security patch approval for windows servers

Posted on 2015-02-20
Medium Priority
Last Modified: 2015-03-11
I have no experience with WSUS, but ran some baseline security analyser reports the other week. It lists a number of updates missing, that are confirmed as missing, and also have not been approved by the systems admin.

What does this actually mean, is this some form of approval on the server itself, or is this a stage within WSUS? I didnt realise the software was checking WSUS, I thought it was just scanning the server itself, so I was unsure where the "approval" thing comes in.
Question by:pma111

Accepted Solution

LukeMo earned 668 total points
ID: 40620728
Yes, even with automatic approvals, some updates require you to accept licensing terms.   You'll find those in the WSUS control panel.    
Once approved for install, do a manual sync and then you'll see those start to download.    Once downloaded the clients can then take their updates.

Author Comment

ID: 40620778
so the approval happens in WSUS, and not on each individual server by a systems admin? Until approved in WSUS they wont be deployed to the Server's?
LVL 10

Assisted Solution

by:Muhammad Mulla
Muhammad Mulla earned 668 total points
ID: 40620930
That's correct. The reason is that the approval is required for the download from  Microsoft. The WSUS server acts as a proxy (not in the technical/network sense) for updates.
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

LVL 11

Assisted Solution

by:Manjunath Sullad
Manjunath Sullad earned 664 total points
ID: 40621025
As suggest by extpert, First you need to approve the security patches from WSUS server, then it will sync with Microsoft server.

After approving, Clients will be able to discover these patches.

Author Comment

ID: 40624099
Where exactly does wsus download the patches from?

Expert Comment

ID: 40624120
By default it gets them from Microsoft's servers.   You can also configure it to download from another WSUS server that you specify.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
The video provides a quick and easy steps to migrate MBOX file to well known Outlook PST and Office 365. Besides this, it also supports and migrates more than 20 email clients of MBOX which include AppleMail, Opera, Thunderbird and SeaMonkey effortl…
Watch the video to learn how one can deal with PST file corruption issue with an outstanding Kernel for Outlook PST Repair Tool easily. Using this tool, non-technical users can swiftly perform the repair process to restore their essential data witho…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question