Correction: ... any *patch* that's approved and not yet on the server ... -----Original Message----- From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Thursday, November 17, 2011 11:02 PM To: NT System Admin Issues Subject: RE: Been a while since I set up WSUS, and I have an operational question
When you approve a patch to be installed, you are approving it for clients to install. The downloading to the WSUS server is automatic - any client that's approved and not yet on the server, is downloaded to the server almost immediately upon approval. Then WSUS clients download from the WSUS server and apply patches per the schedule and rules established by group policy. Carl -----Original Message----- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, November 17, 2011 8:39 PM To: NT System Admin Issues Subject: Been a while since I set up WSUS, and I have an operational question All, I'm dealing with our AU office, trying to satisfy their requirements for patching their servers, and I'm running into a bit of a bind. They have a very long backup window on the weekend (23:00 Friday to roughly noon Monday, local time). This makes it a bit tricky to stage the patches, because they have a fairly high-latency link, and no WSUS server in their office. Compounding the problem is that their 17:00 Friday is our 23:00 Thursday, and the way WSUS does its updates is by client polling, rather than a push, and that makes the interactions between variations in client polling times, who's logged onto a machine, and variations in download times required for patches from the US office make it just a bit too random for comfort. I don't want to kill one of their week night backups if I can help it, and I don't have resources in that office at the moment to install WSUS in the AU office. I thought I saw at some point in the documentation that I could approve patches for download in WSUS, but it seems that it's only downloading to the WSUS server, not to the client, now that I've gone back and read through what seem to be the relevant portions of the document. Am I correct on the above - cannot approve downloads to clients? Ultimately I'm hoping SCCM will fix this, but we're at least 6-9 months out from implementing that. I don't want to try to stage monthly patches manually - I have minions who should be pulling the triggers on patching, and they're not yet sophisticated enough to pull off identifying all of the relevant patches and chaining them, etc., nor do I want them to have to RDP to 5-6 servers individually to visit MSFT's update site, as that would get old quickly. If anyone has some thoughts on this, I'd be all ears. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin