Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

WSUS

Status
Not open for further replies.
78mike78

78mike78

MIS
Joined
Feb 14, 2008
Messages
70
Location
US
Is it okay to run WSUS on a DC in a 2DC enviroment?
 
Sort by date Sort by votes
I wouldn't for a couple of reasons unless you have a way powerfull dc that is idle a lot.

WSUS installs SQL Server to manage it's database.
WSUS has a huge data storage requirement.
WSUS can consume a lot of bandwidth (all the clients connecting) on patch day.
 
Upvote 0 Downvote
It does depend on your setup and how many clients it will be servicing if these are your only servers then it's better than not running WSUS at all. We don't run it on a DC but our WSUS box runs on a 1Ghz P3 box with 1Gb of RAM and it services 450 clients without any problems.

We deploy patches for Win2k, XP, 2003, Office 2003 and SQL 2005 and the storage space for the patches is 11Gb, we don't distribute service packs from the WSUS.
 
Upvote 0 Downvote
Nice porkchops,
I have a question, is there a way for it not to prompt to restart.. i know u can tell it to prompt every 30 minutes..but i was trying to make it not prompt at all. Our users dont leave their computers on becasue of CO policy, so i dont know how to deal with the install and restart options.
 
Upvote 0 Downvote
For client computers yes. In group policy you can enable the "No auto-restart with logged on..." and disable the "Re-prompt..." options under Computer Configuration > Administrative Templates > Windows Components > Windows Update.
 
Upvote 0 Downvote
IS sql suppose to be running. I have the SQL icon, but says not connected?
 
Upvote 0 Downvote
The SQL Agent Monitor doesn't need to be running, but there should be a service called "Windows Internal Database..." running in your services.
 
Upvote 0 Downvote
Thanks, How do you do Office updates, or do you think its a better not to even do them that way. Also, how do you guys set the WSUS to update once a month,,,150 PCs all are shutdown after 6:00pm
 
Upvote 0 Downvote
Once a month is going to really slow your computers down depending on how large or how many updates are storing ready to be rolled out. Secondly, all you will need to do is approve the updates you want or if you already have it set to auto approve the updates, when you are ready have them install, release the updates. I think i may have answered most or all of your question.

Do not pray to have an easier life, pray to be a stronger man!!!

B.S. Computer Information Systems
Masters of Information Technology in Network Security
CompTIA A+, Net+, Security+
MCSE: Security

MCITP: Exchange Server 2007 (Pending)
MCITP: Server 2008 (Pending)
MCTS: Windows Vista (Pending)
 
Upvote 0 Downvote
Office updates can be selected and approved in the latest version of WSUS server. So thats no problem to push those out to your desktops as well.

As far as once a month updates, I would recommend the automatic updates to run during lunch time and when they shutdown their computers it will installed the updates.
 
Upvote 0 Downvote
Good answer..thought i was a bit close, but you clarified that.

Do not pray to have an easier life, pray to be a stronger man!!!

B.S. Computer Information Systems
Masters of Information Technology in Network Security
CompTIA A+, Net+, Security+
MCSE: Security

MCITP: Exchange Server 2007 (Pending)
MCITP: Server 2008 (Pending)
MCTS: Windows Vista (Pending)
 
Upvote 0 Downvote
Thanks GUys, i apriciate all your advices.
One last question,
How do you know what to approve? I mean as far a detect only option, i know that it means it detects it only, but unless there is an issue with an update per microsoft, would it be a good idea to have it approve automatically.
Example, we have a third party app that doesnt support IE 7 or i disapproved anything wiht IE7 in the update....
 
Upvote 0 Downvote
I am trying to figure out what the detect option is for? it detects, but why not detect and install..
 
Upvote 0 Downvote
First, what version of WSUS are you using? Have you updated to 3.0? Second, SUS only detects not approved updated. This features does just that, detects updates to send to clients. Once you approve the updates, the clients will only receive the approved updated and not the detected updates, which would be all updates if set this as an option.

Now, i do not know where stand as far as security and infrastructure, but best rule of thumb for any updates to release any updates in a test environement or test client to be sure that the updates do not affect the test user. If everything is okay, roll out your updates. This has always saved me from major mess up...TEST, TEST, TEST. If you have your Security+, it emphasizes this rule of thumb.

Do not pray to have an easier life, pray to be a stronger man!!!

B.S. Computer Information Systems
Masters of Information Technology in Network Security
CompTIA A+, Net+, Security+
MCSE: Security

MCITP: Exchange Server 2007 (Pending)
MCITP: Server 2008 (Pending)
MCTS: Windows Vista (Pending)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

antonio_dsanchez
  • Locked
  • Question Question
post-installation WSUS windows server 2016
Replies
0
Views
748
antonio_dsanchez
antonio_dsanchez
Leozack
  • Locked
  • Question Question
WSUS activity history
Replies
0
Views
246
Leozack
Leozack
axilleas
  • Locked
  • Question Question
Windows server 2003 WSUS
Replies
0
Views
232
axilleas
axilleas
HKNinja
  • Locked
  • Question Question
Client PCs are not showing up on WSUS in Windows Server 2012
Replies
0
Views
271
HKNinja
HKNinja
mspope
  • Locked
  • Question Question
WSUS no computers reporting
Replies
1
Views
306
mspope
mspope

Part and Inventory Search

Sponsor

Back
Top