixed Remove-WAM.ps1 not properly executing in some cases.
Bug Fix: Fixed some reporting logic not working as one might expect.
Bug Fix: Fixed some WAM declines not working on servers using a different locale.
Bug Fix: Fixed SQLDatabaseShrink not shrinking the SUSDB log file.
Bug Fix: Fixed the WAM shell not functioning with invalid/expired licences.
Feature: Added Remove-WsusProduct to the WAMTools module aid in removing the erroneous “Windows Dev Insider Channel” from WSUS.
Feature: Added Get-WAMLicence to the WAMTools module to view licensing information for both the installed WAM licence and other licence files.
Feature: Added Get-MaxSimultaneousFileDownloads and Set-MaxSimultaneousFileDownloads for configuring the MaxSimultaneousFileDownloads setting in the WSUS database.
Feature: Added Get-WsusIISRapidFailProtection and Set-WsusIISRapidFailProtection for configuring the rapid fail protection setting for the WSUS IIS property.
Feature: Added Test-WAMEmail to have WAM send a test email for testing the mailing configuration WAM will use.
Feature: Added a new Stream “DatabaseStoredProcedureOptimization” for optimizing stored procedures in the WSUS database.
Feature: Added a notice to warn users of the “Windows Insider Dev Channel” being present in the WSUS database.
Feature: Added a notice to warn users when the SSL certificate in use by WSUS is expiring.
Feature: Added a notice to warn users when their WAM configuration is invalid.
Feature: Added tools-only installation.
Installer: Added a “Test Email” button to the installer to have WAM send a test email for testing the mailing configuration WAM will use.
Installer: Added a configuration option in the installer to configure whether or not the service account used by WAM should have access to network resources.
Installer: Added a warning if the installer fails to load its required plugins.
Installer: Added additional validations to the installer to prevent users from making invalid configurations
Installer: Fixed a bug where mail report authentication’s value would not be updated.
Installer: Reworked the report frequency page to make it more user-friendly.
Installer: Removed licence page from upgrades when a licence is already present on the system.
Update: Updated InstallTask logic to add the scheduled task’s execution user to remote SQL databases as the DBO instead of db_owner.
Update: Added additional licence validation, and additional help messages for users to fix licensing issues.
Update: Moved Set-GraphCertificatePassword from Clean-WSUS to the WAMTools module.
Update: Updated RenameOSDescriptions’ output so it now displays in an easier-to-read table.
Update: Updated WAM’s stop synchronization method to better reflect what it is doing.

Version 2022.07 to 2023.01 (Released 2023.01.01)

Feature: WAM Upgrade Self-Healing, which will detect errors in upgrades and automatically fix them (if possible)
Feature: Improved Upgrade-Configuration to be more resilient and more efficient
Feature: New feature SQLDatabaseShrink, which will run DBCC shrink quarterly
Feature: Added support for using Microsoft Graph to email WAM’s reports.
Feature: Added Windows 10 22H2, Windows 11 21H2, and Windows 11 22H2 to DeclineMultipleTypesOfUpdates
Feature: Added Windows 11 22H2, Windows 10 22H2, Windows 10 IoT Enterprise LTSC, Windows 11 IoT Enterprise LTSC, to RenameOSDescriptions
Feature: Added a warning if the WSUS server had synchronized the erroneous Windows Insider Dev Channel which can prevent successful WSUS synchronizations
Update: Added # prefix to notices for recommended settings in reports so users can copy/paste the commands easily into the WAM Shell from the report.
Update: Updated Office declines to support renamed Office 365 Client (now Microsoft 365 Apps)
Update: Added a shortcut to the start menu for easily accessing WAM’s configuration GUI
Update: Cleaned up WAM’s configuration
Update: Fixed InstallTask TXT output containing useless info
Update: Fixed missing information in HelpMe
Bug Fix: Added a check to InstallTask to check if the current user is the dbo on the WSUS database on remote servers
Bug Fix: Fixed a bug in Upgrade-Configuration where comments were improperly merged
Bug Fix: Fixed a bug with weekly email reporting not sending emails after switching to daily reporting
Bug Fix: Fixed InstallTask not running with highest privileges
Bug Fix: Fixed InstallTask not working with some locales
Bug Fix: Fixed some WinRM related issues when running InstallTask
Installer: Fixed various hangs/crashes on the WAM installer
Installer: Added a select all button to the language list configuration page in the installer
Installer: Fixed a bug in the installer where file extension filters weren’t properly applied when selecting a license

Version 2022.01 to 2022.07 (Released 2022.07.02)

