Solved

wsus update

Posted on 2014-10-07
3
217 Views
Last Modified: 2016-02-13
Recently some expert gave me comment on the WSUS in my office but I was unable to understand the large part of it.
Could i get help on it. We are not using any IBM Servers so is Compliance required. We are not using SCCM so is it required for WSUS. I do not know how group policy is related to WSUS.
He said :- 1.      If we start the patching from Friday night and keep it for the complete Saturday it will be good. Reason many times some server do not come up automatically. This can be any hardware failure (hard disk, power supply etc.) We get a complete Sunday and then we can bring up most of the servers having minor faults, therefore Monday morning will avoid any extra hindrance to our business.
2.      There is no role of SCCM mentioned here. System Center Configuration Manager (SCCM) interoperates with WSUS, and is able to import third party security updates into the product.
3.      WSUS does not require the use of Active Directory; Client configuration can also be applied by local group policy or by modifying the Windows registry
4.      One can also approve updates for "detection" only, allowing an administrator to see what machines will require a given update without also installing that update
5.      What about the testing of patches and monitoring them to see if the production servers become compliant and no conflicts are there e.g firewall etc.
6.      We have to mention how to remediate if any compliance issue occurs for security, software patch, and software configuration.  
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
0
Comment
Question by:ITISEMEA
3 Comments
 
LVL 5

Assisted Solution

by:Sean Jackson
Sean Jackson earned 100 total points
ID: 40365926
I don't really understand what you're asking, but I can speak to the local group policy.  If you're not using Group Policy to set the individual machines, then you have to do it locally.  You set each machine to look to your local WSUS server for updates rather than looking to the Microsoft Mothership.  I'm on a mac right now, else I'd pull up the actual settings in gpedit.
0
 
LVL 33

Accepted Solution

by:
it_saige earned 400 total points
ID: 40365978
First, SCCM is not required for WSUS and vice versa, these are two stand-alone products from Microsoft.  Since you are primarily concerned about WSUS I will speak to this.  WSUS (Windows Server Update Services) gives you the capability manage the distribution of Microsoft updates to your Windows based computers.

Group Policy is mentioned because WSUS is generally confirgured via Group Policies.

http://technet.microsoft.com/en-us/library/dd939933(v=ws.10).aspx

But you can also configure WSUS via Registry Keys:

http://technet.microsoft.com/en-us/library/dd939844(v=ws.10).aspx

-saige-
0
 

Author Comment

by:ITISEMEA
ID: 40366265
I have an update that Group policy will be used so if any consideration you would suggest than url above. SCCM i think  interoperates with WSUS, and is able to import third party security updates into the product. So any third party tool you would recommend for the application patching. Also the VMs are there so is there any separate consideration for them in WSUS or just the same things apply.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question