SOLVED: Easy Script To Cleanup WSUS & Delete All Drivers

Over the years we have created half a dozen articles dedicated to cleaning up or fixing WSUS in some way. Recently we had a client that enabled driver updates in WSUS and now regrets it, so he disabled the DRIVERS category in WSUS, but the drivers that already exist will stay until he declines them. The problem now is that keeps getting:

Error: Connection error an error occurred trying to connect to the WSUS server
Reset Server Node

so he can’t into the updates to decline them. We have the fix and it’s not near as complex as it looks here. Just keep reading and you’ll be fine..

The key is to clean up the WSUS database and create (or update) the SQL indexes. That is easier said than done because WSUS uses the Windows Internal database which is a stripped down version of SQL Express which is self a stripped down version of SQL, so you have to do the cleanup through command line. Fortunately the command line is really easy.

1 – Cleanup & Reindex WSUS:

1. Download the script directly from us HERE and unzip the contents into C:\TEMP\
2. Start a PowerShell as an Admin
3. Run this command:
   sqlcmd -I -S \\.\pipe\MICROSOFT##WID\tsql\query -i C:\TEMP\WsusDBMaintenance.sql
   If you didn’t unzip the script the script into C:\TEMP just adjust the path
4. Wait… this can take 20 minutes or be as fast as 30 seconds

2 – Use WSUS Console To Delete Drivers

1. Launch the WSUS console
2. Expand UPDATES and then expand ALL UPDATES
3. Right click on the column titles (so you can add in a new one)
4. Click on CLASSIFICATION
5. Scroll down to the first update that is DRIVERS, click on it and hold the shift key
6. Scroll or page down to the last DRIVERS update and click on the last driver
7. Right click and select DECLINE updates
8. Select YES on the Decline Updates dialog box
9. Wait, likely are really long time
   • Don’t worry about ERROR: CONNECTION ERROR. RESET SERVER NODE… just keep waiting
   • As you can see in the screen shot below, mine WSUS errored out withing about 1 minute of starting the delete process
     • The green progress bar showed no action for about 10 minutes and what you see in the screen shot (about 10%) took nearly an hour
     • It’s going to take a really long time to delete 90,000 drivers

3 – Clean Up the WSUS Clean Up

Once this clean up is completed:

1. Click on OPTIONS in WSUS console (bottom left, under REPORTS)
2. Run the server cleanup wizard
3. Go into PRODUCTS AND CLASSIFICATIONS, click the CLASSIFICATIONS tab and make sure that DRIVERS is unchecked

It wouldn’t be a bad idea to reindex everything again (see step 1) and restart the Windows Internal database service but neither of those are required.

At this point your WSUS should be in great shape. Also it’s important to note that I’ve had some conflicting reports that while the updates may not show all the dates category that they may take up to 8 days to actually be deleted from the database. I can’t speak to that directly but just be aware of it