Feature: New Tool – Get-WsusIISIdleTimeout/Set-WsusIISIdleTimeout
Feature: New Tool – Get-WsusIISPingEnabled/Set-WsusIISPingEnabled
Feature: New Tool – Get-WsusIISRegularTimeInterval/Set-WsusIISRegularTimeInterval
Feature: Added an option to suppress RenameOSDescriptions output
Feature: Added support for weekly reporting
Feature: Added include downstream computers option to RemoveComputerObjects
Feature: Added Superseded Definition Updates to Decline Multiple Types of Updates to allow for a more aggressive declining
Feature: Changed WAM to stop WSUS synchronization before executing and restart it after execution to prevent errors
Feature: Added support for Windows 10 Enterprise LTSB/LTSC Evaluation in Rename OS Descriptions
Feature: Added support for Windows 10 Enterprise N LTSB/C in Rename OS Descriptions
Feature: Added support for Windows 10/11 Enterprise (Evaluation) Evaluation in Rename OS Descriptions
Update: Added more verbose output when mailing the WAM report
Update: Clarified vCPUWarning comment in the Configuration
Update: Updated SQLDatabaseBackup logic
Update: Improved the arithmetic overflow fix
Update: Added -WhatIf support to RemoveComputerObjects
Update: Added new notices for MaxCachedUpdates/MaxInstalledPrerequisites not being at their recommended value
Update: Changed installer to show service account configuration on basic install
Update: Added License File requirement
Bug Fix: Fixed a bug in report generation that caused the report to display an unneeded white line
Bug Fix: Fixed installer main configuration page erroneously overwriting a previous configuration for WAM when WAM is being reinstalled
Bug Fix: Fixed InstallTask incorrectly registering the WAM cleanup task when not allowing access to network resources
Bug Fix: Fixed InstallTask not working for some Windows 2012 R2 machines
Bug Fix: Fixed MailReport potentially sending two emails on rare occasions
Bug Fix: Fixed remote SQL server support for service accounts
Bug Fix: Fixed Remove-ScheduledTask-SynchronizeAcrossTimeZones causing timing mismatches
Installer: Improved installer’s second advanced configuration page
Installer: Fixed installer configuration pages titles being inconsistent

Version 2021.07 to 2022.01 (Released 2022.01.01)

Bug Fix: Local SQL Server detection RegEx fix.
Bug Fix: Fixed embedded tags in Add-Notice output – both [shell] and [link]
Bug Fix: Added Start Menu checks and fixes for those who upgraded and didn’t get the proper Start Menu shortcuts for the WAM Shell as it was changed, and some cached the old link.
Bug Fix: Fixed a possible hang in the installer during the system requirements check. The installer will now better handle edge cases where SQLCMD.exe takes too long to respond, or does not return any output.
Bug Fix: Fixed a possible infinite timeout from occurring when using schtasks.exe as a fallback for installing WAM’s task.
Bug Fix: Fixed a warning using outdated start menu entries.
Bug Fix: Fixed documentation in Clean-WSUS.ps1 regarding the SetMailAuthentication switch.
Bug Fix: Fixed ODBC driver detection for WAM’s installer’s system requirements.
Feature: Improve on the visibility of the WAM Shell – Added a custom prompt, along with an introduction to the WAM Shell.
Feature: New Tool – Get-WAMCommand, a utility to help users find information on WAM utilities while inside the WAM console.
Feature: New Tool – Get-WsusIISMaxCachedUpdates/Set-WsusIISMaxCachedUpdates.
Feature: New Tool – Get-WsusIISMaxInstalledPrerequisites/Set-WsusIISMaxInstalledPrerequisites.
Feature: Added support for Windows 11 in Rename OS Descriptions.
Feature: Added support for Windows Server 2022 in Rename OS Descriptions.
Feature: Added support for Windows N Editions – Pro N, Enterprise N, Education N, Pro Education N.
Feature: Added Windows 7 as an option in the Decline Multiple Types of Updates
Feature: Added automatic SSL detection and hostname configuration underneath $FQDN that uses the ServerCertificateName. This will help those with SSL enabled systems that don’t use the default FQDN of the server but rather a customized FQDN. The configuration will force replace your existing $AJTekWSUSServer with $FQDN as now it will automatically detect properly.
Feature: Added a warning if only 1 or 2 vCPUs are being used.
Feature: Added Service Account setup and functionality. WAM now fully supports a service account for running the scheduled task.
Update: Clarified SMTP SSL uses STARTTLS and implicit TLS will not work.
Update: Added clarification on the recommendation to enable SSL – still a lot of people are not using SSL on their WSUS server and SSL is not difficult to enable for WSUS and has many benefits. Included link to an expanded SSL section in Part 7 of our Blog series on How To Setup, Manage, and Maintain WSUS.
HelpMe: Added more verbosity to many sections and cleaned up some sections to make it more helpful to Support for troubleshooting different issues.
Installer: System Requirements page has been redesigned. You will not be able to continue through the system requirements until all requirements have been met and installed. A self-explanatory checkmark or X will show you what specific requirement is missing and link to the appropriate software for download.
Uninstaller: A software normally takes great care of the install, providing options and features for customization of the installation but then lacks on features of the uninstaller. We at AJ Tek are different.
Uninstaller: We have digitally signed our uninstaller.
Uninstaller: Added improved uninstall cleaning functionality like removing the Scheduled Task and other items.

