Solved

Using WSUS

Posted on 2012-03-22
8
270 Views
Last Modified: 2016-02-21
I've completed setting up, configuring and testing my GPO and WSUS installation.  I have approx. 3500 updates that need attention.  Several of them say that they've been superseded.  Is there a cheat sheet somewhere that I can use to approve the updates that have been confirmed safe so I can pare that number down?  

Thank you
0
Comment
Question by:Cloud9RealTime
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 37753872
You probably don't need to spend a lot of time trying to figure out what and what not to approve, based on whether a given update has been superceded.  WSUS will figure that out for you.  Approve everything by major category (Windows 7 x64, Office 2010, etc, whatever you're actually running there) and let WSUS do the heavy lifting.  I used to obsess over this and spent hours trying to wade through thousands of updates one by one, then I figured out I really didn't need to worry about it.  As long as you have adequate storage space for all the updates you'll be fine.
0
 
LVL 17

Assisted Solution

by:pjam
pjam earned 75 total points
ID: 37753883
Try running the "Server cleanup Wizard" in WSUS.  It will remove superceeded etc, see jpeg
server cleanup wizard
0
 

Author Comment

by:Cloud9RealTime
ID: 37757492
Dave: We're a TS environment with 4000+ users on 200+ servers....I'm just concerned about pushing one update out that breaks something and then having to figure out which update caused it to break.  

pjam:  I ran that wizard...it cleared off about 80 updates :)
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 17

Expert Comment

by:pjam
ID: 37757538
Sorry should have mentioned earlier, have you removed any OS or products you do not need such as Itanium etc in "Products and Calssifications"?
also have you selected Languages in "Update files and Languages"?
0
 
LVL 13

Accepted Solution

by:
IT-Monkey-Dave earned 75 total points
ID: 37757652
I get what you're saying. For a while I used my system to test new updates for a week prior to releasing to the general population.  For example you could create a WSUS category of systems "Test", populate it with a few representative test machines, and release to them first.  Then later release to the general population.  I stopped doing that because it just wasn't necessary for us.  We have several different major disciplines like art, programming, design.  The pre-testing never once turned up any issues.  In fact I can't recall a single update that has caused us any problems since we started using WSUS a few years ago.  I do wait about 1 week after the updates are released by Microsoft before I approve them.  That way everyone else on the planet is testing them for us and if something is horribly wrong with a particular update, it will have been outed by then and fixed or recalled by MS.  We review and approve updates on Mondays.
0
 
LVL 17

Expert Comment

by:pjam
ID: 37757723
We do not make those decisions locally anymore, as we are now a downstream WSUS.  However I have been a subscriber to Windows Secrets and Langa List before that.
That said, Susan Bradley always has a "Patch Watch" on MS update week recommending updates and recommending which to skip.  Not much help for the bulk you at looking at, but going forward it would be useful.
0
 

Author Comment

by:Cloud9RealTime
ID: 37758871
pjam - Yeah, I only have the products that I know for a fact are on our network, but with 3 different server OS's and 2 different MS Office versions, it didn't take long to add up.  Thank you for the Susan Bradley ref....that's added to the bookmarks as we move forward.

Dave - That's pretty much the plan I had come up with...different OU's with different GPO's and drop the computers into the appropriate OU.  Release the updates to a few test servers that run most of the applications on our system and then release them a week later to everyone else.  It looks like doing it with OU's and GPO's is going to be an easier way to manage the groups than anything else.  

Having said all of that, I'm dropping those guinea pigs into an OU today to deploy the updates tomorrow night and I'm going to push everything out and see what happens.  There's too much here to go through them and be selective.  I host over 200 different applications and it's impossible to see how a patch will affect all of them, much less 3500.
0
 

Author Closing Comment

by:Cloud9RealTime
ID: 37777529
Appreciate the help from pjam and IT-Monkey-Dave.  I ran the cleanup wizard and am just going to push out all the updates to my farm.  Thanks guys!
0

Featured Post

Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question