?
Solved

security patch approval for windows servers

Posted on 2015-02-20
6
Medium Priority
?
130 Views
Last Modified: 2015-03-11
I have no experience with WSUS, but ran some baseline security analyser reports the other week. It lists a number of updates missing, that are confirmed as missing, and also have not been approved by the systems admin.

What does this actually mean, is this some form of approval on the server itself, or is this a stage within WSUS? I didnt realise the software was checking WSUS, I thought it was just scanning the server itself, so I was unsure where the "approval" thing comes in.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 1

Accepted Solution

by:
LukeMo earned 668 total points
ID: 40620728
Yes, even with automatic approvals, some updates require you to accept licensing terms.   You'll find those in the WSUS control panel.    
Once approved for install, do a manual sync and then you'll see those start to download.    Once downloaded the clients can then take their updates.
0
 
LVL 3

Author Comment

by:pma111
ID: 40620778
so the approval happens in WSUS, and not on each individual server by a systems admin? Until approved in WSUS they wont be deployed to the Server's?
0
 
LVL 10

Assisted Solution

by:Muhammad Mulla
Muhammad Mulla earned 668 total points
ID: 40620930
That's correct. The reason is that the approval is required for the download from  Microsoft. The WSUS server acts as a proxy (not in the technical/network sense) for updates.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 11

Assisted Solution

by:Manjunath Sullad
Manjunath Sullad earned 664 total points
ID: 40621025
As suggest by extpert, First you need to approve the security patches from WSUS server, then it will sync with Microsoft server.

After approving, Clients will be able to discover these patches.
0
 
LVL 3

Author Comment

by:pma111
ID: 40624099
Where exactly does wsus download the patches from?
0
 
LVL 1

Expert Comment

by:LukeMo
ID: 40624120
By default it gets them from Microsoft's servers.   You can also configure it to download from another WSUS server that you specify.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses
Course of the Month9 days, 20 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question