Version 2021.01 to 2021.07 (Released 2021.07.01)

Bug Fix: Automatically detect WSUS website name, now properly taking into account translated versions of the website name for systems not in English.
Bug Fix: Excluded Edge-Beta updates from the Beta declines in the DeclineMultipleTypesOfUpdates stream.
Bug Fix: Adjust RenameOSDescriptions to fix width to even wider (50).
Feature: New shell for WAM that will contain all utility functions, instead of passing switches to Clean-Wsus.ps1.
Feature: New Module called WAMTools that is imported into the WAM Shell to expose the tools.
Feature: New Tool – Add-ESDMimetype/Remove-ESDMimetype/Reset-ESDMimetype
Feature: New Tool – Get-SchUseStrongCrypto/Set-SchUseStrongCrypto
Feature: New Tool – Get-WsusIISLoadBalancerCapabilities/Set-WsusIISLoadBalancerCapabilities
Feature: Redesign of Tool into new WAMTools module – Get-ApplicationPoolMemory/Set-ApplicationPoolMemory.
Feature: Redesign of Tool into new WAMTools module – Get-WsusIISLimitInterval/Set-WsusIISLimitInterval.
Feature: Redesign of Tool into new WAMTools module – Get-WsusIISQueueLength/Set-WsusIISQueueLength.
Feature: Redesign of Tool into new WAMTools module – Get-WsusWebExecutionTimeout/Set-WsusWebExecutionTimeout.
Feature: Redesign of Tool into new WAMTools module – Get-WsusWebMaxRequestLength/Set-WsusWebMaxRequestLength.
Feature: Added the ability to disable individual notices from being included in reports.
Feature: Added notices when the WSUS install is not at the recommended settings (SSLEnabled, ApplicationPoolMemory, SchUseStrongCrypto, QueueLength, LimitInterval, LoadBalancerCapabilities, MaxRequestLength, ExecutionTimeout). These checks will happen every time Clean-WSUS.ps1 is run and will be included in the report only if your system needs adjustments made to it.
Feature: Added support for Windows 10 Pro Education, Windows 10 Education editions, and Windows Server 2019 Standard Evaluation in Rename OS Descriptions.
Feature: Added a workaround to the Arithmetic Overflow error that has started causing problems with some customers who have hundred of thousands of updates in the metadata. This Arithmetic Overflow is caused in IIS attempting to proxy data coming from the database.
Update: Added additional classifications for RenameOSDescriptions for servers that are 2008 R2 or lower.
Update: Prioritize TLS1.2 as the security protocol for mailing reports, using other protocols as a fallback if TLS1.2 is not supported.
Update: Removed some unnecessary output cluttering the DeclineMultipleTypesOfUpdates stream.
Update: Added Windows 10 21H1 to DeclineMultipleTypesOfUpdates stream.
Update: Added code in the Remove Drivers SQL to reset online summary tables.
Update: Renamed PruneIISLogs variables to more appropriate names, and added extra information to the notice about disabling the stream.
Update: Added items to the -HelpMe output for troubleshooting. Cleaned up some unnecessary output cluttering it up, re-organized the output for easier troubleshooting.
Update: Added 127.0.0.1 to Test-SQLConnection for determining if it is using a local SQL Database instance.
Update: Major documentation update to add information and re-design the method used to present the information so that it is easier to read and understand.
Update: Fixed spelling errors.
Installer: Adjusted installer to hide the -FirstRun checkbox if running on the same version so that the installer can be used as a GUI for configuration.
Installer: Added a silent UNinstaller with options to keep or remove the configuration.
Installer: Changed the location of the Windows Menu items to just Windows Menu > AJ Tek.

