Solved

SUS or Something Else?

Posted on 2011-03-16
6
301 Views
Last Modified: 2012-05-11
Used to use AdventNet Security Mgr Plus to deploy patches to workstations, but now am running Windows 7 on my domain, and this product requires remote registry to be active.  Don't want to do that...so I need a new product.

Tried SUS but it's a big waiting game (wait to detect the systems after GP configures them, schedule the updates, hope for the best)

 I prefer downloading the patches automatically, but deploying the patches manually (right-click, deploy, or "deploy all" by a group.)  SUS is...TOO automated.  What should I use instead?
0
Comment
Question by:NAMEWITHELD12
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 6

Accepted Solution

by:
Flipp earned 167 total points
ID: 35147207
IMO, after moving from a fairly strict regime of patch management using ManageSoft with a previous company, I have deployed WSUS to all of my Windows Networks, and the options given via WSUS Console and GP is sufficient.

At the end of the day, Users these days know what to expect with Windows, as they have been working with it for years at home - so why change. WSUS gives the right type of control and central management.
0
 
LVL 5

Assisted Solution

by:NotVeryFat
NotVeryFat earned 333 total points
ID: 35148050
Personally I agree with Flipp. You can control what's deployed through WSUS by approving or declining updates, and can control their frequency and install behaviour via GPO.

There are third-party solutuions available, such as LANDesk, which will manage updates, software installs and a whole lot more.
0
 
LVL 1

Author Comment

by:NAMEWITHELD12
ID: 35148889
Maybe I'm doing something wrong, then...I made the GP changes to point a system to my development SUS server, and it took about 3 1/2 hours before it showed up in the SUS console as detected, and another 2 hours before it finished a scan to determine the patch level..is this typical?  I have selected option 4, automatically download and schedule update.
0
SendBlaster Pro 4 - Bulk Email Sending Software

SendBlaster 4 Pro - Best Bulk Emailing Sending Software
Automatic Subscribe / Unsubscribe Processing
Great for Newsletters & Mass Mailings
Optional HTML & Text Composition
Integration with Google Features
Built in Spam Score Checking
Free Professional Templates - Feature Packed!

 
LVL 5

Assisted Solution

by:NotVeryFat
NotVeryFat earned 333 total points
ID: 35148990
I agree there are limitations with WSUS, but I think ulimately it makes sense to use a Microsoft solution to update Microsoft systems. Unfortunately I think it can take a while to show up in the console, though you can speed up the update detection process on a PC by running wuauclt /detectnow, which can be incorporated into a login script.
0
 
LVL 1

Author Closing Comment

by:NAMEWITHELD12
ID: 35149403
I'll give the command line a shot.  Going to miss Manage Engine tho :(
0
 
LVL 6

Expert Comment

by:Flipp
ID: 35154041
A command I have found so useful is the following - this ensures the update runs straight away:

net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv
wuauclt /detectnow

http://technet.microsoft.com/en-us/library/cc720477(WS.10).aspx
0

Featured Post

To Patch or not to Patch? That is the question!

Don't get caught out like thousands of others around the world in the recent Ransomware Fiasco!
Discuss..
- Why it's not a good idea to wait before Patching
- Sensible approaches to Patching discussed
- Add your feedback, comments and suggestions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question