Remove expired and superseded updates from a Software Update Group with PowerShell
If you’re working with patch management in ConfigMgr 2012, you’ve most likely scratched your head about why there’s no simple way to remove the updates that have been expired or superseded. To help with that I’ve created a PowerShell script that gives you the possibility to target a Software Update Group that you want to remove expired and superseded updates from and also remove any content that will be obsolete. While I was researching for this script I ran into a script that Trevor Sullivan (PowerShell MVP) created back in 2011 for ConfigMgr 2007. From what I can interpret of Trevor’s excellent script, it should work in a ConfigMgr 2012 environment as well. But I wanted some more dynamic to my own script and wanted it to work with PowerShells advanced functions.
You can download this script from my TechNet Gallery page.
I’ve built the script so that you can leverage PowerShell’s built in help functionality. You also have access to the common parameters like Verbose, Confirm and WhatIf. In addition to the common advanced functions the script has two switches that can be used. One of them is the ShowProgress switch that will show a progressbar with some extra information about the current operation. The second switch is called RemoveContent and when you specify that in your command, those Software Updates that will be removed from the specified Software Update Group, will also be removed from the Deployment Packages where they’ve been downloaded to. Remember that if you select to remove the content for the updates, if those updates are present in any other Software Update Group you’ll need to clean those groups as well. During the content removal process, for each Deployment Package that gets targeted, a refresh will be initated at the end.
In this demo scenario, I have a Software Update Group called Critical and Security Patches – Windows Clients 2014-10-18 00:29:04. Within this group there’s several expired and superseded Software Updates, as shown in the picture below:
To run the script and perform a clean up of this Software Update Group, follow the instructions below:
1. Download the script from the TechNet Gallery and save it in C:\Scripts.
2. Open an elevated PowerShell console and browse to where you saved the script.
3. Run the following command (remember to change the parameter values to suite your environment):
.\Clean-CMSoftwareUpdateGroup.ps1 -SiteServer CAS01 -SUGName "Critical and Security Patches - Windows Clients 2014-10-18 00:29:04" -ShowProgress -RemoveContent -Verbose
As we can see in the pictures above, it found 18 updates that was matching the criteria of being expired and superseded. Since we gave the script both the ShowProgress and RemoveContent switches, it showed the progress bar and after it had cleaned the 18 eligible updates, it started to remove the content for those updates.
As a result of a successful execution, the Software Update Group should now have a green icon instead of the previous grey:
If you have any feedback on this script, please let me know. I hope this helps!
Principal Consultant and Enterprise Mobility MVP since 2016. Nickolaj has been in the IT industry for the past 10 years specializing in Enterprise Mobility and Security, Windows devices and deployments including automation. Currently working for TrueSec as a Principal Consultant. Awarded as PowerShell Hero in 2015 by the community for his script and tools contributions. Creator of ConfigMgr Prerequisites Tool, ConfigMgr OSD FrontEnd, ConfigMgr WebService to name a few. Frequent speaker at conferences and user groups.