Solved

WSUS Group Policies on company laptops

Posted on 2010-09-23
6
439 Views
Last Modified: 2012-05-10
Hi,
We've recently implemented WSUS in our office to get all the desktops and laptops up to date.  There is a group policy in place.

The updates are working.  The only problem is there are some people have never installed updates since they've been here, and it's installing 100 updates, and locking up their computer for 2 hours if they reboot.  I realize that this will all be cleared up once they're up to date.

The other dilemma is that the downloads are scheduled for 11PM, and most people that have laptops, have them turned off at 11PM, so it seems as if the updates aren't downloading.  Also certain users are trying to shut down their laptops to go home, and Windows is making them wait to install updates.

What would you suggest to be a good strategies for these problems?
Thanks,
Jamie
0
Comment
Question by:jamorlando
6 Comments
 
LVL 7

Assisted Solution

by:myhc
myhc earned 83 total points
ID: 33748720
could try adding "wuauclt.exe /detectnow" to the login script. this forces an update now... so laptops will start to update as soon as they login.
never tried it myself. Would be worth a test.
0
 
LVL 22

Assisted Solution

by:Joseph Moody
Joseph Moody earned 83 total points
ID: 33748734
1. Don't approve all of the updates at once. Instead, approve a dozen or so a week for deployment. Not as safe as doing it all at once but more user friendly.
 
2. If a computer misses an update check, it will automatically check when the computer first turns on.
 
3. Configure laptops to "Do Nothing" when the laptop is closed. This way, a user can pack the laptop away and it will continue to install updates until it is finished.
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 84 total points
ID: 33748745
You could approve only 25 updates. When all users have them approve 25 more. This is not very efficient, so I would tell the users that "sorry, you really need these patches" and approve all. This is a "one time event".

I have set the installation time when I know most users are having lunch.
0
 

Author Comment

by:jamorlando
ID: 33748766
Lunch time is a good idea for download time.  I like that.

I've approved all the updates right now and try to assure people that these are the growing pains, and that the only reason all these updates are installing now is because they weren't installing updates when they had control to.

I'll look into adding the detectnow to the logon script.
Thanks!
0
 

Author Closing Comment

by:jamorlando
ID: 33801312
no
0
 

Author Comment

by:jamorlando
ID: 33801318
Ignore the "no" .. thanks guys!
0

Join & Write a Comment

Suggested Solutions

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now