Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Windows update distribution
- Thread starter cwissy
- Start date
SUS works just fine so long as you actually think about what you are doing when you set it up. A lot of people don't like it because they accidentally configure their servers for updates from it along with their workstations and then complain when the servers start rebooting at night.
Bottom line, SUS is free and gets the job done. You might want to have 2 SUS servers, one for workstations and one for servers.
WUS has the ability to configure groups of computers so you can set that reboot status. I'm in the WUS beta and it is awesome. Use it when it comes out!
I hope you find this post helpful. Please let me know if it was.
Regards,
Mark
Bottom line, SUS is free and gets the job done. You might want to have 2 SUS servers, one for workstations and one for servers.
WUS has the ability to configure groups of computers so you can set that reboot status. I'm in the WUS beta and it is awesome. Use it when it comes out!
I hope you find this post helpful. Please let me know if it was.
Regards,
Mark
Sus works great, a real time saver....
When you setup SUS, create a group in "active directory users and computers", "users" with a name such as "SUS group", add all workstations as member(not servers); unless you trust Microsoft, I prefer to update servers manually. Create an OU such as "SUS Machines", add the group "SUS group" to the OU. Edit the group policy of the OU "SUS machines" for the SUS settings. Make sure you apply the policy to disable automatically reboot. One of the policies is to choose the time the patches are applied to the involved machine, I general have it occur at 4:00 pm, at most clients.. pick the least network activity period of the day.
When you setup SUS, create a group in "active directory users and computers", "users" with a name such as "SUS group", add all workstations as member(not servers); unless you trust Microsoft, I prefer to update servers manually. Create an OU such as "SUS Machines", add the group "SUS group" to the OU. Edit the group policy of the OU "SUS machines" for the SUS settings. Make sure you apply the policy to disable automatically reboot. One of the policies is to choose the time the patches are applied to the involved machine, I general have it occur at 4:00 pm, at most clients.. pick the least network activity period of the day.
WUS is certainly alot more reliable than SUS.
However I was wondering, in the Automatic Approval Options, when approving for installation, am I right in thinking that you are unable to tell workstations to install Updates, Service Packs and drivers, and servers only install Updates. Therefore you would require two servers one for Servers and one for Workstations.
Please confirm my fears
However I was wondering, in the Automatic Approval Options, when approving for installation, am I right in thinking that you are unable to tell workstations to install Updates, Service Packs and drivers, and servers only install Updates. Therefore you would require two servers one for Servers and one for Workstations.
Please confirm my fears
Hi Mark,
I am using WUS and I have deployed a GP to set WUS as the desired route for updates. I have added 4 computers to the OU. RSOP shows the policies applied to all 4 computers but only 2 show up in the WUS admin console.
Any ideas?
Marty
Network Admin
Hilliard Schools
I am using WUS and I have deployed a GP to set WUS as the desired route for updates. I have added 4 computers to the OU. RSOP shows the policies applied to all 4 computers but only 2 show up in the WUS admin console.
Any ideas?
Marty
Network Admin
Hilliard Schools
TruBlu01- The reason people don't want to use autoupdate is simple. First off it means that each computer is downloading the same content over the WAN connection. This is wasteful. Using a distribution method means you can download it once. Second you have no real control over what updates are installed. using SUS or WUS you can approve the updates and only the approved updates will be installed. This allows an admin to test updates for compatibility within an environment and allow or block any updates as needed.
Marty- How long did you wait for those two extra machines? Did you check the system times on them to be sure they are syncronized with the server? Are the two machines in the same network or is there a firewall between them and the WUS server?
I hope you find this post helpful. Please let me know if it was.
Regards,
Mark
Marty- How long did you wait for those two extra machines? Did you check the system times on them to be sure they are syncronized with the server? Are the two machines in the same network or is there a firewall between them and the WUS server?
I hope you find this post helpful. Please let me know if it was.
Regards,
Mark
Another advantage of not using auto update..
Should a patch be detrimental to a machine(s) you have the ability not to approve it for distribution, such as a patch which was release a couple of months back which only caused problems running 16 bit programs on my Terminal services servers.
Should a patch be detrimental to a machine(s) you have the ability not to approve it for distribution, such as a patch which was release a couple of months back which only caused problems running 16 bit programs on my Terminal services servers.
Mark,
Waited over 24 hrs. I changed the way clients are handled in the meantime (GP assigned groups). The existing machines changed groups in the WUS but the other two still didn't show up. I am pretty sure the two that did show up are more "current" than the other two (in terms of patches) I am wondering if there is something I need to deploy first for the two "non-shows" to appear?
Also, is SP2 deployment over WUS reliable?
TIA.
Marty
Network Admin
Hilliard Schools
Waited over 24 hrs. I changed the way clients are handled in the meantime (GP assigned groups). The existing machines changed groups in the WUS but the other two still didn't show up. I am pretty sure the two that did show up are more "current" than the other two (in terms of patches) I am wondering if there is something I need to deploy first for the two "non-shows" to appear?
Also, is SP2 deployment over WUS reliable?
TIA.
Marty
Network Admin
Hilliard Schools
Marty, make sure that those clients have the latest Windows Update Software. Been a while since I got to mess with the WUS Beta but I do recall that there was a requirement for the client software.
SP2 should not be a problem. Make sure you have updated your server's ADM files so you can manage the SP2 settings via GPO.
I hope you find this post helpful. Please let me know if it was.
Regards,
Mark
SP2 should not be a problem. Make sure you have updated your server's ADM files so you can manage the SP2 settings via GPO.
I hope you find this post helpful. Please let me know if it was.
Regards,
Mark
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
