Alternatives to Windows Update as a WSUS client?

I recently started to play around with Microsoft WSUS (Windows Server Update Services) - it does exactly what I need - with our 50+ machines, running updates really bogged down our pipe; having a local update server is a novel idea!

One thing that sucks is the client aspect of it. From the reading that I have done, it looks like the built-in Automatic Update Manager has to be used and is configured via either Domain Policy or Registry. This seems really backwards to me... Having it scheduled and automated is a good option, but I would like a client that has an "Update Now" button that I can push or a local website that I can go to instead of windowsupdate.microsoft.com...

Are there any 3rd part clients that will let me do this? Or is the Automatic Update Manager the only way that I can update my machines?
Tyson0317Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mal OsborneAlpha GeekCommented:
At a command prompt, on a client PC  type "WUAUCLT /DETECTNOW" & it will kick off a detect cycle.  In theory you could link a script to a shortcut & make your own "update now button" on the desktop.  Open c:\windows\windowsupdate.log to see the result of the detect cycle. It's a bit verbose & cryptic, but you should be able to glean some usefull information from it anyway.
0
scrathcyboyCommented:
If you knew how many questions come into EE each month that are caused by defective "live updates" that MS delivers that Kills some PCs dead, you would rething the whole live update debacle.  I tell all customers to turn off live updates, and that includes the servers.  With decent firewalling you actually don't need them, you can go from SP2 to the MAJOR update package if you want, or stay with SP2.

To set up a whole server just to orchestrate the NW delivery of what might be defective "live" updates that will render your NW computers "dead" is a supreme waste of time.  Consider this -- have someone check each 2-3 months what MAJOR packages MS makes to bundle all updates into a single package.  If it is WELL TESTED free of defects, and seems worthwhile, simple DL that file to a single server.  Then push it to the clients.  You can save 2x administrative hassles on windows problems by ignoring "live" updates, including rendering network computers inoperative by M$ adding spyware to its updates.
0
Tyson0317Author Commented:
I am in total agreemtns with Scar. When I was at MSFT managing a 6000+ server farm, EVERYTHING in there was 9-14 months behind what was posted to Live Update and installing something not on the approved list was grounds for termination. They will not install their updates on their own systems - they want the public to test them first!

That being said, the cool thing about WSUS is that you get to choose which updates to "approve" and which to decline... We dont blanket-install that garbage...

That being said, I am trying to make it a bit less retarded... MSFT could have made a nice neat client to work with this stuff, run it as a service, build a schedule into it and make it easy to use, but that would be too easy. Instead you need to tweak 25+ registry keys and go through pages of verbouse logs to see what the hell its doing...
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

scrathcyboyCommented:
"MSFT could have made a nice neat client to work with this stuff, run it as a service, build a schedule into it and make it easy to use, but that would be too easy. Instead you need to tweak 25+ registry keys and go through pages of verbouse logs to see what the hell its doing..."

Hey, MS is not working for YOUR benefit, they worship the almighty $$ and that is all that drives their corporate objectives -- how much $$ they can amass.

"cool thing about WSUS is that you get to choose which updates to "approve" and which to decline."

The only thing "cool" about it is your CPU temperature when the system dies.  You do NOT have to agree with me, this is just my experience, but in my experience, if M$ is offering you something they say you need, that is instant grounds to immediately reject it.  Therefore, DECLINE EVERYTHING, PERIOD.  THat is what I l tell my customers to do, and they have almost no problems at all.

As I said, you don't have to agree with anything I say about "live killer updates", nor give me any points, it is just my experience that has led me to this conclusion.
0
ShineOnCommented:
I would suggest that Microsoft didn't do altogether totally crappy with wsus (I wish they'd kept the original name, Windows Update Services - WUS - hehe) and when you're talking about wanting to make sure all the computers in your environment are patched with at minimum all the critical vulnerability patches that don't break too much, you need something that you don't rely on Joe User to click an icon to initiate updates.

I always thought of their BITS / Automatic Updates process as a bit of a vulnerability, especially if you leave it configured to get updates from the Microsoft site - but the concept of WUS and the update client process isn't too far from the concept behind other patch management tools like Patchlink.  You want central control and the ability to push priority updates immediately.  Problem with WSUS is you have to make damn sure the patches you approve won't break functionality or cause more problems than they are meant to fix.

Too many folx just put WSUS in place and auto-accept all critical updates, damn the torpedoes - and that's because companies don't want to pay the bucks to have a patch-management guru team with a bunch of hardware and software and people resources tied up in testing all the patches before they get approved - it doesn't add to the bottom line to do it "right."  You'd have to at least dedicate one guy to reading the bulletins for each patch, to at least determine whether the vulnerability it's supposed to fix applies to your environment before taking the risk of breaking critical apps.

If you're that big that your company's IT staff can justify a patch testing and approval team, you'd probably have a much better tool than WSUS anyway - like Patchlink.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Tyson0317Author Commented:
WSUS is in geneal a piece of CR@P! It does not work and via about a dozen or so people that I have talked with on this now, nobody has had good success with it... Via following these steps, we did get it to work sometimes but never consistently...
0
scrathcyboyCommented:
"WSUS is in geneal a piece of CR@P! It does not work and via about a dozen or so people that I have talked with on this now, nobody has had good success with it"

which is EXACTLY what I said in my comment above, but in different words.  Yet no "solution".  ???
0
Tyson0317Author Commented:
You are right man, I should have at least split those... I got a warning from the admins wanting to shut down my account because we had this and a few other questions abandoned - this was so long ago that I didnt re-read the whole thread before giving credit. I'll get you next time :-) we are going to update/award points more diligently now - I didnt know that anyone really cared about those...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.