Question

WSUS Scheduling

Asked by: Naerwen

All,

    I am asking this question for a second time:

We have a single 2K3 AD Domain with 500 - 800 clients. Does anyone have any suggestions as to how to schedule the ALL clients to update once within a 30 day period?

and

... "These articles should help you out
http://windowsitpro.com/article/articleid/101622/how-to-configure-a-branch-office-wsus-server-to-get-approvals-centrally-but-download-updates-from-microsoft-update.html

http://technet.microsoft.com/en-us/library/cc720448.aspx

http://technet.microsoft.com/en-us/updatemanagement/bb245853.aspx ... "

is not considered an answer.

We have the WSUS application installed( 2K3 server with a 2005 SQL Database in a Simple Installation scenario) . We are about to rollout to our test environment.

If any real experts need additional information, I will be engaged and ready to deliver.

Thank you all in advance,

Naerwen


This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-08-11 at 07:47:51ID24643301
Tags

WSUS

,

Server 2003

Topics

Server Applications

,

Windows 2003 Server

,

Computer Servers

Participating Experts
4
Points
500
Comments
16

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. WSUS Rollout DST for Windows XP
    WSUS Updates.. I don't see the XP update for the DST time KB928388 Also, I noticed in the options for sync that the last sync will be March 11 at 2:00 a.m. Any suggestions how to rollout this update? and fix my WSUS options?
  2. Best practice for WSUS deployment in branch offices
    Hi, I've been asked to install WSUS on some branch servers (4 branches and 1 main office). Each office has a number of desktops, a DC and a number of laptop users that are based at the office but may plug into the network at another office. I'm OK with installing WSUS but w...
  3. WSUS Automatic Approvals
    I would like to know the role of WSUS Approve the Updates. I just thought if there is a GPO for automatic updates set up the WSUS "Approve the updates" option has no effect example: in GPO if you select "Autodownload and schedule the install" even if you d...
  4. How to configure WSUS with multiple WSUS Servers and B…
    This is most likely a very simple task.. I am setting up for the first time WSUS on our network. We have over 40 branches.. I want one master WSUS server that downloads the updates from Microsoft.. I then want to distribute those updates to branch servers (downstream serve...
  5. WSUS scheduling question
    All, We have a single AD domain with about 500+ users and about 200 servers(2000 - 2k3 R2). Our applications are spread from custom in house apps to the MS Dev Studio. I have successfully implemented WSUS in a 50 user environment. So I am not that new to WSUS. That said my q...
  6. WSUS approval procedures.
    Hello all, I've been trying to get some definite answers on a couple of wsus scenarios and can't seem to find anything definitive. So I'm asking for some help on either finding Microsoft's official answers to these questions or answers based on the experience of the experts...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: BytyPosted on 2009-08-11 at 08:11:21ID: 25069962

You can approve the updates with Deadline... and at that date the patches WILL BE FORCE to be installed. If a computer is not on at that date the first time it will be started the patches will be depolyed!

 

by: pzozulkaPosted on 2009-08-11 at 08:25:14ID: 25070128

I'm sure you have considered this already, but are you aware of the implications and stress you're putting on your network when rolling multiple updates to 800 machines at once? You are essentially putting GBs of data on the wire.

For medium size businesses and above, it is recommended to spread out WSUS among OUs. For example, one OU will have a GPO to update machines at 8am. Another will have a GPO set to run at 9am, and so on.

 

by: NaerwenPosted on 2009-08-11 at 08:30:45ID: 25070191

Pzozulka,

    Yes I have considered this. In fact, that is the point of my question. I have so many workstations spread out all over my state (70 locations) that I am a bit overwhelmed with scheduling the updates. We, have at least, a T1 or better to each location. Additionally, each location only has, at most, 7 workstations. The bulk of the workstations are at the main office and a few other satellite offices.

Those things said, my latest tasking order in all this is to come up with the OU structure and scheduling within the GPOs.

 

Thank you,

Naerwen

 

by: pzozulkaPosted on 2009-08-11 at 09:48:47ID: 25070975

In your situation, I would structure my OUs based on geographical locations at the parent level. Then sub-OUs (i.e. Sales, Marketing, etc.) as child OUs.

As a side-note, structuring OUs based on geographical locations can also be useful to allow delegations. For example, you hire a new Network Admin for 1 of the offices in your state, but you don't want to give him Full Admin rights to control your entire AD structure. In this situation, you could allow Delegations to that new Admin for only his "GEOGRAPHICAL OU".

Getting back to main point.

Your parent OUs, as I mentioned earlier, should be based on your geographical locations. This way, you can assign Group Policy settings to have machines Automatically install updates at 8am for OU A, 9am for OU B.

 

by: BytyPosted on 2009-08-11 at 09:53:43ID: 25071020

The AD structure does not need to be the same with the OU Structure...
If he has the servers so dpred... and in some location he do not have bandwitch... is better to create groups with 1-2 computers form evry location.. so the bandwitch will not all be used.. when patches are sent to the computer...

 

by: NaerwenPosted on 2009-08-11 at 11:48:12ID: 25072066

All,

     For the remote facilities, I have selected an OU structure that is semi-geographical (I.E Northern Area, Southern Area, Easter .... etc) . I have been doing some throughput tests and found that I should be OK ... for the most part to the, even, to the most remote location (which acutally has an OK connection).

Now, regarding my "main office and a few other satellite offices" ... I am running a few throughput tests now.  I will let this thread know the results when I am done.

