Possible to have WSUS clients download from Microsoft when they are off site?

I currently have WSUS set in group policy so that a laptop will download from their local server depending on which subnet they are on. This way, they download files locally when they are traveling between offices.

I would like to know if it is possible to have laptops download updates from Microsoft when they are off site instead of waiting for them to come back on site. Sometimes the laptops can be off site for a while.

Thanks,

Justin
JustinGSEIWIAsked:
Who is Participating?
 
DonNetwork AdministratorCommented:
I would use a startup script that checks whether WSUS is reachable and if not to use wuinstall.exe with the bypass wsus option.

http://www.wuinstall.com/
0
 
Brad BouchardInformation Systems Security OfficerCommented:
dstewartjr's idea isn't bad, but I'd prefer to have something more along the lines of a GPO with multiple WSUS sites to check.  I haven't done it personally, but try adding multiple sites, with your local ones being listed first, then MS on a new GPO pointing towards WSUS.

http://technet.microsoft.com/en-us/library/cc720539(v=ws.10).aspx
0
 
DonNetwork AdministratorCommented:
If the laptop cant contact a WSUS server, It's safe to assume it cant contact a DC to apply a GPO.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
JustinGSEIWIAuthor Commented:
dstewartjr, thanks for the recommendation but I would like to do this for free if possible.

Brad Bouchard, So your suggestion is to list all my local sites first and then have a GPO that points to Microsoft update listed after my local site GPO's? That may work? How would I configure GP so that it knows which GP to use if the laptop is off site?

Thanks,

Justin
0
 
DonNetwork AdministratorCommented:
Wuinstall is free.....The free version will work just fine for that.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
So your suggestion is to list all my local sites first and then have a GPO that points to Microsoft update listed after my local site GPO's? That may work?
Actually I was thinking, (because I've never tried to put multiple sites (company.wsus.local & update.microsoft.com)) of putting both your local sites and Microsoft's in one GPO if you can do that.  Also, my theory is that it would go down the line and try the sites one by one.
0
 
DonNetwork AdministratorCommented:
The wuauclt will only go to what is specified under "Specify Intranet Microsoft Update Service Location"
If this is blank/not configured it will go out to Microsoft for updates.

With that in mind, you could have the script that verifies connectivity to your WSUS servers delete the registry entries for  WUServer and WUStatusServer when not reachable.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.