Version 2020.07 to 2021.01 (Released 2021.01.01)

Bug Fix: Detection of ‘.’ and ‘.INSTANCE’ as valid local SQL Server names.
Bug Fix: Adjust RenameOSDescriptions to fix width.
Bug Fix: Add SCW output to Verbose output.
Installer: Bug fix for the System Requirements detection of a non-English sqlcmd.exe.
Update: Removed Microsoft Office updates from the ComputerUpdates32bit decline.
Update: Improved ARM64 decline syntax to catch missed ARM64 updates.
Feature: Added support to decline specific Microsoft Office products.
Feature: Added support to decline updates for the stable, beta, and dev branches of Microsoft Edge.
Feature: Added support to decline updates from third parties.
Feature: Added support for excluding the Upgrades classification from the RemoveDeclinedUpdates stream.
Feature: Added support for 20H2 in Rename OS Descriptions.
Feature: Added support to send WAM report as an attachment when emailing the report. You may also optionally configure the name of the attachment sent in the email.
Feature: New Utility – DisplayWsusIISLimitInterval/SetWsusIISLimitInterval, used to display or change the reset interval (aka “limit interval”) in the WSUS IIS settings.
Feature: New Utility – DisplayWsusIISQueueLength/SetWsusIISQueueLength, used to display or change the queue length in the WSUS IIS settings.
Feature: New Utility – DisplayWsusWebExecutionTimeout/SetWsusWebExecutionTimeout, used to display or change the ExecutionTimeout value in the WSUS IIS app config.
Feature: New Utility – DisplayWsusWebMaxRequestLength/SetWsusWebMaxRequestLength, used to display or change the MaxRequestLength value in the WSUS IIS app config.
Feature: New Stream – Display Newly Added Products, which will output newly added classifications/product categories to the monthly report.
Feature: New Stream – Prune IIS Logs, which will delete old log files generated from the WSUS website in IIS. This feature is disabled by default.

Version 2020.01 to 2020.07 (Released 2020.07.02)

Bug Fix: Removed typo in InstallTask.
Bug Fix: Remote SQL Express database instances were being detected as local.
Bug Fix: Fixed output error issues on the Remove Declined Updates Stream.
Bug Fix: Fixed rename of OS descriptions from LTSB to LTSC from 1809 and newer to keep inline with Microsoft’s nomenclature.
Feature: Added Hyper-V systems to rename with RenameOSDescriptions.
Feature: Added Domain Controller systems to rename with RenameOSDescriptions.
Feature: Redesigned the Remove Declined Updates Stream completely.
Feature: Add-Notice – for adding recommendation notices, and future alert errors and informational notices to the reports.
Feature: Add-Notice if the Application Pool Memory is lower than 4GB.
Feature: Added support for Windows 10, 2004 to the RenameOSDescriptions.
Feature: Redesigned the HTML report output.
Feature: Redesigned the Application Pool Memory feature into a function for both getting and setting information.
Feature: Added SaveReport/MailReport forced ability when running routines manually using the WAM Shell.
Feature: -Whatif support added to: -RemoveDeclinedUpdates, SetApplicationPoolMemory.
Feature: Added KB979309 to the mandatory exceptions list for Remove Declined Updates.
HelpMe: Add WSUS Subscription Information to HelpMe.
HelpMe: Added output of SQL jobs to HelpMe file (due to the output when -Verbose is used).
Installer: Present a new screen that better informs the user when system requirements are not installed.
Installer: Add system requirements detection.
Installer: Adjust the unattended installation to fail with a message when the system requirements are not installed. Included a switch to bypass in case of a false positive.
Display: Moved certain output from the console into only when -Verbose is used.
Documentation: Updated documentation and added section: Security & Permission Requirements.

Version 2019.07 to 2020.01 (Released 2020.01.06)

