Solved

SUS or Something Else?

Posted on 2011-03-16
6
296 Views
Last Modified: 2012-05-11
Used to use AdventNet Security Mgr Plus to deploy patches to workstations, but now am running Windows 7 on my domain, and this product requires remote registry to be active.  Don't want to do that...so I need a new product.

Tried SUS but it's a big waiting game (wait to detect the systems after GP configures them, schedule the updates, hope for the best)

 I prefer downloading the patches automatically, but deploying the patches manually (right-click, deploy, or "deploy all" by a group.)  SUS is...TOO automated.  What should I use instead?
0
Comment
Question by:NAMEWITHELD12
  • 2
  • 2
  • 2
6 Comments
 
LVL 6

Accepted Solution

by:
Flipp earned 167 total points
ID: 35147207
IMO, after moving from a fairly strict regime of patch management using ManageSoft with a previous company, I have deployed WSUS to all of my Windows Networks, and the options given via WSUS Console and GP is sufficient.

At the end of the day, Users these days know what to expect with Windows, as they have been working with it for years at home - so why change. WSUS gives the right type of control and central management.
0
 
LVL 5

Assisted Solution

by:NotVeryFat
NotVeryFat earned 333 total points
ID: 35148050
Personally I agree with Flipp. You can control what's deployed through WSUS by approving or declining updates, and can control their frequency and install behaviour via GPO.

There are third-party solutuions available, such as LANDesk, which will manage updates, software installs and a whole lot more.
0
 
LVL 1

Author Comment

by:NAMEWITHELD12
ID: 35148889
Maybe I'm doing something wrong, then...I made the GP changes to point a system to my development SUS server, and it took about 3 1/2 hours before it showed up in the SUS console as detected, and another 2 hours before it finished a scan to determine the patch level..is this typical?  I have selected option 4, automatically download and schedule update.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 5

Assisted Solution

by:NotVeryFat
NotVeryFat earned 333 total points
ID: 35148990
I agree there are limitations with WSUS, but I think ulimately it makes sense to use a Microsoft solution to update Microsoft systems. Unfortunately I think it can take a while to show up in the console, though you can speed up the update detection process on a PC by running wuauclt /detectnow, which can be incorporated into a login script.
0
 
LVL 1

Author Closing Comment

by:NAMEWITHELD12
ID: 35149403
I'll give the command line a shot.  Going to miss Manage Engine tho :(
0
 
LVL 6

Expert Comment

by:Flipp
ID: 35154041
A command I have found so useful is the following - this ensures the update runs straight away:

net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv
wuauclt /detectnow

http://technet.microsoft.com/en-us/library/cc720477(WS.10).aspx
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now