 

I would still like to hear ideas on HOW to schedule the 500 - 800 clients so they update once a month.

 

Thank you,

Naerwen

 

 

by: dstewartjrPosted on 2009-08-11 at 12:02:40ID: 25072219

My bad, ignore my previous two comments

 

by: dstewartjrPosted on 2009-08-11 at 12:14:20ID: 25072317

Ok, here's hopefully a better idea(sorry for the duplicate info)

Using the script on this page http://www.vbshf.com/vbshf/forum/forums/thread-view.asp?tid=199&start=1

you could use a scheduled task that runs once a month

 

by: dstewartjrPosted on 2009-08-11 at 12:34:32ID: 25072499

Here's another idea, if you set your wsus to synchronize manually(download updates from microsoft) and use this script in a scheduled task once a month http://www.peetersonline.nl/index.php/powershell/synchronize-wsus-with-powershell/

Then your clients will only get updates once a month.

 

by: deaditePosted on 2009-08-11 at 13:12:37ID: 25072842

I doubt you have an extra server at each location, so you probably don't have the option to roll out WSUS to each site.  I assume, from what I'm seeing above, you have a VPN or something connecting each site Point to Point?  I'm also going to assume all your workstations are on the Domain and authenticate to AD across the WAN?

The good news is, you have under 10 computers per location.  I'm guessing since the offices are small, people are gone at night.  I'd suggest you use your WSUS server to push out your GPO's for When and how to apply the updates, but have each computer grab it direct from Microsoft (Except the location that has the WSUS server, use that server to push it just there).  Have your WSUS synchronize daily and push the updates out whenever it makes the most sense.  So, if no one is in the office past 5pm, push it out at 6 when no one's on, or on a weekend if no one's there.

As for the AD structure, I'd recommend a top level OU ("Computers"), and have each site listed under that.  I really wouldn't make any further sub OU's, as that'll become a nightmare if you ever drill down in the OU's, or run scripts, etc.  Also, since this is across your WAN make sure you keep your Users and Computers in seperate top level OU's, then set the computer GPO's to only process the Computer portion (Saves bandwidth and time).

You'll want to configure bits to use no more than 10mbps during working hours (8-5pm) so updates never affect bandwidth during operating hours.  After hours, let it go.  You didn't mention if your workstations where XP or Vista.  If they're Vista, great news.... Bits is able to pull updates from other Vista machines to save even more bandwidth.

I've implemented a similar setup (although not quite so many sites) and it's been working pretty well.  If you need more detailed explanations let me know.

 

by: NaerwenPosted on 2009-08-11 at 13:29:55ID: 25073048

deadite,

     Apologies....

I assume, from what I'm seeing above, you have a VPN or something connecting each site Point to Point?

>>>Yes. We have T1 connectivity (or better ... 1 or 2 are a fractionals but that's it.) connecting the remote location to our main office.

I'm also going to assume all your workstations are on the Domain and authenticate to AD across the WAN?
>>>Yes. That is correct. AD authentication occurs over the WAN links at the main office.

 

I'm guessing since the offices are small, people are gone at night.

>>>Yes. The staff are gone for the evening.

You'll want to configure bits to use no more than 10mbps during working hours (8-5pm) so updates never affect bandwidth during operating hours.  After hours, let it go.  You didn't mention if your workstations where XP or Vista.  If they're Vista, great news.... Bits is able to pull updates from other Vista machines to save even more bandwidth.
>>> I found this:  http://technet.microsoft.com/en-us/library/cc782096(WS.10).aspx#BKMK_custom_settings ... but I must not be looking in the right place ... or am I?

Thank you,

Naerwen

 

by: NaerwenPosted on 2009-08-11 at 13:31:58ID: 25073076

deadite,

Also, all machines are XP...except for 1 (Win 2K)  ... that's another story. ;)

 

by: dstewartjrPosted on 2009-08-11 at 13:38:33ID: 25073163

This is the article on configuring Bits

http://technet.microsoft.com/en-us/library/cc720428(WS.10).aspx

 

by: deaditePosted on 2009-08-12 at 06:03:20ID: 25078259

If you open Group Policy Management, here's a quick sample of configuring a GPO to use WSUS and configuring Bits

Computer Configuration					
	’Administrative Templates				
		’Windows Components			
			’Windows Update		
			Specify intranet Microsoft update service location: Enabled		
				Set the intranet update service for detecting updates: http://server	
				Set the intranet statistics server: http://server	
					
Computer Configuration					
	’Administrative Templates				
		’Network			
			’Background Intelligent Transfer Service		
			Maximum network bandwidth that BITS uses: Enabled		
				Limit BITS transfer rate (Kbps) to: 10	
				From: 9 AM	
				to: 5 PM	
				At all other times: Use all available bandwidth	
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:

Select allOpen in new window

 

by: NaerwenPosted on 2009-08-12 at 12:35:44ID: 25082062

deadite,

    We are testing this now. I will let this thread know the out come as soon as I have results.

Thanks,

Naerwen

 

by: NaerwenPosted on 2009-08-20 at 05:27:49ID: 31614235

I would like to thank EVERYONE who participated in this discussion. All answers given were VERY informative. My decision on the points spread is based on whether or not the answer was used in someway for the implementation. I would also like to add, that we have successfully found a schedule for the first 100+/- clients and are now moving forward with the rest. Again, thank you all.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...