Approve updates via date ONLY if it is needed by members of a group.

Sep 5, 2014 at 7:15 PM
I have a script that comes from some of Boe's work and it works well, for the most part, but it's lacking something in my opinion.

Right now, it approves updates by date but I have several groups and I would like to only approve them if they are needed by the group. Right now, since it approves them by date, it makes cleanup a bit cumbersome. There's no sense in approving a Windows 7 update if my production group of servers are all Server 2008-R2, Server 2012 and Server 2012-R2. Or, if the update is just not needed by any of the servers in a certain group, why would one want to approve it? My thought process tells me I should tweak the script to use Get-PoshWSUSUpdateSummaryPerGroup and then approve the updates needed by the group - but only up to a certain date. So, how could my current script be tweaked so that would take place? I think I'd have to use a pipeline of some sort, right? I'm still a bit new to PS...

Current Script:
# Help for this script was found:
# http://poshwsus.codeplex.com/
# http://social.technet.microsoft.com/Forums/scriptcenter/en-US/03aa66a4-a855-43a3-8878-83f8d4703c6b/approve-patches-in-wsus-by-powershell?forum=ITCG
# http://blogs.technet.com/b/heyscriptingguy/archive/2012/01/20/get-windows-update-status-information-by-using-powershell.aspx

# PoshWSUS 2.2.1
# Install to %SystemRoot%\System32\WindowsPowerShell\v1.0\Modules prior to using this script.
Import-Module PoshWSUS
$WSUSServer = "h1p-wsus1.homenet.local"

Connect-PoshWSUSServer -WSUSserver "$WSUSServer" -port 8530
Get-PoshWSUSGroup | Select Name | Format-Table -AutoSize
$WSUSGrp = Read-Host -Prompt "Enter a valid group name from the list above."
$WSUSDate = Read-Host -Prompt "Updates approved should not be newer than... Example: 2014-12-31 or 2014-02-18."

$UpdateScope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
$UpdateScope.ToCreationDate = [datetime]"$WSUSDate"
$Group = $wsus.GetComputerTargetGroups() | where {$_.Name -eq "$WSUSGrp"}
$wsus.GetUpdates($UpdateScope) | ForEach {
    Write-Host ("Approving {0} for {1}" -f $_.Title,$Group.Name) -Fore Green -Back Black
    $_.Approve('Install',$Group)
}

Disconnect-PoshWSUSServer
How can I get this script to scan (create a summary?) the group for the needed updates per group and then only approve updates up to a certain date?