Solved

WSUS  - Planning and remote users

Posted on 2014-01-06
7
1,356 Views
Last Modified: 2016-02-20
Hi all,

At the moment we have no control over Windows updates on our networks. They are just set to auto update.

I have 4 sites that I plan to have local WSUS servers setup. My main problem is remote users. I have a number of laptops that connect via VPN daily, and some very rarely. SO my questions are:

1) What woudl be the best way to configure for laptops?

2) I was going to setup group polices for the different site severs filtered by IP scope for each site, is this a good idea?

3) Current WSUS server is 2008 wsus3 sp2 - should I upgrade to 2012 now for Win 8.1 compatibility?
0
Comment
Question by:MJB2011
  • 3
  • 3
7 Comments
 
LVL 12

Expert Comment

by:Chris
ID: 39758851
You could always setup a web facing WSUS server for the external clients. Not something I've ever seriously looked at but there's no reason it should cause any issues. In this instance I would be inclined to setup WSUS just to manage the updates and not to host them. This way you can manage the updates centrally but they'll still be downloaded from MS, saving you bandwidth.

With regards to the version of windows server, there's no need to upgrade. WSUS is simply a database of updates synced with Microsoft, if they are available on Windows Update they should theoretically be available to the WSUS server whether it's running Server 2012, 2008 or even 2003. Just make sure the WSUS software is up to date.
0
 

Author Comment

by:MJB2011
ID: 39758870
Web server not an option unfortunately.
0
 
LVL 12

Expert Comment

by:Sandeep
ID: 39765042
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:MJB2011
ID: 39765077
Fall back although useful, isnt  going to help, as when user is on VPN they will still see the WSUS and drag updates across VPN rather than heading to microsoft.
0
 
LVL 12

Expert Comment

by:Sandeep
ID: 39765089
So you want all your users to point to Microsoft only? Even though they connect to VPN?
0
 

Author Comment

by:MJB2011
ID: 39765111
Basically I need some how to change the server they are looking at depending on whether they are in the office or at home. when they are at home they could either connect to a wsus server at our VPN termination site or go to Microsoft.
0
 
LVL 12

Accepted Solution

by:
Sandeep earned 500 total points
ID: 39765326
If they are connecting from Home over VPN, I would suggest to keep them connected directly with Microsoft Site rather than connecting to WSUS Server. This will slow down the VPN connection speed for that user while Patches are getting downloaded. But if you want to administer which patches should get installed on that machine, then WSUS is the solution for you.

There is one way you can do it, by creating batch file to run registry modification for the users. But here you have to ask them to run that batch file / registry file accordingly.

Simply save below in a notepad and save as with extension .reg

Refer to below which will assist you to draft your registry file. You can export the current settings and do the modification accordingly.

http://technet.microsoft.com/en-us/library/cc708449(v=ws.10).aspx

Windows Patches are released on Monthly basis, so you can ask User to run batch file at least twice a month. When he is at home, they need to run the registry file which changes server to Microsoft Site, and when working at office need to run WSUS Server Registry file.

Hope this helps
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now