Bug Fix: Remote SQL server detection of a local install using FQDN rather than just the hostname or localhost.
Bug Fix: Added “[hostname].[domain]” as a possible match for a local SQL Server using a non-standard instance name.
Bug Fix: Fixes some of the output variables as some were not being added to the array properly.
Bug Fix: Adjusted Backups to run only when not detected as a remote SQL Server.
Bug Fix: Under DMTOU, adjusted the ComputerUpdates32bit’s syntax search.
Bug Fix: Added Windows 10 1909 and Windows 10 20H1 to Rename OS Descriptions. Also added Windows 10 Pro for Workstations
Bug Fix: InstallTask SQL adjusted the else case ALTER ROLE for backwards compatibility syntax check when executing.
Bug Fix: Installer: Fixed the installer’s recognition of a custom installation folder when upgrading.
Feature: All PowerShell scripts are now digitally signed.
Feature: Added variables able to be used in the Configuration file for customizations: $DNSHostName, $DNSDomainName, $FQDN, $RunDate.
Feature: Added more types to the DMTOU Stream including all Windows 10 versions to present.
Feature: Adjusted DMTOU to only show enabled declined types in the output, rather than all types of updates.
Feature: Added more control over the Remove Declined Updates: An exceptions list with both custom and mandatory exceptions.
Feature: Added OSDescription and detailed ClientVersion to the output on removals of computer objects.
Configuration Change: Adjusted default WSUS Server name to use the new variable: $FQDN.
Configuration Change: Configuration forced change to backup = $True.
Installer: The Installer is now digitally signed.
Installer: Added missing options that were left out ($AJTekSupersededUpdateDeclineAfterDays), email report subject.
Installer: Added new feature additions and re-organized existing advanced screens.
Installer: Added new upgrade route that will automatically upgrade the configuration file and re-apply existing settings making upgrades EASY!
Installer: The new upgrade route includes silent installations and only needs 3 switches for deployment (/S /U /I-ACCEPT-EULA) making mass deployment upgrades EASY!
Installer: Silent installations now require /I-ACCEPT-EULA switch in order to install or upgrade.

Version 2019.01 to 2019.07 (Released 2019.07.07)

Bug Fix: Remote SQL server permissions issue on applying the correct permissions.
Remote SQL servers: Enhanced the Security Awareness Alert to explain what is needed, and automatically check to see if modifications are required. If required, it will make them. If not, it will let you know that no changes were made.
Raised minimum PowerShell requirements to PowerShell 4.0 or higher. Put in a hard stop if the requirement is not met.
Changed all logging variables to arrays for much faster processing.
Add Application Pool Memory to the HelpMe output.
Added code to make the HelpMe output cleaner.
Added security to mail server authentication details. The system now uses Get-Credential to ask and securely store authentication details in AES encrypted TXT files on disk. If plain text authentication is stored in the configuration file, a warning will appear on every run in the console output only.
Added a new error-wrapping around sending emails. If the sending of emails fails, WAM will fall back to saving a TXT file log. Details of the error are prepended to the TXT log and outputted to the console for troubleshooting.
Added an upgrade check to the installer.
Added a new stream – Rename OS Descriptions – which will rename OS descriptions to a more detailed and friendly descriptive name.
Documentation updates.
Added /? to the installer.

Version 3.5 to 2019.01 (Released 2019.01.28)

Expanded the installer to include a GUI for the advanced options for easier adjustments.
Expanded the installer to include a silent install mode for deployment on multiple systems. Please see the documentation for configuration options.
Bug Fix: DirtyDatabaseCheck – issues with calling the Database Maintenance function after renaming it as well as throwing an error. This has been fixed.
Bug Fix: RemoveDeclinedUpdates – Thanks to Taylor Ralston for the notice. When running the RemoveDeclinedUpdates switch on its own, it would not actually remove the updates but when run from ScheduledRun and QuarterlyRun, it would. This has been fixed.
Clarification Fix: Added information to the DeclineMultipleTypesOfUpdates when it times out.
Bug Fix: Refocused the Language pack removals to include LanguagePack.
Documentation Update.
New Feature: Added the ability of using a comma separated list of emails to send the report to.
Bug Fix: Added verification checks that the SQLPS module is loaded before initiating the backup
Further expanded the SQL Database Backup logic to check for the appropriate modules, auto-load them if necessary, and to account for any errors that may happen.
Changed the SQL Database Backup to be off by default as you should have another method of backing the server and database up.
Changed Get-WMIObject to Get-CimInstance to keep current as Get-WMIObject is deprecated.
New Feature: Added the configuration ability of removing or not removing declined updates.
Reordered RemoveDeclinedUpdates.
Reordered RemoveDrivers.
Crafted the SQL database name dynamically based on the registry.
Bug Fix: Fixed InstallTask Remote SQL references to the SQL script.
Expanded InstallTask for SQL Server with non-standard SQL ports.
Expanded InstallTask for proper error handling of Remote SQL permissions and output.
Bug Fix: Fixed WinXP and NonEnglishUpdates portions of the DeclineMultipleTypesOfUpdates stream.
Bug Fix: Fixed one line that was missing off of the TXT output only on the DeclineMultipleTypesOfUpdates stream.

