How to use WSUS
I have just installed and configured WSUS 3 and would like some pointers on how best to use it.
Windows Server 2003 SP2
My one test machine picks up date GPO "Update Server" change.
It showed up in Unassigend Computers. I assigned it to a group then changed my mind and unassigned it. Now it doesn't show up at all any more. (Even though total computers shows 1).
Searching for it yields nothing.
The missing machine can still access HTTP://Server/SelfUpdate/iuiDent.cab
I'm also confused by the amount of updates available that are awaiting approval.
21911 updates are in the list.
Selected Products:
Office 2003
Silverlight
SQL Server 2005
SQL Server Feature Pack
SQL Server
Windows Defender
I.E. 8 Dynamic Installer
Windows Server 2003
XP
Selected Classifications: (Automatically approved)
Critical Updates
Definition Updates
Security Updates
Service Packs
Only English updates is selected
Also using Local storage with "Download update files to this server only when updates are approved".
Update Services handles computer group membership
One other things springs to mind..... Am I supposed to configure the servers to also use the WSUS server including the WSUS server itself?
This is the resource I used to deploy and configure:
http://www.microsoft.com/downloads/details.aspx?familyid=C8FA2FD1-72F6-4F19-A1B0-F689DAE14BE6&displaylang=en
Cheers
Windows Server 2003 SP2
My one test machine picks up date GPO "Update Server" change.
It showed up in Unassigend Computers. I assigned it to a group then changed my mind and unassigned it. Now it doesn't show up at all any more. (Even though total computers shows 1).
Searching for it yields nothing.
The missing machine can still access HTTP://Server/SelfUpdate/iuiDent.cab
I'm also confused by the amount of updates available that are awaiting approval.
21911 updates are in the list.
Selected Products:
Office 2003
Silverlight
SQL Server 2005
SQL Server Feature Pack
SQL Server
Windows Defender
I.E. 8 Dynamic Installer
Windows Server 2003
XP
Selected Classifications: (Automatically approved)
Critical Updates
Definition Updates
Security Updates
Service Packs
Only English updates is selected
Also using Local storage with "Download update files to this server only when updates are approved".
Update Services handles computer group membership
One other things springs to mind..... Am I supposed to configure the servers to also use the WSUS server including the WSUS server itself?
This is the resource I used to deploy and configure:
http://www.microsoft.com/downloads/details.aspx?familyid=C8FA2FD1-72F6-4F19-A1B0-F689DAE14BE6&displaylang=en
Cheers
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So it's normal to have to sift through 2100+ updates the first time round then?
Do you know of a way to manually start the update process on a client or do I have change the update time every time and wait for the next time to run?
e.g. it's now 15:30. I change the automatic update time to the closest time; 16:00 and just wait?
I'm really wanting to test, but it's sooooo slow waiting everytime.
Do you know of a way to manually start the update process on a client or do I have change the update time every time and wait for the next time to run?
e.g. it's now 15:30. I change the automatic update time to the closest time; 16:00 and just wait?
I'm really wanting to test, but it's sooooo slow waiting everytime.
I have manually set the refresh on a client to 1 hour or so I think, not too worried about less than that. :)
You shouldn't have to manually sift through the stuff much you can just say automatically approve these things and apply this rule now...
You shouldn't have to manually sift through the stuff much you can just say automatically approve these things and apply this rule now...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
nice script :)
ASKER
Thanks for the advice and handy script!
Unfortunately I had already declined all updates prior to 2009.......
Look like I can set them to unapproved by approving then selecting "Unapprove"
I've pointed all machines to WSUS in GPO, will check on things on Monday.
I'll keep you guys posted.
Thanks again for your time!
Unfortunately I had already declined all updates prior to 2009.......
Look like I can set them to unapproved by approving then selecting "Unapprove"
I've pointed all machines to WSUS in GPO, will check on things on Monday.
I'll keep you guys posted.
Thanks again for your time!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Things seem to be going reasonably well, though I still don't understand some things.
As I understand it, machines will only pick up the updates that they "Need". If this is indeed true then what is the purpose of having "Comuter Groups"?
I should be able to put my Servers (DCs) and workstations in the same group and have everything working fine. (As long as the GPO Automatic Update settings are different).
Even after 2 full work days, only one workstation is reporting that it doesn't "Need" any more updates. The test machine that I am constantly updating still needs the Root Certificate update. 2 minutes after successfully installing it, it tries to install it again.
I deleted the machine, but after a couple of hours and using cincytopher's script, it show up again.
I found that reregistring these dlls helps resolves some update problems. (But not in this case)
regsvr32 "C:\WINDOWS\system32\wups2
regsvr32 wuapi.dll
regsvr32 wuaueng.dll
regsvr32 wuaueng1.dll
regsvr32 wucltui.dll
regsvr32 wups.dll
regsvr32 wups2.dll
regsvr32 wuweb.dll
Some machines show "Updates installed / not applicable"* > 21000 others
"Updates with no status" > 21000
Is this by design or a bug?
* = Report generation takes a very long time and shows 400+ pages.
Any idea's?
I'll keep monitoring things and post anything new again.
Thanks for you time!!
As I understand it, machines will only pick up the updates that they "Need". If this is indeed true then what is the purpose of having "Comuter Groups"?
I should be able to put my Servers (DCs) and workstations in the same group and have everything working fine. (As long as the GPO Automatic Update settings are different).
Even after 2 full work days, only one workstation is reporting that it doesn't "Need" any more updates. The test machine that I am constantly updating still needs the Root Certificate update. 2 minutes after successfully installing it, it tries to install it again.
I deleted the machine, but after a couple of hours and using cincytopher's script, it show up again.
I found that reregistring these dlls helps resolves some update problems. (But not in this case)
regsvr32 "C:\WINDOWS\system32\wups2
regsvr32 wuapi.dll
regsvr32 wuaueng.dll
regsvr32 wuaueng1.dll
regsvr32 wucltui.dll
regsvr32 wups.dll
regsvr32 wups2.dll
regsvr32 wuweb.dll
Some machines show "Updates installed / not applicable"* > 21000 others
"Updates with no status" > 21000
Is this by design or a bug?
* = Report generation takes a very long time and shows 400+ pages.
Any idea's?
I'll keep monitoring things and post anything new again.
Thanks for you time!!
Might want to start by sorting by date and getting rid of all old updates. :)
The root certificate update thing sounds like a separate issue.
Do you have it set to apply updates or notifiy users? The one that doesn't "need" any updates may be the only user who actually applied updates. ;)
The root certificate update thing sounds like a separate issue.
Do you have it set to apply updates or notifiy users? The one that doesn't "need" any updates may be the only user who actually applied updates. ;)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a lot guys! You have been a great help!
ASKER
Thanks for commenting.
I already have a seperate GPO for the servers and a seperate Computer Group in Update Services. ;-)
Definitely a valid point about the SPs, but shouldn't much of an issue for us. We only have 17 user with an average of 70% free space (60+ GB).
After restarting Update Services the machine showed up again. (I guess it was a bug).
How do you handle the multitude of updates that need to be approved or declined?
Do I understand you correctly, that the WSUS server can point to itself for updates?