Using WSUS
I've completed setting up, configuring and testing my GPO and WSUS installation. I have approx. 3500 updates that need attention. Several of them say that they've been superseded. Is there a cheat sheet somewhere that I can use to approve the updates that have been confirmed safe so I can pare that number down?
Thank you
Thank you
IT-Monkey-Dave
You probably don't need to spend a lot of time trying to figure out what and what not to approve, based on whether a given update has been superceded. WSUS will figure that out for you. Approve everything by major category (Windows 7 x64, Office 2010, etc, whatever you're actually running there) and let WSUS do the heavy lifting. I used to obsess over this and spent hours trying to wade through thousands of updates one by one, then I figured out I really didn't need to worry about it. As long as you have adequate storage space for all the updates you'll be fine.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Dave: We're a TS environment with 4000+ users on 200+ servers....I'm just concerned about pushing one update out that breaks something and then having to figure out which update caused it to break.
pjam: I ran that wizard...it cleared off about 80 updates :)
pjam: I ran that wizard...it cleared off about 80 updates :)
Sorry should have mentioned earlier, have you removed any OS or products you do not need such as Itanium etc in "Products and Calssifications"?
also have you selected Languages in "Update files and Languages"?
also have you selected Languages in "Update files and Languages"?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
We do not make those decisions locally anymore, as we are now a downstream WSUS. However I have been a subscriber to Windows Secrets and Langa List before that.
That said, Susan Bradley always has a "Patch Watch" on MS update week recommending updates and recommending which to skip. Not much help for the bulk you at looking at, but going forward it would be useful.
That said, Susan Bradley always has a "Patch Watch" on MS update week recommending updates and recommending which to skip. Not much help for the bulk you at looking at, but going forward it would be useful.
ASKER
pjam - Yeah, I only have the products that I know for a fact are on our network, but with 3 different server OS's and 2 different MS Office versions, it didn't take long to add up. Thank you for the Susan Bradley ref....that's added to the bookmarks as we move forward.
Dave - That's pretty much the plan I had come up with...different OU's with different GPO's and drop the computers into the appropriate OU. Release the updates to a few test servers that run most of the applications on our system and then release them a week later to everyone else. It looks like doing it with OU's and GPO's is going to be an easier way to manage the groups than anything else.
Having said all of that, I'm dropping those guinea pigs into an OU today to deploy the updates tomorrow night and I'm going to push everything out and see what happens. There's too much here to go through them and be selective. I host over 200 different applications and it's impossible to see how a patch will affect all of them, much less 3500.
Dave - That's pretty much the plan I had come up with...different OU's with different GPO's and drop the computers into the appropriate OU. Release the updates to a few test servers that run most of the applications on our system and then release them a week later to everyone else. It looks like doing it with OU's and GPO's is going to be an easier way to manage the groups than anything else.
Having said all of that, I'm dropping those guinea pigs into an OU today to deploy the updates tomorrow night and I'm going to push everything out and see what happens. There's too much here to go through them and be selective. I host over 200 different applications and it's impossible to see how a patch will affect all of them, much less 3500.
ASKER
Appreciate the help from pjam and IT-Monkey-Dave. I ran the cleanup wizard and am just going to push out all the updates to my farm. Thanks guys!