Solved

wsus update

Posted on 2014-10-07
3
213 Views
Last Modified: 2016-02-13
Recently some expert gave me comment on the WSUS in my office but I was unable to understand the large part of it.
Could i get help on it. We are not using any IBM Servers so is Compliance required. We are not using SCCM so is it required for WSUS. I do not know how group policy is related to WSUS.
He said :- 1.      If we start the patching from Friday night and keep it for the complete Saturday it will be good. Reason many times some server do not come up automatically. This can be any hardware failure (hard disk, power supply etc.) We get a complete Sunday and then we can bring up most of the servers having minor faults, therefore Monday morning will avoid any extra hindrance to our business.
2.      There is no role of SCCM mentioned here. System Center Configuration Manager (SCCM) interoperates with WSUS, and is able to import third party security updates into the product.
3.      WSUS does not require the use of Active Directory; Client configuration can also be applied by local group policy or by modifying the Windows registry
4.      One can also approve updates for "detection" only, allowing an administrator to see what machines will require a given update without also installing that update
5.      What about the testing of patches and monitoring them to see if the production servers become compliant and no conflicts are there e.g firewall etc.
6.      We have to mention how to remediate if any compliance issue occurs for security, software patch, and software configuration.  
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
0
Comment
Question by:ITISEMEA
3 Comments
 
LVL 5

Assisted Solution

by:Sean Jackson
Sean Jackson earned 100 total points
ID: 40365926
I don't really understand what you're asking, but I can speak to the local group policy.  If you're not using Group Policy to set the individual machines, then you have to do it locally.  You set each machine to look to your local WSUS server for updates rather than looking to the Microsoft Mothership.  I'm on a mac right now, else I'd pull up the actual settings in gpedit.
0
 
LVL 33

Accepted Solution

by:
it_saige earned 400 total points
ID: 40365978
First, SCCM is not required for WSUS and vice versa, these are two stand-alone products from Microsoft.  Since you are primarily concerned about WSUS I will speak to this.  WSUS (Windows Server Update Services) gives you the capability manage the distribution of Microsoft updates to your Windows based computers.

Group Policy is mentioned because WSUS is generally confirgured via Group Policies.

http://technet.microsoft.com/en-us/library/dd939933(v=ws.10).aspx

But you can also configure WSUS via Registry Keys:

http://technet.microsoft.com/en-us/library/dd939844(v=ws.10).aspx

-saige-
0
 

Author Comment

by:ITISEMEA
ID: 40366265
I have an update that Group policy will be used so if any consideration you would suggest than url above. SCCM i think  interoperates with WSUS, and is able to import third party security updates into the product. So any third party tool you would recommend for the application patching. Also the VMs are there so is there any separate consideration for them in WSUS or just the same things apply.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question