# Current WSUS Policy Settings:
$WSUSSettings = Get-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU | Select-Object -ExpandProperty AUOptions
switch ($WSUSSettings)
{
2 {"Windows Updates: Notify before download"}
3 {"Windows Updates: Automatically download and notify of installation"}
4 {"Windows Updates: Automatically download and scheduled installation"}
5 {"Windows Updates: Automatic Updates is required, but end users can configure it"}
}
# AD Machine Role:
$DomainRole = (Get-WmiObject Win32_ComputerSystem).DomainRole
switch ($DomainRole)
{
0 {"Stand Alone Workstation" ; $SYNCType = "MANUAL"}
1 {"Member Workstation" ; $SYNCType = "DOMHIER"}
2 {"Standalone Server" ; $SYNCType = "MANUAL"}
3 {"Member Server" ; $SYNCType = "DOMHIER"}
4 {"Backup Domain Controller" ; $SYNCType = "DOMHIER"}
5 {"Primary Domain Controller" ; $SYNCType = "MANUAL"}
The Domain Role portion is part of my other script for setting NTP Time to match best practice for AD. I will be uploading that script to my github in the near future as soon as I make it company agnostic.