We help IT Professionals succeed at work.

How to re-deploy patches approved to a test OU out to my users

Roy Bene
Roy Bene asked
on
Hey fellow experts!

With WSUS, I need to deploy a ton of patches to computers in a test OU. If the updates run fine, how do I 'Re-deploy' the same set of updates to my users? I don't know of a way to go back in and approve them again, or how to find the EXACT updates? Any help is appreciated. Thanks in advance, guys.
Comment
Watch Question

When you approve the patches initially, you must be deploying them to a specific OU or group of machines, i.e., "Test OU." They are approved ONLY for that group. Then can be redeployed to a different OU, i.e., "Production OU," simply by re-selecting them and clicking "Approve" and then selecting the Production OU group for deployment. You need to have these groups defined in the WSUS console first of course. Does that make sense? If not, please explain in more detail how you're viewing the updates and approving them. Are you using the WSUS console or some more sophisticated tool like SCCM?
Roy BeneVP/Director - IT | ISO

Author

Commented:
Hi and thanks for your response:

I get what you're saying. When I right click and approve to that OU, it only goes to that OU. However, now it's 'approved'. So, that said, I can't go to View unapproved and needed updates (which is how I usually screen them). My question (and forgive me if it wasn't clear in the original text) is how do I go back and find the batch of approved updates (the specific ones I selected). We are usually about 45 days behind on all patches (intentionally).

Thanks again and I appreciate your help!
I see your issue.  There's no way to find those specific updates in the general view you're using (I assume one of the default views provided with WSUS).  You need to create your own view and specify by product or WSUS group what you want to see.  It's a little tough in your case, since the WSUS view parameters are not very sophisticated. When you create a new update view, you have the option to create a view for updates that are approved for a specific group.  This is how you should do it so you can see the updates that are approved for your test OU. You have to also create the group in WSUS and define it to contain those computers in your test OU. You can simply create a new group under All Computers/Computers and name it "Test OU." Then move the test computers to that group and it should work.

The big question here is do you know how to configure those options in WSUS?
VP/Director - IT | ISO
Commented:
Ended up being a simple solution. Went to Patches that were approved for the date/time range in question and was able to 're-approve' them to the actual OU's.