Solved

WSUS for remote clients

Posted on 2010-09-07
7
2,021 Views
Last Modified: 2012-05-10
We have WSUS 3.0 and all of our clients are on the domain, including our remote clients. None of our clients have local admin privledges. our AU policy is GPO based and updates need to be approved on the WSUS before installationon the clients. I want to know how our remote employees receive their updates from the WSUS or from the internet.

1.How do the remote clients communicate with the WSUS for downloads, through the VPN? How does that work, once the update is approved, the client logs onto the VPN and they are told by he WSUS what updates are aproved and then they download/install those updates from the internet or the WSUS?

2. How can I configure the remote clients to communicate with the WSUS while they are not on the VPN? At leasst to communicate what they are approved to download then download it from the internet directly?

Thanks!
0
Comment
Question by:tolinrome
  • 2
  • 2
7 Comments
 
LVL 5

Expert Comment

by:FunkyBrown
ID: 33619562
You have to look at it this way. Think of your PC as actually being in your network when it is connected to the VPN. That is the best way to look at it. So when your laptop is connected via the VPN, it will download the updates from the WSUS server, depending on how your settings are. As far as your clients communicating via the WSUS server when not connected to the VPN, I don't think this is realistic as far as security is concerned. Do you have a firewall set up protecting your network?
0
 
LVL 7

Author Comment

by:tolinrome
ID: 33619927
I understand that while on the vpn the clients  are on the network, but since a client may only be on for a few minutes and not long enough to download/install updates and to save bandwith I would like them to update via the internet if possible.

Do you know for sure if while on the vpn the clients are actually downloading the updates from the WSUS or are only notified of the approvals and then downloading from the internet?

Also, I think it should be possible to update via the WSUS through the internet. Of course we have a firewall.

Thanks!
0
 
LVL 5

Expert Comment

by:FunkyBrown
ID: 33620013
Definitely the computers will download the updates via the WSUS server when connected through the VPN. How often do you push out updates via WSUS? There should be a setting in which you can set PC's to download the updates directly from the internet. I will have a look on my WSUS server. We are currently running our updates through our SCCM server though so I need to familiarize myself with the WSUS console.
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 250 total points
ID: 33739776
WSUS defaults to download updates and then the update client pulls the updates from the WSUS server. VPN or not, the client will do whatever the group policy says for it to do. Windows doesn't have any logic built in to say "hey, I'm on a VPN so I should go straight to the internet."
What you can do is create a separate WSUS group policy to have updates downloaded directly from the internet and then apply that policy to a security group with the remote machines. That policy will *always* be in effect though, so even when laptops are on the internal network, they will download updates from the internet and thus you will want to be aware of the impact on your bandwidth with such a solution in place.
For the second part, since WSUS is reliant on group policy, while it is technically possible to publish a WSUS server and have machines download it, they would not get any updated group policy settings and thus would be very limited. Having them connect via VPN solves other problems besides just updates. My current recommendation for such setups is to look at deploying DirectAccess. This allows a VPN to be setup *before* logon, so group policies work, WSUS works, and DA is very firewall friendly. This would be better than publishing a WSUS server.
-Cliff
 
0
 
LVL 7

Author Closing Comment

by:tolinrome
ID: 33740737
Excellent, thanks.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
Learn about cloud computing and its benefits for small business owners.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now