[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

New install of WSUS - should I approve ALL old updates?

Posted on 2010-09-14
9
Medium Priority
?
976 Views
Last Modified: 2012-05-10
I just installed WSUS 3.0 SP1 and have it up and running.  I have a few test computers connected to it and we'll see how it goes over the next week or so.

My question though is whether I should approve all of the 3,000 or so updates that are waiting for approval?  I have so far only approved a couple hundred based on the PCs that I have joined to the server.  I looked at their needed list and approved those for each computer.

But WSUS is going to nag me about updates I haven't dealt with yet so I wonder if I should approve all of the past ones to catch that up?

When I roll this out company wide, I plan on making sure each computer is updated fully from MS directly before adding them to WSUS so I can manage some backlog that way.  So once they join WSUS there won't be but maybe a couple updates that need to be done that are all just a week or two old.

Thanks in advance!
0
Comment
Question by:archaic0
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 11

Expert Comment

by:SemperWiFi
ID: 33672614
If the updates are indeed already installed then you don't need them. Just chose option for ignore update.
0
 

Author Comment

by:archaic0
ID: 33672711
I don't see an ignore option specifically, but I can decline them.  Is that what you mean?

I could decline all updates from today or further in the past.  Leaving with with a starting point of today.  Then as long as I fully update each machine before I add it into WSUS I can deal with the future updates as they come out.

Is that how people run these WSUS machines?
0
 
LVL 7

Expert Comment

by:GridLock137
ID: 33672770
3000 updates is alot, how many machines? be sure you only approve the updates that match the OS of the machines you are updating. also, do not approve all 3k of them, that will bog eat up the bandwidth on your network and slow everything down, not even over night. i suggest you look closely at the list and approve only the ones that match the OS on your machines and deploy every two days in batches of 20 or less to allow delivery and install on the updates, this may have to prompt your users for multiple reboots every other day or so if the updates installed requires it but it's better than worrying about bandwidth issue durring the day.
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 7

Expert Comment

by:GridLock137
ID: 33672803
that would be the recommended way to go. decline the past ones and start with a fresh start of today. maybe even running a new synch job to get a fresh list of updates. you also want to go into your settings and select the updates wish to download only, usually those that match the OS you are updating. do not have every single update selection selected, you'll end up downloading updates you don't need.
0
 

Author Comment

by:archaic0
ID: 33672859
There are multiple OS's on the network, surely you're not saying that if I approve a Win2k3 update that my XP machines will see it or be confused in any way?

WSUS is just the new repository instead of Microsoft directly.  The machines still use their logic to ask for which updates they need, they just use MY list instead of MS's list now, right?

I think the pre-update is the way to go though.  Decline everything today so I'm starting fresh with only new updates.  And make sure to update each machine fully before it gets added to WSUS.
0
 
LVL 11

Accepted Solution

by:
SemperWiFi earned 2000 total points
ID: 33673493
If all of your machines are up to date then there is nothing to stress. Decline them from today on back if you like.

Ignore/Decline - same thing... sorry about the lax moment in my vernacular.
0
 

Author Comment

by:archaic0
ID: 33673517
No worries, not trying to be the word police, just didn't know if I was missing an option somewhere.

Thanks for the input.
0
 
LVL 11

Expert Comment

by:SemperWiFi
ID: 33673578
Hey man, it is ALWAYS better to be safe than sorry!

Always happy to help!

0
 

Expert Comment

by:irishpaul
ID: 33879924
If you decline all updates from today back you will run the risk of updates not being installed. You really need to approve all updates that have been published since the release of the last service pack you have installed for each of your operating systems.

For instance:

If you install windows vista SP1 on a machine but have declined SP2 in WSUS your machines will not get this service pack. UNLESS you manually update every computer you put out into your environment before connecting to the domain and talking to WSUS which is a PITA and why you configured WSUS anyways.

My two cents is to take a careful look at the OSs you have in your environment and ensure all patches from the oldest SP your running are approved in WSUS.
0

Featured Post

What’s Wrong with Your Cloud Strategy ?

Even as many CIOs are embracing a cloud-first strategy, the reality is that moving to the cloud is a lengthy process and the end-state is likely to be a blend of multiple clouds—public and private. Learn why multicloud solutions matter in this webinar by Nimble Storage.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question