Version 3.2 to 3.5 (Released 2018.06.01)

Re-branding of Adamj Clean-WSUS to AJTek’s WSUS Automated Maintenance (WAM) ©
Added info to HelpMe
Altered the entire script into a multi-file system, extracting each function, SQL script, and logic part into its own file.
Manipulated the new SQL Scripts to adhere to the new system as some were being dynamically generated. Created parameter passing in these instances, condensing some of the SQL scripts.
Expanded InstallTask to auto-create on systems running Server 2012 and lower that cannot create scheduled tasks through PowerShell using SchTask.exe instead.
Expanded InstallTask’s SQL script on remote systems to include the code for previous versions of SQL (2005-2008) for adding the computer object’s account to the db_owner group.
Created single installer for the entire system that allows for easy auto-configuration.
Added ‘LOCALHOST’ as part of the possible SQL Server auto-detections, rather than just the <ComputerName>
Bug Fix: DeclineMultipleTypesOfUpdates – The XP search was just searching ‘XP’ which was also triggering on eXPerience and others. Changed it to search for ‘ XP’ instead.
Added Sharepoint Updates and ARM64 updates to the list of DeclineMultipleTypesOfUpdates.
Added a frequency to DeclineMultipleTypesOfUpdates of either Daily or Monthly, for each individual set.
Adjusted the RemoveObsoleteUpdates and CompressUpdateRevisions to run daily.
Updated the URL Link to Microsoft KB Articles as Microsoft had changed this.
Added AJTekSupersededUpdateDeclineAfterDays to allow for a delay of declining superseded updates. Thank you Brian Gleason for giving me this feature.
Added -ErrorAction Stop to Get-WsusClassification which is what usually errors out if run on Server 2008.
Bug Fix: Test-SQLConnection – added required escaped double quotes around the SqlServerName to account for non-standard SQL Server Ports (server,port). Thank you michaelschuler on Spiceworks for giving me this fix.
Modified RemoveObsoleteUpdates and CompressUpdateRevisions to have better output including current time and delta times for each removal or compression.
Re-configured DirtyDatabaseCheck to bring the queries and process more inline with Microsoft’s newest official method located on the KB3194588 page.
Deprecated DirtyDatabaseCheck as Microsoft has changed the way they do things (for the better). It is still possible that you may need to run this switch but know that this will ALWAYS return a Dirty Database now due to the way Microsoft changed things.
Re-enabled the erroring out of the script if the Automatic detection of the SQL Server fails to connect, which technically shouldn’t happen anymore.
Renamed Prerequisites to System Requirements and re-adjusted the organization of the file accordingly. Made it easier to differentiate between what is recommended and minimum requirements.
Added a configurable option for always displaying the WSUS DB Maintenance output in detail, rather than just on the ScheduledRunStreamsDay.
On -SetApplicationPoolMemory, after changing the application pool memory, added a check to see if the application pool was in the stopped state and either started or restarted the application pool depending on what is required at the time.
Added a check to see if the script times out while getting updates from the server into a variable. If this happens, it will continue on with the SQL queries to clean up and run the maintenance and will also alert you (in the console as well as in the log file) to re-run the -FirstRun switch up to 15 times. The idea is that the SQL queries will remove and optimize the database enough such that eventually getting all of updates from the server into a variable will be successful.

Version 3.1 to 3.2 (Released 2017.11.10)

Bug Fix: Dirty Database Fix SQL Script to 1.1 – Added use SUSDB.
Added EULA.

Version 3.0 to 3.1 (Released 2017.09.16)

Spelling error on DirtyDatabaseCheck in ‘.EXAMPLE’.
Clarify using apostrophes in the AdamjMailReportSMTPServerPassword variable.
Prerequisite update to might need to change the encoding to ANSI – now that I’ve removed any non-ASCII Character in the script.
Corrected English on DeclineMultipleTypesOfUpdates if using -FirstRun so that it says ‘today’ rather than the scheduled streams number.
Bug Fix: Change $AdamjWSUSServer to check to see if it’s part of a domain, and if so, add the domain, otherwise use the hostname.
Bug Fix: Revert Drivers SQL Removal back to 1.0 – 1.1 was causing errors killing the script from running.

