We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

What is “SUPERSEDENCE” option in WSUS UPDATES?

Medium Priority
53 Views
Last Modified: 2020-06-18
What is “SUPERSEDENCE” option in WSUS UPDATES? What updates do they refer to when choosing that view or option in WSUS?
Comment
Watch Question

System Administrator
CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
GiboSystems/Network Adminstrator

Author

Commented:
noted with thanks...

how come when I configured the GPO to automatically download & notify install the approved WSUS updates, the “Check Updates” option is visible after the update installations then when clicked another batch of updates starts to download?

is getting those updates from the internet or the WSUS? & why is the check updates option is visible even if the GPO was configured to push the Windows Updates to the targeted clients?
Seth SimmonsLead Systems Administrator
CERTIFIED EXPERT

Commented:
...even if the GPO was configured to push the Windows Updates to the targeted clients?
wsus doesn't push anything anywhere; it only makes updates available for clients when it is their time to check in 
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
If you really want to push updates, you have to use deadlines.
Seth SimmonsLead Systems Administrator
CERTIFIED EXPERT

Commented:
then when clicked another batch of updates starts to download?
sometimes it is because of dependencies
a monthly update might not install and will not show if, say, a previous servicing stack update isn't installed first (just one example) 
GiboSystems/Network Adminstrator

Author

Commented:
very informative, good to know, many thanks
GiboSystems/Network Adminstrator

Author

Commented:
should I also always filter the updates through table views to include SUPERSEDENCE & NEEDED COUNT when approving to get rid of old updates?

please advise, thanks
GiboSystems/Network Adminstrator

Author

Commented:
does including above filters reduces the number of WSUS downloads?
Seth SimmonsLead Systems Administrator
CERTIFIED EXPERT

Commented:
should I also always filter the updates through table views to include SUPERSEDENCE & NEEDED COUNT when approving to get rid of old updates?
you could...the cleanup wizard can remove superseded updates

does including above filters reduces the number of WSUS downloads?
it can.  it won't download anything until it has an approval for at least 1 group
before, once a sync was done, i would immediately search for anything with the word 'itanium' and decline those since i didn't have any of that architecture.  now (with 2008 gone), i decline anything with ARM64 since i don't have that either.  then i filter through what is left anything relevant for my environment

you can also take a pass at my article and see if it helps 
David Johnson, CDSimple Geek from the '70s
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
I regularly  (i.e. once a week) decline all superceded updates  and then do a wsus cleanup.
 I also check for updates needing approval (they are the ones needing acceptance of terms of service like the 2004 upgrade in which I declined the the languages I don't support and the upgrades I don't support) and then approved the rest This helps keep the wsusdata folder a reasonable size

until an update is downloaded to the wsus server it won't be offered to the client.
Hypercat (Deb)President
CERTIFIED EXPERT

Commented:
An additional way to filter updates is to create custom views for certain groups of computers.  For example, if you have Windows 8 and Windows 10 workstations, you could create a custom view for each one so that you only see the updates that are needed for that group.  At minimum, I usually do a custom group for workstations and one for servers.  It minimizes the number of updates you have to sift through for the different groups needing different updates.

This graphic shows how to start creating a custom group:

New WSUS Update View 1.jpg
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
should I also always filter the updates through table views to include SUPERSEDENCE & NEEDED COUNT when approving to get rid of old updates? 
I think this is good practice. This filter is quite important because it will tell you which updates are not needed. Then you can delete them. It can significantly reduce the WSUS folder.


does including above filters reduces the number of WSUS downloads?
If you want to reduce downloads, go to Options -> Products and Classifications. On the Products tab, select only those products you really use and untick all you don't need. On the Classifications tab, you might want to untick everything related to drivers.                        
GiboSystems/Network Adminstrator

Author

Commented:
I did configure your above recommendations but haven’t tried the SUPERSEDENCE & NEEDED COUNT options & the cleanup wizard which you said will definitely reduce the download time of the needed specific updates to install from WSUS, very helpful, thank you

I’ve also used GPO filtering to target a batch of clients in an OU to minimize bandwidth & network traffic
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
you start a question narrowly defined and then expand as you go.
A GPO merely tells the client system how to check for updates and what to do when updates are available.
MS might release updates either as versions meaning a newer version to a prior update, or an update that replaces, displaced the need for a prieviously issued updated.
GiboSystems/Network Adminstrator

Author

Commented:
What is the difference between “DECLINE” & “NOT APPROVED” in WSUS approval options?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Not approved, the client sees that it is available to it. Declined, means the update is not made available.

The reason Itanium updates  can not be opted out of, declining them reduces the totals reported updates pending approval...counter.
GiboSystems/Network Adminstrator

Author

Commented:
noted, I should probably not approve during the updates & decline them afterwards or using the cleanup wizard
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
Not Approved = the update is visible in WSUS, often downloaded but not allowed for installation (for certain groups or all computers)
Declined update = update is declined by the administrator = removed from WSUS except for metadata info about this update
Hypercat (Deb)President
CERTIFIED EXPERT

Commented:
The steps are:
  • Review the list of updates and approve the ones that are needed by your servers and workstations.
  • Check WSUS on a scheduled basis to see if there are updates that have been approved but not installed on some servers or workstations. Follow up on why they aren't installed and remediate that.
  • Next month, before approving new updates, review the status of last month's updates. If you really want to keep your WSUS database clean, run a reindex process on it.  Then decline updates that are no longer needed (have been installed on all workstations and servers that need them). Then run the server cleanup wizard to purge them.
  • Go back to the first step and repeat every month.
The timing somewhat depends on how many workstations/servers you manage.  If you have a small number, you may not really need to do the cleanup every month. If you have hundreds of them, you may want to clean up more often to minimize the growth of your WSUS database.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
While I too periodically speak using circular reference, I am not clear what you mean.

The point of an internal wsus serverip to retrieve once and make available ....

Spares the bandwidth consumption for each system going out to retrieve their data.
You shoud. Decline Itanium if you do not have a system. Updates previously approved should not be declined unless/until tat product lines no longer available in your environment
Deals with if you have to build a new system it will get updates previously approved without a need for you to underline/approve updates it may need.
GiboSystems/Network Adminstrator

Author

Commented:
thanks, we have hundreds so the cleanup is definitely needed & I need to install the reports updates to make it work to better review them
GiboSystems/Network Adminstrator

Author

Commented:
I may need to “not approve” some updates that were previously approved since when I filtered the “SUPERSEDENCE”, I noticed a significant number of the updates are not needed
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
The cleanup wizard is how you decline updates that have been superseded by newer updates.
GiboSystems/Network Adminstrator

Author

Commented:
yes that will save me more time when installing only the needed WSUS UPDATES
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Not sure I understand.
The process is wsus checks in with MS updates servers to see what updates are available based on the cal assimilation, products you selected.
The client system connect tothe wsus and check what updates are available to each and the ones that are approved it follows the settings download and notify, download and install or notify....

Depending you setup wsus groups and GPO of clients to target ... You can setup a test wsus group workstations commonly one of each type inthe environment and use the as the testing group in which you auto-approve critical and security updates.
If all things go without a hitch,you can approve the updates for the rest.

Usually, an approved update will auto-approve a newer version of the same update .
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.