[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 144
  • Last Modified:

security patch approval for windows servers

I have no experience with WSUS, but ran some baseline security analyser reports the other week. It lists a number of updates missing, that are confirmed as missing, and also have not been approved by the systems admin.

What does this actually mean, is this some form of approval on the server itself, or is this a stage within WSUS? I didnt realise the software was checking WSUS, I thought it was just scanning the server itself, so I was unsure where the "approval" thing comes in.
0
pma111
Asked:
pma111
3 Solutions
 
LukeMoCommented:
Yes, even with automatic approvals, some updates require you to accept licensing terms.   You'll find those in the WSUS control panel.    
Once approved for install, do a manual sync and then you'll see those start to download.    Once downloaded the clients can then take their updates.
0
 
pma111Author Commented:
so the approval happens in WSUS, and not on each individual server by a systems admin? Until approved in WSUS they wont be deployed to the Server's?
0
 
Muhammad MullaCommented:
That's correct. The reason is that the approval is required for the download from  Microsoft. The WSUS server acts as a proxy (not in the technical/network sense) for updates.
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
Manjunath SulladTechnical ConsultantCommented:
As suggest by extpert, First you need to approve the security patches from WSUS server, then it will sync with Microsoft server.

After approving, Clients will be able to discover these patches.
0
 
pma111Author Commented:
Where exactly does wsus download the patches from?
0
 
LukeMoCommented:
By default it gets them from Microsoft's servers.   You can also configure it to download from another WSUS server that you specify.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now