Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

wsus update

Posted on 2014-10-07
3
Medium Priority
?
240 Views
Last Modified: 2016-02-13
Recently some expert gave me comment on the WSUS in my office but I was unable to understand the large part of it.
Could i get help on it. We are not using any IBM Servers so is Compliance required. We are not using SCCM so is it required for WSUS. I do not know how group policy is related to WSUS.
He said :- 1.      If we start the patching from Friday night and keep it for the complete Saturday it will be good. Reason many times some server do not come up automatically. This can be any hardware failure (hard disk, power supply etc.) We get a complete Sunday and then we can bring up most of the servers having minor faults, therefore Monday morning will avoid any extra hindrance to our business.
2.      There is no role of SCCM mentioned here. System Center Configuration Manager (SCCM) interoperates with WSUS, and is able to import third party security updates into the product.
3.      WSUS does not require the use of Active Directory; Client configuration can also be applied by local group policy or by modifying the Windows registry
4.      One can also approve updates for "detection" only, allowing an administrator to see what machines will require a given update without also installing that update
5.      What about the testing of patches and monitoring them to see if the production servers become compliant and no conflicts are there e.g firewall etc.
6.      We have to mention how to remediate if any compliance issue occurs for security, software patch, and software configuration.  
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
0
Comment
Question by:ITISEMEA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 5

Assisted Solution

by:Sean Jackson
Sean Jackson earned 400 total points
ID: 40365926
I don't really understand what you're asking, but I can speak to the local group policy.  If you're not using Group Policy to set the individual machines, then you have to do it locally.  You set each machine to look to your local WSUS server for updates rather than looking to the Microsoft Mothership.  I'm on a mac right now, else I'd pull up the actual settings in gpedit.
0
 
LVL 34

Accepted Solution

by:
it_saige earned 1600 total points
ID: 40365978
First, SCCM is not required for WSUS and vice versa, these are two stand-alone products from Microsoft.  Since you are primarily concerned about WSUS I will speak to this.  WSUS (Windows Server Update Services) gives you the capability manage the distribution of Microsoft updates to your Windows based computers.

Group Policy is mentioned because WSUS is generally confirgured via Group Policies.

http://technet.microsoft.com/en-us/library/dd939933(v=ws.10).aspx

But you can also configure WSUS via Registry Keys:

http://technet.microsoft.com/en-us/library/dd939844(v=ws.10).aspx

-saige-
0
 

Author Comment

by:ITISEMEA
ID: 40366265
I have an update that Group policy will be used so if any consideration you would suggest than url above. SCCM i think  interoperates with WSUS, and is able to import third party security updates into the product. So any third party tool you would recommend for the application patching. Also the VMs are there so is there any separate consideration for them in WSUS or just the same things apply.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question