Solved

WSUS Offline

Posted on 2016-07-22
4
33 Views
Last Modified: 2016-07-29
Hello Experts - I've got several secure stand alone workstations that i use WSUS Offline Version 10.7 to keep them current with updates from Microsoft.
For some odd reason after the updates are applied to the systems applications like MS Office, IE, Adobe Reader these are the three we've noticed thus far.  But any way when clicking to open one of these applications we get the little circle like its thinking about it, then nothing.
Checking in Task Manager, Process the applications show up as "Running" but they never launch in windows explorer.  The only solution that we have been able to use is system restore which in turn removes all the updates that were applied, this is not helping us as we need to keep these systems up-to-date.  Also seems like everything launches fine when using Safe Mode. This is a new process for us we are still learning, if there is a better method for us to keep these machines updated we are all hears.

Thank You Guys in advance
0
Comment
Question by:ManieyaK_
  • 2
4 Comments
 
LVL 7

Assisted Solution

by:Hector2016
Hector2016 earned 250 total points
ID: 41725098
Hello ManieyaK,

This is more like an Application Start Control issue, because if the problems were directly related to the Windows Updates, then it would do the same on Safe Mode.

See if you have any Antivirus/Anti-Malware software blocking those applications from start.
You can find lot of information reviewing the Windows Application Events Log:
1. Windows Key + R, then type Eventvwr.exe
2. Select Application inside Windows Logs

Each event will show you information about every importan fact on the computer, seek for errors and warnings related to the applications failling.
0
 

Author Comment

by:ManieyaK_
ID: 41725150
Hector thanks for your comment, is WSUS Offline the best method to keep these machines up-to-date?
0
 
LVL 17

Accepted Solution

by:
Mike T earned 250 total points
ID: 41726009
Hi,

I'm not sure I can answer "what's the best method" as it depends on a few things.

The options I know (from recent experience of a similar quandry).

1) Run an air-gapped WSUS pair
2) Download patches using the monthly MS ISO and then apply use a script


I know WSUS works but I'm not keen on using opensource apps on secure systems. Call me old-fashioned but I feel uneasy.

Option 1 - WSUS pair
This is quite straight-forward and gives you far more granular control than "WSUS offline". You need a machine running Windows Server (2008 or 2012). This is your online, internet connected source.
You can approve patches there, but it's probably easier not to. Just download everything relevant.
Then you export it. There is a tool (command line) called WSUtil. This will export the metadata into an XML file for you. Copy it to secure media.
Now take a full copy (robocopy, don't drag'n'drop) the WHOLE WSUS content folder. That's the patches to go with the metadata.

Now go to the other offline, (not connected to Internet ever) server with WSUS installed.
Copy the patches to it's WSUS\Content directory and then run the WSUtil with /import. This will sync up the metadata.
You will now have a local WSUS source of all MS patches. Now you can go ahead and approve only the ones you want. You will never *miss* a patch this way because your Internet box has ALL patches.
It just gets messy if you try and filter on both, because then you have to worry about ticking the same patches on each and life's too short for that.

Option 2) The cheaper option is just use a tool to download what you need, or even just use MS Catalog to do it. It's not *that* onerous. Then use a PowerShell script to look at whole directory and run them all sequentially for you. I just did that for some servers and it works beautifully!

Mike
0
 

Author Closing Comment

by:ManieyaK_
ID: 41734583
Guys thank you for your comments.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 7 Desktop very slow 13 38
Server Error 11 47
Disabling windows sounds in Windows 7 registry setting 5 34
Pervasive SQL Error 4 24
So many times I have seen the words written in a question "if only I could show you" or " I know how hard it is for you since you can't see it" in any zone. That has inspired me to write about this tool in windows 7 called "Problem Steps Recorder…
While working, an annoying popup showing below will come and we cannot cancel or close it form the screen. The error message will come again and again.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now