Version 2.11 to 3.0 (Released 2017.09.01)

NOTICE TO PREVIOUS USERS: Updated the description for RemoveDeclinedWSUSUpdates. Please read it.
Added Test-IfBlocked – If it’s blocked, it will unblock it.
Changed the behaviour of -InstallTask to remove the ExecutionPolicy as it will be auto-unblocked.
BUG FIX: Changed -InstallTask to work with 6.2 which is Server 2012.
Added DirtyDatabaseCheck – Checks to see if your database is in a bad state. If it’s in a bad state it fixes it.
Changed WSUS Server variables to automatically pull from the registry entries. It should be fully automatic now for 99% of all cases.
Added AdamjScriptVersion primarily for the -HelpMe stream for easier version recognition.
Added DeclineMultipleTypesOfUpdates to replace DeclineSupersededUpdates.
Changed -IncreaseApplicationPoolMemory to -SetApplicationPoolMemory and made it allow 0 (unlimited) or a higher number.
Rewrote the prerequisites for SBS for clarity.
Rewrote the .DESCRIPTION, organized the description of the streams by how they are run, with manual ones at the bottom.
Rewrote the Install-Task function and added it to -FirstRun.
Replaced some double quotes into single quotes around the script.
Re-designed the SQL Testing and created it to auto-detect from the Windows Registry. It should be fully automatic now for 99% of all cases.
Added a bypass for the -HelpMe stream if it can’t connect to the WSUS Server, it will bypass and create the log file for help.
Added WSUSIndexOptimization stream which will increase the speed of WSUS’s database processing by 1000-1500 times faster.
Added options for running RemoveWSUSDrivers in FirstRun and in the other routines.
Clarified the Remote SQL Server instructions with the scheduled task running. Thank you to Ross Anderson for the full solution instructions.
On Remote SQL Databases, setup the Scheduled Task to run as NT AUTHORITYSYSTEM and add the DOMAINCOMPUTER$ account to db_owner on only the SUSDB database.
Added fix for spaces in the file or path name with regards to creating the scheduled task.
Expanded the RemoveWSUSDriversSQL script to version 1.1 by adding new tables to check/resolve issues from.
Ran some regular expression searches to remove any non-ASCII characters within the script and remove trailing tabs and spaces.

Version 2.10 to 2.11 (Released 2017.05.11)

Re-organized Run switches.
Added a Restart of the Application pool if you increase the application pool to make sure the settings take effect.
Added logic to not connect to the WSUS server if not actually running something that requires it (Display & Increase the application pool and InstallTask).
Added a configuration value for $AdamjScheduledTaskTime.
Added a ComputerObjectCleanup Stream for more control over computer object removals.
Cleaned up old commented code and spacing.
Added and changed some commented code to verbose output.

Version 2.09 to 2.10 (Not Released)

Added the Adamj Application Pool Memory Configuration Stream.
Added information about Server 2016 at the prerequisites stage.
Added Start-Transcript to -HelpMe stream as now everything is outputted to objects, not just Write-Host.
Added Show-MyFunctions and Show-MyVariables and added them to the -HelpMe output instead of the contstraint to just Adamj Variables.
Removed the Clean Up Variables section at the end. Once the script finishes running all variables within the script are destroyed as none are set globally.
Changed $AdamjWSUSServer to auto-populate vs manual entry, along with changing it to lowercase within the script.
Added comments for Gmail settings.
Added comments in the SQL Server Variable section for the auto-detect issue on Server 2008 (R2).
Added an SBS Section to the prerequisites.
Created a function for Connect-WSUSServer.
Created a function for -InstallTask and a check for powershell version 4 or higher within. Adjusted the Instructions at the top.

Version 2.08 to 2.09 (Not Released)

Added CompressUpdateRevisions and RemoveObsoleteUpdates SQL Scripts as MonthlyRun items along with FirstRun.
Added Configuration for Mail Report and Save Report options.
Added Donation links.
Fixed bug with running script from a folder with a space.

Version 2.07 to 2.08 (Not Released)

Re-adjusted all Write-Host to Write-Output.
Changed $AdamjScriptPath from split-path -parent $MyInvocation.MyCommand.Definition to Split-Path $script:MyInvocation.MyCommand.Path.
Changed $VerbosePreference to “Continue” when executing -HelpMe.
Added Begin, Process, End operators.
Setup -HelpMe to change VerbosePreference to continue and change it back at the end to what it was before.
Changed Test-Administrator to streamline the process.
Changed SQL-Ping-Instance to Test-SQLConnection and cleaned up the code.
Added some VERBOSE output throughout the script.
Fixed a bug with $ExceptionError in the RemoveDeclinedWSUSUpdatesProceed function.
Adjusted the prerequesites and added SQL Cmd line tools requirement with links.
Fixed a bug with RemoveDeclinedWSUSUpdates, thanks to Nikolay Semov (Nikolay8159) from the Spiceworks forums.
Added regions to each section for ease of modification and readability in PowerShell ISE and other editors.

Version 2.06 to 2.07 (Released 2016.10.05)

Adjusted the prerequisites wording for clarity regarding the ANSI encoding.

