We have a WSUS infraestructure in our domain. This goes fine. The problem comes when some workers and their laptops move to the internet or just have to work in external clients. In this case, we dont want them to update from microsoft site, becouse this way we cant choose what kind of updates install. It would be nice for them to install only the updates we are allowing trought our WSUS, as happens in our domain network.
So, I want to know if this is possible, becouse I know microsoft doesn´t allow people to publish their software updates over the internet.
Is it possible? Is it worth? (risk >>> profits) Should I manage it trought certificates to only allow our clients to update from our DMZ WSUS server? Have you ever heard about doing that?
If it´s impossible, then I´ve got another question. Is there a specific template to set a customiced local update policy for, for instance, allow only to apply security updates? Can it be done trought some regisitry tweaks?
Thanks in advance.