Solved

WSUS Offline

Posted on 2016-07-22
4
36 Views
Last Modified: 2016-07-29
Hello Experts - I've got several secure stand alone workstations that i use WSUS Offline Version 10.7 to keep them current with updates from Microsoft.
For some odd reason after the updates are applied to the systems applications like MS Office, IE, Adobe Reader these are the three we've noticed thus far.  But any way when clicking to open one of these applications we get the little circle like its thinking about it, then nothing.
Checking in Task Manager, Process the applications show up as "Running" but they never launch in windows explorer.  The only solution that we have been able to use is system restore which in turn removes all the updates that were applied, this is not helping us as we need to keep these systems up-to-date.  Also seems like everything launches fine when using Safe Mode. This is a new process for us we are still learning, if there is a better method for us to keep these machines updated we are all hears.

Thank You Guys in advance
0
Comment
Question by:ManieyaK_
  • 2
4 Comments
 
LVL 7

Assisted Solution

by:Hector2016
Hector2016 earned 250 total points
ID: 41725098
Hello ManieyaK,

This is more like an Application Start Control issue, because if the problems were directly related to the Windows Updates, then it would do the same on Safe Mode.

See if you have any Antivirus/Anti-Malware software blocking those applications from start.
You can find lot of information reviewing the Windows Application Events Log:
1. Windows Key + R, then type Eventvwr.exe
2. Select Application inside Windows Logs

Each event will show you information about every importan fact on the computer, seek for errors and warnings related to the applications failling.
0
 

Author Comment

by:ManieyaK_
ID: 41725150
Hector thanks for your comment, is WSUS Offline the best method to keep these machines up-to-date?
0
 
LVL 17

Accepted Solution

by:
Mike T earned 250 total points
ID: 41726009
Hi,

I'm not sure I can answer "what's the best method" as it depends on a few things.

The options I know (from recent experience of a similar quandry).

1) Run an air-gapped WSUS pair
2) Download patches using the monthly MS ISO and then apply use a script


I know WSUS works but I'm not keen on using opensource apps on secure systems. Call me old-fashioned but I feel uneasy.

Option 1 - WSUS pair
This is quite straight-forward and gives you far more granular control than "WSUS offline". You need a machine running Windows Server (2008 or 2012). This is your online, internet connected source.
You can approve patches there, but it's probably easier not to. Just download everything relevant.
Then you export it. There is a tool (command line) called WSUtil. This will export the metadata into an XML file for you. Copy it to secure media.
Now take a full copy (robocopy, don't drag'n'drop) the WHOLE WSUS content folder. That's the patches to go with the metadata.

Now go to the other offline, (not connected to Internet ever) server with WSUS installed.
Copy the patches to it's WSUS\Content directory and then run the WSUtil with /import. This will sync up the metadata.
You will now have a local WSUS source of all MS patches. Now you can go ahead and approve only the ones you want. You will never *miss* a patch this way because your Internet box has ALL patches.
It just gets messy if you try and filter on both, because then you have to worry about ticking the same patches on each and life's too short for that.

Option 2) The cheaper option is just use a tool to download what you need, or even just use MS Catalog to do it. It's not *that* onerous. Then use a PowerShell script to look at whole directory and run them all sequentially for you. I just did that for some servers and it works beautifully!

Mike
0
 

Author Closing Comment

by:ManieyaK_
ID: 41734583
Guys thank you for your comments.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question