agradmin
asked on
WSUS approving updates without interaction
After (2 of us) electing to approve ONLY security updates in WSUS and being extremely careful not to include any updates with Windows 10 in the subject we are left with Windows 10 update 1803 being deployed throughout the company. The deployment is an issue in itself, but the greater concern is how these updates became approved.
Once we discovered 1803 being deployed I went back into WSUS and saw a host of Win10 related updates as being approved, none of which were seen the day previous when the approvals to security patches were made.
Has anyone seen this before of have a logical explanation? Other than the possibility of two of us overlooking the slew of Win10 updates the only related thought I can offer is that the WSUS server was restarted between approval and deployment (to install its own updates).
BTW - no-one has access to WSUS other than the 2 admins that worked together on approving the updates.
Thanks!
Once we discovered 1803 being deployed I went back into WSUS and saw a host of Win10 related updates as being approved, none of which were seen the day previous when the approvals to security patches were made.
Has anyone seen this before of have a logical explanation? Other than the possibility of two of us overlooking the slew of Win10 updates the only related thought I can offer is that the WSUS server was restarted between approval and deployment (to install its own updates).
BTW - no-one has access to WSUS other than the 2 admins that worked together on approving the updates.
Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Windows 10 update 1803 it is an upgrade not an update
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Just for clarification we have been pushing out Microsoft updates (and upgrades) through WSUS for a number of years.
This time was a little different as security patches were approved through the Security Updates view. Through this view NO Windows 10 updates were approved, yet 1803 started deploying throughout the environment and slowing PC's to a crawl.
McKnife - we have found a process to roll back the 1803 upgrade but that takes 40 minutes (of lost productivity). Do you suggest an easier ("at ease") solution?
This time was a little different as security patches were approved through the Security Updates view. Through this view NO Windows 10 updates were approved, yet 1803 started deploying throughout the environment and slowing PC's to a crawl.
McKnife - we have found a process to roll back the 1803 upgrade but that takes 40 minutes (of lost productivity). Do you suggest an easier ("at ease") solution?
Did you check wsus and find these upgrades approved?
Rolling back (for a test) took me less than 10 min. No idea why it's so slow for you. Possibly no SSDs.
ASKER
David,
Yes. Two of us went through the outstanding upgrades and did not see any relating to 1803. Once deploying I went back in and saw a whole bunch approved.
My current feeling is that for some reason they were not displayed initially in the "Security Updates" view and could have been selected as we 'approved all'
McKinfe,
That is part of the problem - some PC's are a few years old now and are severely impacted by the update. We have rolled back a number now with mixed results - some fast others slow, some with issues.
Yes. Two of us went through the outstanding upgrades and did not see any relating to 1803. Once deploying I went back in and saw a whole bunch approved.
My current feeling is that for some reason they were not displayed initially in the "Security Updates" view and could have been selected as we 'approved all'
McKinfe,
That is part of the problem - some PC's are a few years old now and are severely impacted by the update. We have rolled back a number now with mixed results - some fast others slow, some with issues.
agradmin, it's still your turn. You have been given an explanation how that could happen (dual-way-updating). Is your question answered or what else can we be of help with?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
None of the other solutions accurately described the issue we were seeing but were helpful in understanding possibilities and a workable solution.
Go to options -> automatic approvals And see if there's anything interesting there