We help IT Professionals succeed at work.

How to use WSUS

Medium Priority
673 Views
Last Modified: 2012-05-07
I have just installed and configured WSUS 3 and would like some pointers on how best to use it.
Windows Server 2003 SP2

My one test machine picks up date GPO "Update Server" change.
It showed up in Unassigend Computers. I assigned it to a group then changed my mind and unassigned it. Now it doesn't show up at all any more. (Even though total computers shows 1).
Searching for it yields nothing.
The missing machine can still access HTTP://Server/SelfUpdate/iuiDent.cab

I'm also confused by the amount of updates available that are awaiting approval.
21911 updates are in the list.

Selected Products:
Office 2003
Silverlight
SQL Server 2005
SQL Server Feature Pack
SQL Server
Windows Defender
I.E. 8 Dynamic Installer
Windows Server 2003
XP

Selected Classifications: (Automatically approved)
Critical Updates
Definition Updates
Security Updates
Service Packs

Only English updates is selected

Also using Local storage with "Download update files to this server only when updates are approved".

Update Services handles computer group membership

One other things springs to mind..... Am I supposed to configure the servers to also use the WSUS server including the WSUS server itself?

This is the resource I used to deploy and configure:
http://www.microsoft.com/downloads/details.aspx?familyid=C8FA2FD1-72F6-4F19-A1B0-F689DAE14BE6&displaylang=en

Cheers
Comment
Watch Question

Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Hi Dateman,
Thanks for commenting.

I already have a seperate GPO for the servers and a seperate Computer Group in Update Services. ;-)

Definitely a valid point about the SPs, but shouldn't much of an issue for us. We only have 17 user with an average of 70% free space (60+ GB).
After restarting Update Services the machine showed up again. (I guess it was a bug).

How do you handle the multitude of updates that need to be approved or declined?
Do I understand you correctly, that the WSUS server can point to itself for updates?
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
So it's normal to have to sift through 2100+ updates the first time round then?

Do you know of a way to manually start the update process on a client or do I have change the update time every time and wait for the next time to run?
e.g. it's now 15:30. I change the automatic update time to the closest time; 16:00 and just wait?
I'm really wanting to test, but it's sooooo slow waiting everytime.

Commented:
I have manually set the refresh on a client to 1 hour or so I think, not too worried about less than that. :)

You shouldn't have to manually sift through the stuff much you can just say automatically approve these things and apply this rule now...
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
nice script :)

Author

Commented:
Thanks for the advice and handy script!
Unfortunately I had already declined all updates prior to 2009.......
Look like I can set them to unapproved by approving then selecting "Unapprove"

I've pointed all machines to WSUS in GPO, will check on things on Monday.

I'll keep you guys posted.

Thanks again for your time!
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Things seem to be going reasonably well, though I still don't understand some things.

As I understand it, machines will only pick up the updates that they "Need". If this is indeed true then what is the purpose of having "Comuter Groups"?
I should be able to put my Servers (DCs) and workstations in the same group and have everything working fine. (As long as the GPO Automatic Update settings are different).
Even after 2 full work days, only one workstation is reporting that it doesn't "Need" any more updates. The test machine that I am constantly updating still needs the Root Certificate update. 2 minutes after successfully installing it, it tries to install it again.
I deleted the machine, but after a couple of hours and using cincytopher's script, it show up again.

I found that reregistring these dlls helps resolves some update problems. (But not in this case)
regsvr32 "C:\WINDOWS\system32\wups2.dll"
regsvr32 wuapi.dll
regsvr32 wuaueng.dll
regsvr32 wuaueng1.dll
regsvr32 wucltui.dll
regsvr32 wups.dll
regsvr32 wups2.dll
regsvr32 wuweb.dll  
Some machines show "Updates installed / not applicable"* > 21000 others
"Updates with no status" > 21000
Is this by design or a bug?
* = Report generation takes a very long time and shows 400+ pages.
Any idea's?
I'll keep monitoring things and post anything new again.

Thanks for you time!!

Commented:
Might want to start by sorting by date and getting rid of all old updates. :)

The root certificate update thing sounds like a separate issue.

Do you have it set to apply updates or notifiy users?  The one that doesn't "need" any updates may be the only user who actually applied updates. ;)
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks a lot guys! You have been a great help!
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.