Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Using WSUS to report only

390 views
Skip to first unread message

fergus....@gmail.com

unread,
Sep 28, 2005, 11:42:50 PM9/28/05
to
Hello,

We are interested in using WSUS for reporting patch status - not
actually installing patches (well, not yet).

We have a several different OUs. One already has a policy that's
commanding the Automatic Updates agent to download patches and prompt
users to install them. Another OU has the AU agent unconfigured, with
users having complete control over the AU.

Originally, I'd thought that our WSUS servers should be configured to
not store updates locally (again, we just want to use the servers for
reporting) and to automatically approve patches for detection only,
with no auto installation set.

However, I'm now wondering if that will actually be a step *backwards*
with regard to patching. We'll get the report but will clients now not
download patches from microsoft.com because we're not approving them on
the WSUS server? Some clients, in the pre-WSUS environment, already
have AU configured to download and prompt or download and install.

It's seems that whether a client gets a patch through WSUS (even if the
download is actually from mcirosoft.com) is dependant on having *both*
the client configured to receive patches (either download and install
or download and prompt) *and* the WSUS server approving those patches.
If the WSUS server isn't approving those patches for installation,
we're going to be blocking them. If this is true, I assume it'll also
apply to clients who just have the notify option turned on: we'll be
preventing the notifications from being sent.

Any comments on this issue would be much appreciated.

Regards,
Fergus

Torgeir Bakken (MVP)

unread,
Sep 29, 2005, 5:26:49 AM9/29/05
to
Hi,

If you configure a client to use a WSUS server, and all patches on the
WSUS server are set to "Detect Only", the client will not get any
updates at all through the Automatic Updates agent, you have effectually
blocked the computer from getting any updates. You must approve updates
for "Install" on the WSUS server to have those updates installed.

Regards,
Torgeir

fergus....@gmail.com wrote:


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx

Jason Ede

unread,
Sep 29, 2005, 8:59:44 AM9/29/05
to
However, if the WSUS server is set up to automatically approve updates
for installation then users will start downloading when the talk to the
WSUS server after it has synchronised

Jason

0 new messages