[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

WSUS for Server Patching

Posted on 2012-09-14
5
Medium Priority
?
478 Views
Last Modified: 2012-09-25
I'm looking to deploy WSUS 3.0 SP2 with the specific intention of updating my many servers in the environment.

I would like to have 3 tiers:

Tier1 - Download, Patch and Reboot.
Tier2 - Download, Patch do NOT Reboot
Tier3 - Do nothing, these servers will be manually patched.

Does anyone have a decent document outlining how to do this via WSUS?
0
Comment
Question by:trecool
  • 3
5 Comments
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38398677
Please follow the link about wsus configuration.

(http://technet.microsoft.com/en-us/library/cc720475(v=ws.10).aspx)

Install and configure WSUS 3.0 SP2 – Step-By-Step with screen shot

(http://araihan.wordpress.com/2009/08/13/install-and-configure-wsus-3-0-sp2-step-by-step/)

To configure Configure Automatic Updates by Using Group Policy for wsus server.

(http://technet.microsoft.com/en-us/library/cc720539(v=ws.10).aspx)

http://www.microsoft.com/en-us/download/details.aspx?id=913
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 2000 total points
ID: 38398751
Actually what you are looking for is whats called client side targeting

http://technet.microsoft.com/en-us/library/cc720433%28v=ws.10%29.aspx

Then you want to go over:

Managing the WSUS Automatic Updates Client Download, Install, and Reboot Behavior with Group Policy

http://technet.microsoft.com/en-us/library/cc512630.aspx

And

Best Practices with Windows Server Update Services 3.0
http://technet.microsoft.com/en-us/library/cc720525%28v=ws.10%29.aspx
0
 

Author Comment

by:trecool
ID: 38409671
So the guides were very useful, however, I can't apply the policies to the servers without a reboot.  gpupdate /force is not working when I examine the local policy of each machine, under Computer Accounts > Admin Templates > Windows Components there is no Windows Update entry.

The only server that showed up in the WSUS is one I had manually rebooted.  Is this the case, or should GPUpdate / Force actually work?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 38411433
when I examine the local policy of each machine, under Computer Accounts > Admin Templates > Windows Components there is no Windows Update entry.


That is not the way to verify WSUS settings, you should from command prompt type:


Reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 38411437
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question