Solved

Managing remote laptops via WSUS 3..0

Posted on 2009-07-13
11
551 Views
Last Modified: 2012-06-27
Hi ,

We have setup WSUS 3.0 SP1 in our internal LAN .There are absolutely no issues with the updates propagating across the clients in LAN .. But i have a scenario where some of the users are Roaming. I dont want them to recieve s the updates from WSUS when connected thro' VPN cos' as you know it clog the Bandwidth . I want them to directly connect to Microsoft Update Server and download the updates.

Is there any ways to achieve this ?

Thanks for the help in advance
0
Comment
Question by:Arisglobal
  • 5
  • 4
  • 2
11 Comments
 
LVL 1

Expert Comment

by:unluckynelson
ID: 24840352
Do they connect onto VPN through ISA server?
If so you can simply create a firewall rule to block the WSUS access on ISA...
0
 
LVL 3

Author Comment

by:Arisglobal
ID: 24840655
No We dont have ISA Server. Can we block the ports on the Firewall box which isn't ISA Server?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24840689
You will need to setup another WSUS server and configure it to NOT store updates locally and point your laptops to this server.
0
 
LVL 3

Author Comment

by:Arisglobal
ID: 24840825
Thanks for the reply dstewartj I had this idea before  but i dont wanna have 2 WSUS servers running. its kinda complicated and have to look after both the servers
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24840918
This will be the the only way, It's a all or nothing. You could just put these laptops in another GPO that only uses windows updates,but you wont be able to control these updates(I.E. Approvals)
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 1

Expert Comment

by:unluckynelson
ID: 24840942
The transmission protocols and ports used are HTTP 80 and HTTPS 443. So you could block those ports to the server from the VPN IP Pool....
Unfortunately these are also web ports so you can't block them across the board...
0
 
LVL 3

Author Comment

by:Arisglobal
ID: 24841135
If I configure these laptops for another GPO when the roaming users are back to the office.. they still continue recieve the updates from Windows Updates .

Can't we run any script wherein it checks for the IP ADDRESS  of the local Machine if it points to LAN the registry should point to WSUS server or else to windows updates
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 24841350
Create a .reg file with your settings for WSUS and one for Microsoft.
Then use a startup script similar as below.
Modify the gateways below to match your environment, if you have more just add more lines.
 



set GW=

for /f "tokens=2 delims=:" %%a in ('ipconfig ^| find "Gateway"') DO SET GW=%%a

if %GW%== 10.63.106.2 regedit /s \\server\share\WSUS.reg    

if %GW%== 10.63.106.130 regedit /s \\server\share\Microsoft.reg

Open in new window

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24841617

 
 The below would be all you need to set it to use Microsoft  Updates.
 

Windows Registry Editor Version 5.00
 

[-HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\]

 
 

 
 

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\]
 
 

"UseWUServer"=dword:00000000

Open in new window

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24848944
So a "B" cause you didnt like the answer???
0
 
LVL 3

Author Comment

by:Arisglobal
ID: 24848984
I'am forced to accept the answer cos' u know most of the users using Laptop will nvr shutdown their laptops put in hibernation or standby .. i have to schedule the script as the job for each ..and moreover i don't prefer scripting . Was thinking is there anyways goaround without using scripts .. But the when architecture is something like this.. i'm forced to accept it
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Connecting one computer to Multiple Switches 7 76
Hardware RAID vs OS RAID 20 122
Server Room Hardware 5 90
HP Proliant ML10 Gen9 : How to setup RAID array without display 5 107
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
this article is a guided solution for most of the common server issues in server hardware tasks we are facing in our routine job works. the topics in the following article covered are, 1) dell hardware raidlevel (Perc) 2) adding HDD 3) how t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now