Solved

WSUS - which updates to approve, so many?!

Posted on 2011-03-01
10
515 Views
Last Modified: 2012-05-11
I've just installed WSUS and am pretty new to it.  While I've downloaded only the updates appropriate for my environment, there are still so many updates!  How do I know which ones to install?  Also, is there a good site for finding out which updates cause problems?
Thanks.
0
Comment
Question by:kialn
10 Comments
 
LVL 9

Accepted Solution

by:
rawinnlnx9 earned 65 total points
ID: 35012590
Look into your options and check the option that "Delete all updates that have been replaced by future updates". That should clean up your repo a lot. If you go into WSUS Options you can begin to figure out how to manage it.

Grab this: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=113D4D0C-5649-4343-8244-E09E102F9706

And start to read through it. Very helpful.
0
 
LVL 47

Assisted Solution

by:dstewartjr
dstewartjr earned 60 total points
ID: 35012706
These should help:


Approving Updates


http://technet.microsoft.com/en-us/library/cc708458(WS.10).aspx


Best Practices with Windows Server Update Services 3.0

http://technet.microsoft.com/en-us/library/cc720525(WS.10).aspx


Managing the WSUS Automatic Updates Client Download, Install, and Reboot Behavior with Group Policy

http://technet.microsoft.com/en-us/library/cc512630.aspx


Explanation of each setting

http://community.spiceworks.com/how_to/show/1390
0
 

Author Comment

by:kialn
ID: 35012985
Thanks - I did the server cleanup wizard which helped, but oddly there were still some updates from 2006.  Any ideas?
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 35013048
You can run a report on "Needed" updates, these are the ones that you should further worry about approving.
0
 

Expert Comment

by:QuiteBored
ID: 35013054
You've cleaned out old updates that have been replaced, these may be updates from 2006 that are still required by client PC's or haven't been replaced, what service pack are the clients running?

Have any clients reported back to the server? This should help you to manage the required or obsolete updates as they will report what they need from what you've got.

There are no good sites to find out what MS updates cause an issue, general rule of thumb is to use a "test" pc to deploy updates for testing prior to rolling out accross the production environment.
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 
LVL 47

Expert Comment

by:dstewartjr
ID: 35013112
More on running reports here:

http://technet.microsoft.com/en-us/library/cc720459%28WS.10%29.aspx


You can also from the home page in your wsus console(Click on your servername) view "Computers needing updates" count <<<if you double click on this a report will open up
0
 

Author Comment

by:kialn
ID: 35013253
SP3 for XP.  I'm using GPOs to manage receiving updates from WSUS.  All clients have not yet checked in. I do have the WSUS manual but it's really not as detailed as I would like.  I ran report on needed updates, some clients report "33 (or whatever #) have not been installed."
Does that mean the updates have been approved but not yet installed?  Or does it mean they are 'short' those updates and I need to approve them?  Or should this clear up once client has checked in?  I think I've approved everything....
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 35013285
You can view a list of the "needed" updates and  then in the far right tab view the approval status(whether they are approved or not)


Are any of your clients cloned?

http://blogs.technet.com/b/sus/archive/2009/05/05/resolving-the-duplicate-susclientid-issue-or-why-don-t-all-my-clients-show-up-in-the-wsus-console.aspx
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 35013333
Here's more on the definition of needed within wsus
http://technet.microsoft.com/en-us/library/cc720463%28WS.10%29.aspx

This is the positive result of a Detect only approval. When referring to the status of one computer, Needed means the update is compliant with (and should be installed on) the computer. When referring to status for a computer group, the Needed column displays the number of computers in the group with which the update is compliant. Additionally, a positive Needed result means, technically, that as of the last time client computers made contact with the WSUS server, the update was determined to be compliant, but has not been installed. Therefore, it is possible that any of the following could be true when the status for an update is Needed:

You have approved the update for installation but the client computers have not yet contacted the WSUS server since you made this change.

You have not yet approved the update for installation, although the Detect only action has been performed.

The update has already been downloaded and installed, but the client computer has not contacted the WSUS server since the update was installed.

The update has already been downloaded and installed but the update requires that the client computer be restarted before changes go into effect, and the client computer has not yet been restarted.

The update has been downloaded to the computer but not installed.

The update has been neither downloaded nor installed on the computer.
0
 

Author Closing Comment

by:kialn
ID: 35032673
Thank you both - all information was extremely helpful.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now