Over time, my WSUS (Windows Server Update Services) Server began to consume alarming amounts of disk space, mainly due to neglect on my part. So, it was time for a bit of a tidy up.
Declining Superseded Updates
The most important thing to realise is that (even though there were over 30,000 items listed within the database) the only updates that are consuming disk space are the ones that have been approved. WSUS does not download updates that have a status of “Unapproved” or “Declined”.
So, lets have a look inside the console.
Go to “All Updates” and filter the results to “Approval: Approved” and “Status: Any”
From the screen capture (above) it can be seen that I have almost 5000 approved updates filling up my server drive. The download folder was in excess of 50GB.
All of these updates would have been required at some point, otherwise I would not have approved them. However, a significant proportion of these will have been “Superseded”. In other words, Microsoft has issued an update that replaces a previous one, and therefore only the newer one is required.
The first step will be to identify and “Superseded” updates and “Decline” them.
The easiest way to identify “superseded” updates is to show the “Supersedence” column within the WSUS Console.
The supersedence icon next to each update will enable us to identify updates that are no longer required:
||These updates (and any updates without an icon) have not been superseded. These updates are “current” and we need to keep them.
||These updates have been superseded, and (in most cases) are surplus to requirements.
As stated above, we are only interested in superseded items. Anything that has not been superseded may be needed.
So, let’s go ahead and select a few superseded updates and “Decline” them.
You should only select updates that have been superseded, and where the “Needed” count is zero and the “Installed / Not Applicable” value is 100%.
Just select a dozen or so items to begin with. Then, click on “Decline” (and “Yes” to confirm).
WSUS Server Cleanup Wizard
After “Declining” the updates, Run the WSUS Server Cleanup Wizard. You should see some “Unused” updates have been removed and some disk space has been recovered.
When you are satisfied with the results, go ahead and decline a larger batch of updates. Remember to make sure that they are:
- Needed Count = 0
- Installed / Not Applicable = 100%
A Warning about “WSUS Updates”
These are updates to the WSUS Service itself. If you have inadvertently declined any of these updates, you will need to re-approve them. Otherwise, the WSUS system will not operate properly.
Within “Updates”, go to the “WSUS Updates” container and approve all updates that are listed as “Not Approved”.
“Un-approving” (rather than “Declining) Updates
It is just as valid to “un-approve” updates as it is to “decline” them. However, I found that when an update is “un-approved”, the WSUS Cleanup Wizard waits for 30 days before deleting the download files from the WSUS folder.