Solved

WSUS Offline

Posted on 2016-07-22
4
34 Views
Last Modified: 2016-07-29
Hello Experts - I've got several secure stand alone workstations that i use WSUS Offline Version 10.7 to keep them current with updates from Microsoft.
For some odd reason after the updates are applied to the systems applications like MS Office, IE, Adobe Reader these are the three we've noticed thus far.  But any way when clicking to open one of these applications we get the little circle like its thinking about it, then nothing.
Checking in Task Manager, Process the applications show up as "Running" but they never launch in windows explorer.  The only solution that we have been able to use is system restore which in turn removes all the updates that were applied, this is not helping us as we need to keep these systems up-to-date.  Also seems like everything launches fine when using Safe Mode. This is a new process for us we are still learning, if there is a better method for us to keep these machines updated we are all hears.

Thank You Guys in advance
0
Comment
Question by:ManieyaK_
  • 2
4 Comments
 
LVL 7

Assisted Solution

by:Hector2016
Hector2016 earned 250 total points
ID: 41725098
Hello ManieyaK,

This is more like an Application Start Control issue, because if the problems were directly related to the Windows Updates, then it would do the same on Safe Mode.

See if you have any Antivirus/Anti-Malware software blocking those applications from start.
You can find lot of information reviewing the Windows Application Events Log:
1. Windows Key + R, then type Eventvwr.exe
2. Select Application inside Windows Logs

Each event will show you information about every importan fact on the computer, seek for errors and warnings related to the applications failling.
0
 

Author Comment

by:ManieyaK_
ID: 41725150
Hector thanks for your comment, is WSUS Offline the best method to keep these machines up-to-date?
0
 
LVL 17

Accepted Solution

by:
Mike T earned 250 total points
ID: 41726009
Hi,

I'm not sure I can answer "what's the best method" as it depends on a few things.

The options I know (from recent experience of a similar quandry).

1) Run an air-gapped WSUS pair
2) Download patches using the monthly MS ISO and then apply use a script


I know WSUS works but I'm not keen on using opensource apps on secure systems. Call me old-fashioned but I feel uneasy.

Option 1 - WSUS pair
This is quite straight-forward and gives you far more granular control than "WSUS offline". You need a machine running Windows Server (2008 or 2012). This is your online, internet connected source.
You can approve patches there, but it's probably easier not to. Just download everything relevant.
Then you export it. There is a tool (command line) called WSUtil. This will export the metadata into an XML file for you. Copy it to secure media.
Now take a full copy (robocopy, don't drag'n'drop) the WHOLE WSUS content folder. That's the patches to go with the metadata.

Now go to the other offline, (not connected to Internet ever) server with WSUS installed.
Copy the patches to it's WSUS\Content directory and then run the WSUtil with /import. This will sync up the metadata.
You will now have a local WSUS source of all MS patches. Now you can go ahead and approve only the ones you want. You will never *miss* a patch this way because your Internet box has ALL patches.
It just gets messy if you try and filter on both, because then you have to worry about ticking the same patches on each and life's too short for that.

Option 2) The cheaper option is just use a tool to download what you need, or even just use MS Catalog to do it. It's not *that* onerous. Then use a PowerShell script to look at whole directory and run them all sequentially for you. I just did that for some servers and it works beautifully!

Mike
0
 

Author Closing Comment

by:ManieyaK_
ID: 41734583
Guys thank you for your comments.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

First some basics on Windows 7 Backup.  It has 2 components one is a file based backup which is stored in .zip files each zip is split at around 200 Megabytes and there is the Image Backup which is as the name implies a total image of the partition …
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question