Posted on 2006-03-30
WSUS does not seem to be updating the machines on our network on a regular basis and I need help configuring it to work properly. Here is my existing configuration:
1. WSUS is controlled by GPO; servers are set to #3, workstations are set to #4 and I have a separate OU for new builds set to #3. All are set to every day.
2. WSUS sees all the machines and there does not seem to be any problem with communication.
3. WSUS is running on a server using MSDE (will transfer to SQL soon).
4. I can see the patches that need to be applied to machines from day to day, but patches do not appear to be applied. On one server the last patch applied was 3-2-2006, even though the server has been rebooted recently. However, the WSUS last updated date is recent.
Here are my problems:
1. How can I get WSUS to update machines on a regular basis? I want to be able to control updates and apply them immediately if needed.
2. What are all the relevant switches for wuauclt.exe (i.e. wuauclt /detectnow). What operating systems will wuauclt.exe work on (i.e. XP, 2000, etc.)?
3. How can I tell if a patch is waiting for a restart to be applied? How can I tell if it has been downloaded to a machine?
4. I have tried to use wuauclt /detectnow on some of the clients in the seprate OU I mentioned above but get no action I can see at the workstation.
5. How do I get rid of the Unknown patches? If I just set patches to install into each computer group, apparently WSUS will determine which client in which group needs the patch and ignore the rest? I don't really need to set patches to install to certain groups? How does this work exactly?
6. If I need to apply a patch immediately, do I have to modify the GPO? By this, I mean modify the GPO to a time just beyond the time (90 minutes?) it takes for all clients to update their GPO settings?
7. What settings should I use to update my workstations once every day?