Solved

WSUS - Possible to approve for installation multiple updates simultaneously but only the ones *needed* by computers?

Posted on 2006-06-17
12
447 Views
Last Modified: 2008-02-01
Well, the subject pretty much says it all.

One WSUS server set to approve everything for "Detection".  Leave it for a couple of days after installation for it to synchronise and machines to report in, and it has now informed me that a lot of machines need patching - out of ~500 updates available, ~100 of them are needed by computers.

Ok, so rather than download 500 updates (which will eat up the space on our server), I would like to approve for download and installation ONLY the 100ish updates needed.  Problem is, I can't see how to do this en masse.  

- I can see how to show the updates needed by computers, but can only select and approve them one at a time.
- I can see a screen of updates where I can approve multiple updates at the same time, but can't see which ones are needed by computers?

So - How can I do what I want to achieve?  

Thanks for the help - hope the above makes sense.  Would like a fast answer if possible, but I realise this may be a tricky one to resolve so I am offering the maximum of 500 points ;)

0
Comment
Question by:wasc
12 Comments
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 16928426
You can hold the shift key and use the down arrow to move down the list, this will select multiple updates, you can also hold the ctrl key and select the updates you want to approve.  

I beleive you can also filter by wether the updates are needed or not and then appprove/ decline based on this filter.  Sorry don't have my WSUS server handy, but if you don't have the answer you want by Monday I will post more details.


eb
0
 
LVL 69

Expert Comment

by:Merete
ID: 16929102
Hi wasc this is not a simple question,
To answer one question at a time, only you know what is installed on the clients machines so I guess you woudl have to decide what is important
updates cover everything from new drivers to security to validation etc.
Maybe you could assign all these clients to the same workgroup Name..  temporarily power user or some such, some kind of operator then you logon to the server add the updates to this group.

Here is a list of all the known updates patches for all operating systems so you could start by manually downloading the necessary ones.
OS Updates: Patches & then some...http://www.techspot.com/tweaks/updates/
Merete




0
 
LVL 23

Accepted Solution

by:
Erik Bjers earned 500 total points
ID: 16929801
You can find out what updates need to be installed by looking at the reports.

Easiest solution:

1) Approve every update you want installed on your network reguardless if they are needed by client or not
2) Go to Options -> Syncronize options -> Advanced button at the end of the page
3) Select 'Do not store updates localy...' at the top of the window

This way the updates will not be downloaded to your server, you can still control what updates are applied to your network, but your clients will download there updates directly from MS.

eb
0
 

Author Comment

by:wasc
ID: 16934644
ebjers - regarding your comment on being able to hold down shift e.t.c - afraid that doesn't work.

On the view where it lists all the available updates, what you described worked, however on the view where you see "needed updates" the method doesn't work.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 23

Expert Comment

by:Erik Bjers
ID: 16934745
I found that out myself when I tried it this morning.  I know when I first set up my WSUS server I just sat there and approved updates till I was done...

The other method I mentioned should work for you

eb
0
 
LVL 9

Expert Comment

by:Krompton
ID: 16936286
When you open the web interface (http://YOURWSUSSERVER/wsusadmin/) and click the Updates icon you CAN select multiple updates with the shift/ctrl keys and change approval for those selected. Just like ebjers first posted. If this doesn't work WSUS may have been setup incorrectly.

What kind of Bandwidth do you have available? Are your users 24/7?

Krompton
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 16936320
I think the problem is he only wants to approve the updates that are needed to avoid downloading all the other updates (to save space).  The updates screen dosen't tell you if the update is needed or not.  The place where you can't hold shift/ctrl to select more than one is in the reports screen that will tell you what updates are needed.  Hence the idea of approving all updates and then allowing them to install from microsoft's server
0
 
LVL 9

Expert Comment

by:Krompton
ID: 16937245
You would have of make note of those needed from each screen then pick them out from the main screen. Sorry about my failure to RTFQ, my bad. :)

If you create a seperate update group and select auto-install for that group WSUS will only download those that are needed for the computers in that group. Provided all 500 are not ones that all the machines can use.

Krompton
0
 
LVL 6

Expert Comment

by:engineer_dell
ID: 16938827
Hi Wasc,

When you approve an update for detection, the update is not installed. Instead, WSUS checks whether the update is compliant with or needed by computers in the groups you specify for the Detect only approval option in the Approve Updates dialog box. The detection occurs at the scheduled time that the client computer communicates with the WSUS server. You can see the result of the detection either in the Status of Updates report or on the Updates page, by clicking the Status tab for a specific update. In either case, the information you need will appear in the Needed column, which represents the number of computers that have been detected as needing a particular update. If the client computer does not need the update, the number in Needed is zero.

To automatically approve multiple updates for installation (not "detection only")
 
 1.  On the WSUS console toolbar, click Options, and then click Automatic Approval Options.
 
2.  In Updates, under Approve for Installation, select the Automatically approve updates for installation by using the following rule check box (if it is not already selected).
 
3.  If you want to specify update classifications to automatically approve during synchronization, do the following:

• Next to Classifications, click Add/Remove Classifications.
 
• In the Add/Remove Classifications dialog box, select the update classifications that you want to automatically approve, and then click OK.
 
 
4.  If you want to specify the computer groups for which to automatically approve updates during synchronization:

• Next to Computer groups, click Add/Remove Computer Groups.
 
• In the Add/Remove Computer Groups dialog box, select the computer groups for which you want to automatically approve updates, and then click OK.
 
 
5.  Under Tasks, click Save settings, and then click OK.

For more information read this article it has everything about WSUS,

http://technet2.microsoft.com/WindowsServer/en/Library/89a56c89-a7df-4316-96a0-e8e342ecf4a81033.mspx?mfr=true

Regards,
Engineer_Dell
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Sometimes a user will call me frantically, explaining that something has gone wrong and they have tried everything (read - they have messed it up more and now need someone to clean up) and it still does no good, can I help them?!  Usually the standa…
Windows 10 is here and for most admins this means frustration and challenges getting that first working Windows 10 image. As in my previous sysprep articles, I've put together a simple help guide to get you through this process. The aim is to achiev…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now