Tyson0317
asked on
Alternatives to Windows Update as a WSUS client?
I recently started to play around with Microsoft WSUS (Windows Server Update Services) - it does exactly what I need - with our 50+ machines, running updates really bogged down our pipe; having a local update server is a novel idea!
One thing that sucks is the client aspect of it. From the reading that I have done, it looks like the built-in Automatic Update Manager has to be used and is configured via either Domain Policy or Registry. This seems really backwards to me... Having it scheduled and automated is a good option, but I would like a client that has an "Update Now" button that I can push or a local website that I can go to instead of windowsupdate.microsoft.co
Are there any 3rd part clients that will let me do this? Or is the Automatic Update Manager the only way that I can update my machines?
One thing that sucks is the client aspect of it. From the reading that I have done, it looks like the built-in Automatic Update Manager has to be used and is configured via either Domain Policy or Registry. This seems really backwards to me... Having it scheduled and automated is a good option, but I would like a client that has an "Update Now" button that I can push or a local website that I can go to instead of windowsupdate.microsoft.co
Are there any 3rd part clients that will let me do this? Or is the Automatic Update Manager the only way that I can update my machines?
Mal Osborne
At a command prompt, on a client PC type "WUAUCLT /DETECTNOW" & it will kick off a detect cycle. In theory you could link a script to a shortcut & make your own "update now button" on the desktop. Open c:\windows\windowsupdate.l
If you knew how many questions come into EE each month that are caused by defective "live updates" that MS delivers that Kills some PCs dead, you would rething the whole live update debacle. I tell all customers to turn off live updates, and that includes the servers. With decent firewalling you actually don't need them, you can go from SP2 to the MAJOR update package if you want, or stay with SP2.
To set up a whole server just to orchestrate the NW delivery of what might be defective "live" updates that will render your NW computers "dead" is a supreme waste of time. Consider this -- have someone check each 2-3 months what MAJOR packages MS makes to bundle all updates into a single package. If it is WELL TESTED free of defects, and seems worthwhile, simple DL that file to a single server. Then push it to the clients. You can save 2x administrative hassles on windows problems by ignoring "live" updates, including rendering network computers inoperative by M$ adding spyware to its updates.
To set up a whole server just to orchestrate the NW delivery of what might be defective "live" updates that will render your NW computers "dead" is a supreme waste of time. Consider this -- have someone check each 2-3 months what MAJOR packages MS makes to bundle all updates into a single package. If it is WELL TESTED free of defects, and seems worthwhile, simple DL that file to a single server. Then push it to the clients. You can save 2x administrative hassles on windows problems by ignoring "live" updates, including rendering network computers inoperative by M$ adding spyware to its updates.
ASKER
I am in total agreemtns with Scar. When I was at MSFT managing a 6000+ server farm, EVERYTHING in there was 9-14 months behind what was posted to Live Update and installing something not on the approved list was grounds for termination. They will not install their updates on their own systems - they want the public to test them first!
That being said, the cool thing about WSUS is that you get to choose which updates to "approve" and which to decline... We dont blanket-install that garbage...
That being said, I am trying to make it a bit less retarded... MSFT could have made a nice neat client to work with this stuff, run it as a service, build a schedule into it and make it easy to use, but that would be too easy. Instead you need to tweak 25+ registry keys and go through pages of verbouse logs to see what the hell its doing...
That being said, the cool thing about WSUS is that you get to choose which updates to "approve" and which to decline... We dont blanket-install that garbage...
That being said, I am trying to make it a bit less retarded... MSFT could have made a nice neat client to work with this stuff, run it as a service, build a schedule into it and make it easy to use, but that would be too easy. Instead you need to tweak 25+ registry keys and go through pages of verbouse logs to see what the hell its doing...
"MSFT could have made a nice neat client to work with this stuff, run it as a service, build a schedule into it and make it easy to use, but that would be too easy. Instead you need to tweak 25+ registry keys and go through pages of verbouse logs to see what the hell its doing..."
Hey, MS is not working for YOUR benefit, they worship the almighty $$ and that is all that drives their corporate objectives -- how much $$ they can amass.
"cool thing about WSUS is that you get to choose which updates to "approve" and which to decline."
The only thing "cool" about it is your CPU temperature when the system dies. You do NOT have to agree with me, this is just my experience, but in my experience, if M$ is offering you something they say you need, that is instant grounds to immediately reject it. Therefore, DECLINE EVERYTHING, PERIOD. THat is what I l tell my customers to do, and they have almost no problems at all.
As I said, you don't have to agree with anything I say about "live killer updates", nor give me any points, it is just my experience that has led me to this conclusion.
Hey, MS is not working for YOUR benefit, they worship the almighty $$ and that is all that drives their corporate objectives -- how much $$ they can amass.
"cool thing about WSUS is that you get to choose which updates to "approve" and which to decline."
The only thing "cool" about it is your CPU temperature when the system dies. You do NOT have to agree with me, this is just my experience, but in my experience, if M$ is offering you something they say you need, that is instant grounds to immediately reject it. Therefore, DECLINE EVERYTHING, PERIOD. THat is what I l tell my customers to do, and they have almost no problems at all.
As I said, you don't have to agree with anything I say about "live killer updates", nor give me any points, it is just my experience that has led me to this conclusion.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
WSUS is in geneal a piece of CR@P! It does not work and via about a dozen or so people that I have talked with on this now, nobody has had good success with it... Via following these steps, we did get it to work sometimes but never consistently...
"WSUS is in geneal a piece of CR@P! It does not work and via about a dozen or so people that I have talked with on this now, nobody has had good success with it"
which is EXACTLY what I said in my comment above, but in different words. Yet no "solution". ???
which is EXACTLY what I said in my comment above, but in different words. Yet no "solution". ???
ASKER
You are right man, I should have at least split those... I got a warning from the admins wanting to shut down my account because we had this and a few other questions abandoned - this was so long ago that I didnt re-read the whole thread before giving credit. I'll get you next time :-) we are going to update/award points more diligently now - I didnt know that anyone really cared about those...