Arisglobal
asked on
Managing remote laptops via WSUS 3..0
Hi ,
We have setup WSUS 3.0 SP1 in our internal LAN .There are absolutely no issues with the updates propagating across the clients in LAN .. But i have a scenario where some of the users are Roaming. I dont want them to recieve s the updates from WSUS when connected thro' VPN cos' as you know it clog the Bandwidth . I want them to directly connect to Microsoft Update Server and download the updates.
Is there any ways to achieve this ?
Thanks for the help in advance
We have setup WSUS 3.0 SP1 in our internal LAN .There are absolutely no issues with the updates propagating across the clients in LAN .. But i have a scenario where some of the users are Roaming. I dont want them to recieve s the updates from WSUS when connected thro' VPN cos' as you know it clog the Bandwidth . I want them to directly connect to Microsoft Update Server and download the updates.
Is there any ways to achieve this ?
Thanks for the help in advance
ASKER
No We dont have ISA Server. Can we block the ports on the Firewall box which isn't ISA Server?
You will need to setup another WSUS server and configure it to NOT store updates locally and point your laptops to this server.
ASKER
Thanks for the reply dstewartj I had this idea before but i dont wanna have 2 WSUS servers running. its kinda complicated and have to look after both the servers
This will be the the only way, It's a all or nothing. You could just put these laptops in another GPO that only uses windows updates,but you wont be able to control these updates(I.E. Approvals)
The transmission protocols and ports used are HTTP 80 and HTTPS 443. So you could block those ports to the server from the VPN IP Pool....
Unfortunately these are also web ports so you can't block them across the board...
Unfortunately these are also web ports so you can't block them across the board...
ASKER
If I configure these laptops for another GPO when the roaming users are back to the office.. they still continue recieve the updates from Windows Updates .
Can't we run any script wherein it checks for the IP ADDRESS of the local Machine if it points to LAN the registry should point to WSUS server or else to windows updates
Can't we run any script wherein it checks for the IP ADDRESS of the local Machine if it points to LAN the registry should point to WSUS server or else to windows updates
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The below would be all you need to set it to use Microsoft Updates.
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\]
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\]
"UseWUServer"=dword:00000000
So a "B" cause you didnt like the answer???
ASKER
I'am forced to accept the answer cos' u know most of the users using Laptop will nvr shutdown their laptops put in hibernation or standby .. i have to schedule the script as the job for each ..and moreover i don't prefer scripting . Was thinking is there anyways goaround without using scripts .. But the when architecture is something like this.. i'm forced to accept it
If so you can simply create a firewall rule to block the WSUS access on ISA...