Solved

WSUS Group Policies on company laptops

Posted on 2010-09-23
6
473 Views
Last Modified: 2012-05-10
Hi,
We've recently implemented WSUS in our office to get all the desktops and laptops up to date.  There is a group policy in place.

The updates are working.  The only problem is there are some people have never installed updates since they've been here, and it's installing 100 updates, and locking up their computer for 2 hours if they reboot.  I realize that this will all be cleared up once they're up to date.

The other dilemma is that the downloads are scheduled for 11PM, and most people that have laptops, have them turned off at 11PM, so it seems as if the updates aren't downloading.  Also certain users are trying to shut down their laptops to go home, and Windows is making them wait to install updates.

What would you suggest to be a good strategies for these problems?
Thanks,
Jamie
0
Comment
Question by:jamorlando
6 Comments
 
LVL 7

Assisted Solution

by:myhc
myhc earned 83 total points
ID: 33748720
could try adding "wuauclt.exe /detectnow" to the login script. this forces an update now... so laptops will start to update as soon as they login.
never tried it myself. Would be worth a test.
0
 
LVL 22

Assisted Solution

by:Joseph Moody
Joseph Moody earned 83 total points
ID: 33748734
1. Don't approve all of the updates at once. Instead, approve a dozen or so a week for deployment. Not as safe as doing it all at once but more user friendly.
 
2. If a computer misses an update check, it will automatically check when the computer first turns on.
 
3. Configure laptops to "Do Nothing" when the laptop is closed. This way, a user can pack the laptop away and it will continue to install updates until it is finished.
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 84 total points
ID: 33748745
You could approve only 25 updates. When all users have them approve 25 more. This is not very efficient, so I would tell the users that "sorry, you really need these patches" and approve all. This is a "one time event".

I have set the installation time when I know most users are having lunch.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:jamorlando
ID: 33748766
Lunch time is a good idea for download time.  I like that.

I've approved all the updates right now and try to assure people that these are the growing pains, and that the only reason all these updates are installing now is because they weren't installing updates when they had control to.

I'll look into adding the detectnow to the logon script.
Thanks!
0
 

Author Closing Comment

by:jamorlando
ID: 33801312
no
0
 

Author Comment

by:jamorlando
ID: 33801318
Ignore the "no" .. thanks guys!
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Error when logging into pinterest- Java- cookies- browser 1 24
Powershell to query AD 3 35
Domain trust created by PDC name 6 37
Server 2016 security/users 9 17
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question