Solved

wsus update

Posted on 2014-10-07
3
204 Views
Last Modified: 2016-02-13
Recently some expert gave me comment on the WSUS in my office but I was unable to understand the large part of it.
Could i get help on it. We are not using any IBM Servers so is Compliance required. We are not using SCCM so is it required for WSUS. I do not know how group policy is related to WSUS.
He said :- 1.      If we start the patching from Friday night and keep it for the complete Saturday it will be good. Reason many times some server do not come up automatically. This can be any hardware failure (hard disk, power supply etc.) We get a complete Sunday and then we can bring up most of the servers having minor faults, therefore Monday morning will avoid any extra hindrance to our business.
2.      There is no role of SCCM mentioned here. System Center Configuration Manager (SCCM) interoperates with WSUS, and is able to import third party security updates into the product.
3.      WSUS does not require the use of Active Directory; Client configuration can also be applied by local group policy or by modifying the Windows registry
4.      One can also approve updates for "detection" only, allowing an administrator to see what machines will require a given update without also installing that update
5.      What about the testing of patches and monitoring them to see if the production servers become compliant and no conflicts are there e.g firewall etc.
6.      We have to mention how to remediate if any compliance issue occurs for security, software patch, and software configuration.  
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
0
Comment
Question by:ITISEMEA
3 Comments
 
LVL 5

Assisted Solution

by:Sean Jackson
Sean Jackson earned 100 total points
ID: 40365926
I don't really understand what you're asking, but I can speak to the local group policy.  If you're not using Group Policy to set the individual machines, then you have to do it locally.  You set each machine to look to your local WSUS server for updates rather than looking to the Microsoft Mothership.  I'm on a mac right now, else I'd pull up the actual settings in gpedit.
0
 
LVL 32

Accepted Solution

by:
it_saige earned 400 total points
ID: 40365978
First, SCCM is not required for WSUS and vice versa, these are two stand-alone products from Microsoft.  Since you are primarily concerned about WSUS I will speak to this.  WSUS (Windows Server Update Services) gives you the capability manage the distribution of Microsoft updates to your Windows based computers.

Group Policy is mentioned because WSUS is generally confirgured via Group Policies.

http://technet.microsoft.com/en-us/library/dd939933(v=ws.10).aspx

But you can also configure WSUS via Registry Keys:

http://technet.microsoft.com/en-us/library/dd939844(v=ws.10).aspx

-saige-
0
 

Author Comment

by:ITISEMEA
ID: 40366265
I have an update that Group policy will be used so if any consideration you would suggest than url above. SCCM i think  interoperates with WSUS, and is able to import third party security updates into the product. So any third party tool you would recommend for the application patching. Also the VMs are there so is there any separate consideration for them in WSUS or just the same things apply.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now