mewtd
asked on
WSUS - Decline all updates upon a fresh install?
Hi,
We were tight on space on the drive where WSUS has been installed for the past several years, so I went for an uninstall and re-install.
Now, having completed the re-installation and ran the initial synchronisation, WSUS reports 5905 security updates, 1490 critical updates awaiting approval.
As these updates have already been approved and pushed out in the previous installation, I am inclined to decline all these updates, in order to save space.
We then start fresh and approve all updates from this point on.
I wanted experts to confirm if my logic is sound here, or if there is any possible problem with this approach.
Many thanks.
We were tight on space on the drive where WSUS has been installed for the past several years, so I went for an uninstall and re-install.
Now, having completed the re-installation and ran the initial synchronisation, WSUS reports 5905 security updates, 1490 critical updates awaiting approval.
As these updates have already been approved and pushed out in the previous installation, I am inclined to decline all these updates, in order to save space.
We then start fresh and approve all updates from this point on.
I wanted experts to confirm if my logic is sound here, or if there is any possible problem with this approach.
Many thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
HI again,
In order to correctly manage this, am I right in thinking that all updates as of yesterday (when the previous version of WSUS was uninstalled) were already pushed out to servers and clients, and therefore you are suggesting I leave them there in the list (enormous list of 7632 updates). If that's the case, I'm thinking about how to effectively manage subsequent updates, (and keep WSUS DB down to a minimum).
I have added the field "Arrival date" to the display, I am thinking I should sort by that from now check on a weekly basis and only ever approve updates that have an arrival date later than 11/3/2015?
Please correct me if this is not advisable.
Many thanks.
In order to correctly manage this, am I right in thinking that all updates as of yesterday (when the previous version of WSUS was uninstalled) were already pushed out to servers and clients, and therefore you are suggesting I leave them there in the list (enormous list of 7632 updates). If that's the case, I'm thinking about how to effectively manage subsequent updates, (and keep WSUS DB down to a minimum).
I have added the field "Arrival date" to the display, I am thinking I should sort by that from now check on a weekly basis and only ever approve updates that have an arrival date later than 11/3/2015?
Please correct me if this is not advisable.
Many thanks.
Why not just sort by "needed" and approve updates that are greater than 0, old *or* new?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am trying to think ahead too. If I decline them, then if at any stage someone else is administering this server, they likely will leave them as declined, whereas if I leave them as unapproved, they might think 'wow, look at all these updates that were never approved, I should approve them all'.
My main concern is storage, I want to absolutely minimise the size of WSUS (it had been 100gb+), but I am also trying to give consideration to how best to deal with all the old updates which have already been pushed out, especially if someone new has to manage it at some stage,
My main concern is storage, I want to absolutely minimise the size of WSUS (it had been 100gb+), but I am also trying to give consideration to how best to deal with all the old updates which have already been pushed out, especially if someone new has to manage it at some stage,
If someone would say "look, there is soooo many updates to approve, let's just do it", it would be a very unexperienced admin ;-). That is no reason to decline the updates now.
In regard of keeping the file storage minimized, did you run the Cleanup Wizard of WSUS regularily? And decline superseded updates manually after some time?
In regard of keeping the file storage minimized, did you run the Cleanup Wizard of WSUS regularily? And decline superseded updates manually after some time?
ASKER
OK, I will close this off shortly, can you just please advise on how to identify "superseded updates" within WSUS?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you all.
Should you ever need prior patches, you will see in WSUS. "Declined" stops collecting and removes any installation info.