Solved

WSUS Offline

Posted on 2016-07-22
4
29 Views
Last Modified: 2016-07-29
Hello Experts - I've got several secure stand alone workstations that i use WSUS Offline Version 10.7 to keep them current with updates from Microsoft.
For some odd reason after the updates are applied to the systems applications like MS Office, IE, Adobe Reader these are the three we've noticed thus far.  But any way when clicking to open one of these applications we get the little circle like its thinking about it, then nothing.
Checking in Task Manager, Process the applications show up as "Running" but they never launch in windows explorer.  The only solution that we have been able to use is system restore which in turn removes all the updates that were applied, this is not helping us as we need to keep these systems up-to-date.  Also seems like everything launches fine when using Safe Mode. This is a new process for us we are still learning, if there is a better method for us to keep these machines updated we are all hears.

Thank You Guys in advance
0
Comment
Question by:ManieyaK_
  • 2
4 Comments
 
LVL 7

Assisted Solution

by:Hector2016
Hector2016 earned 250 total points
Comment Utility
Hello ManieyaK,

This is more like an Application Start Control issue, because if the problems were directly related to the Windows Updates, then it would do the same on Safe Mode.

See if you have any Antivirus/Anti-Malware software blocking those applications from start.
You can find lot of information reviewing the Windows Application Events Log:
1. Windows Key + R, then type Eventvwr.exe
2. Select Application inside Windows Logs

Each event will show you information about every importan fact on the computer, seek for errors and warnings related to the applications failling.
0
 

Author Comment

by:ManieyaK_
Comment Utility
Hector thanks for your comment, is WSUS Offline the best method to keep these machines up-to-date?
0
 
LVL 16

Accepted Solution

by:
Mike T earned 250 total points
Comment Utility
Hi,

I'm not sure I can answer "what's the best method" as it depends on a few things.

The options I know (from recent experience of a similar quandry).

1) Run an air-gapped WSUS pair
2) Download patches using the monthly MS ISO and then apply use a script


I know WSUS works but I'm not keen on using opensource apps on secure systems. Call me old-fashioned but I feel uneasy.

Option 1 - WSUS pair
This is quite straight-forward and gives you far more granular control than "WSUS offline". You need a machine running Windows Server (2008 or 2012). This is your online, internet connected source.
You can approve patches there, but it's probably easier not to. Just download everything relevant.
Then you export it. There is a tool (command line) called WSUtil. This will export the metadata into an XML file for you. Copy it to secure media.
Now take a full copy (robocopy, don't drag'n'drop) the WHOLE WSUS content folder. That's the patches to go with the metadata.

Now go to the other offline, (not connected to Internet ever) server with WSUS installed.
Copy the patches to it's WSUS\Content directory and then run the WSUtil with /import. This will sync up the metadata.
You will now have a local WSUS source of all MS patches. Now you can go ahead and approve only the ones you want. You will never *miss* a patch this way because your Internet box has ALL patches.
It just gets messy if you try and filter on both, because then you have to worry about ticking the same patches on each and life's too short for that.

Option 2) The cheaper option is just use a tool to download what you need, or even just use MS Catalog to do it. It's not *that* onerous. Then use a PowerShell script to look at whole directory and run them all sequentially for you. I just did that for some servers and it works beautifully!

Mike
0
 

Author Closing Comment

by:ManieyaK_
Comment Utility
Guys thank you for your comments.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Suggested Solutions

I recently purchased an HP EliteBook 2540p notebook/laptop. It has two video ports on it – VGA and DisplayPort. HP offers an optional docking station for the 2540p that also has both a VGA port and a DisplayPort. There are numerous online reports do…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now