Posted on 2014-10-07
Recently some expert gave me comment on the WSUS in my office but I was unable to understand the large part of it.
Could i get help on it. We are not using any IBM Servers so is Compliance required. We are not using SCCM so is it required for WSUS. I do not know how group policy is related to WSUS.
He said :- 1. If we start the patching from Friday night and keep it for the complete Saturday it will be good. Reason many times some server do not come up automatically. This can be any hardware failure (hard disk, power supply etc.) We get a complete Sunday and then we can bring up most of the servers having minor faults, therefore Monday morning will avoid any extra hindrance to our business.
2. There is no role of SCCM mentioned here. System Center Configuration Manager (SCCM) interoperates with WSUS, and is able to import third party security updates into the product.
3. WSUS does not require the use of Active Directory; Client configuration can also be applied by local group policy or by modifying the Windows registry
4. One can also approve updates for "detection" only, allowing an administrator to see what machines will require a given update without also installing that update
5. What about the testing of patches and monitoring them to see if the production servers become compliant and no conflicts are there e.g firewall etc.
6. We have to mention how to remediate if any compliance issue occurs for security, software patch, and software configuration.