Version 2.05 to 2.06 (Released 2016.07.08)

Added notes regarding a Remote SQL connection such that you must use the computer account to run the script via Schedule Tasks.
Added a -HelpMe Stream for getting troubleshooting data for support reasons.
Check for for replica server and exclude only the DeclineSupersededUpdates as you can only decline superseded updates from the upstream server. Thanks to Jurriaan van Doornik for the help with testing and investigating.
Adjusted the Timeout on the SQL-Ping Function to 60 seconds only if you specify the $AdamjSQLServer variable.
Altered the Versioning notes layout for clarity and separation.
Added a prerequisite of ANSI encoding for troubleshooting.
Adjusted some of the descriptions of the streams information text to be more clear and consistent.
Spelling and grammar fixes.

Version 2.04 to 2.05 (Released 2016.03.17)

Tested on Server 2008 SP2, Server 2008 R2, Server 2012, and Server 2012 R2.
Came up with installation instructions for prerequisites.
Added code for detecting last day of the month if $AdamjScheduledRunStreamsDay is greater than the last day of the month, including leap years for months less than 31 days.
Thank you to Malil for the initial base of the code for checking for $AdamjScheduledRunStreamsDay

Version 2.03 to 2.04 (Not Released)

Fixed issue with SQL Connection command for issues with connecting to a Windows Server 2008 Internal Database.
Fixed some visual issues with the TXT output relating to the duration.
Clarified some instructional text at the top.

Version 2.02 to 2.03 (Not Released)

Properly formatted running time duration to hh:mm:ss
Added calculated duration of each stream, and total script duration.
Removed a duplicated value in the setup configuration

Version 2.01 to 2.02 (Not Released)

Malil helped troubleshooting further and I made code changes for $AdamjSQLServer on Server 2008.
Added better email logs for the RemoveWSUSDriversSQL Stream. Added console messages to show that the script is still working and what it is doing as this stream will take time. Added console error message summaries, and file/email error message details.
Changed Quarterly months defaults to 1, 4, 7, 10.

Version 2.00 to 2.01 (Not Released)

Troubleshooting help by Malil from Spiceworks forums which lead to 2 small but significant code changes for the auto-detection of the $AdamjSQLServer variable, provided by Malil.
Fixed the SCW to also account for hours run, rather than just minutes and seconds.

Version 1.5 to 2.0 (Not Released)

Changed the mail function to allow for authentication, SSL, and SMTP Port
Cleaned up the ‘Clean Up Variables’ section to account for all Adamj* Variables
Added Clean Up WSUS Synchronization Logs Stream to keep the Sync logs clean
Added SQL Auto-detect with function help from (http://stackoverflow.com/questions/11540445/how-to-verify-whether-the-sql-server-instance-is-correct-or-not-using-powershell)
Redesigned pretty much the entire script into a function driven script.
Added cmdlet options for running each section manually, or by way of the recommended time periods (Daily, Monthly, Quarterly)
Added error checking and throwing better error messages on various things.
Added Test-Administrator to confirm it is being run with elevated rights.
Updated the Prerequisites and Instructions sections.
Updated the output of the SCW.

Version 1.3 to 1.5 (Released 2015.07.16)

Added the Adamj Remove Drivers Stream, Adamj Remove Declined WSUS Updates Stream, and the Adamj WSUS DB Maintenance Stream. Renamed the Adamj Bonus Cleanup Stream to Adamj Decline Superseded Updates Stream.
Changed the formulation of the script into modular form. Now the script has 5 modular streams:
WSUS Server Cleanup Wizard Stream
Adamj Remove WSUS Drivers Stream
Adamj Remove Declined WSUS Updates Stream
Adamj WSUS 3.0 DB Maintenance Stream
Adamj Decline Superseded Updates Stream.

Version 1.2 to 1.3 (Released 2015.07.09)

Added the $AdamjBonusCleanupUpdatesCount variable to the output line on the declining updates message, so that a copy/paste can easily be done that shows how many updates were declined when it actually declines them.

Version 1.1 to 1.2 (Released 2015.07.06)

Created the Adamj Bonus Cleanup Stream. Changed the output email into HTML and formatted the output nicely.
Thanks to Rob Dunn from the Spiceworks forums for reviewing the code and making some suggestions on the code to help enumerate information better.

Version 1.0 to 1.1 (Not Released)

Added “Diskspace Freed (GB)” from example code https://p0w3rsh3ll.wordpress.com/2015/01/26/cleanup-wsus/
Re-formatted output of the email.

Version 1.0 – Initial Release (Released 2015.01.30)

Initial Release