You can actually disabled the ability to use Windows Update. The site tells you this has been disabled and to contact your technical support. I do this in student labs just in case. But I actually don't mind if a user goes to Windows Update and gets up to date before my SUS server kicks in. 6 in one, half a dozen in the other, in my opinion (in our environment). In fact, we have several users that like to know when a SUS patch is coming out so they can update manually. That way, if they have processes that need to run overnight, they can be sure they will run.
Chris -----Original Message----- From: Rod Trent [mailto:[EMAIL PROTECTED] Sent: Friday, September 26, 2003 10:51 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS failure rate There are still a myriad of ways to get to the Windows Update website. If you venture out to Microsoft.com for very long (or any other technical site), there will be links to Windows Update. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Lynch Sent: Friday, September 26, 2003 11:33 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS failure rate -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 And this is why you should disable all links to Windows Update on your client workstations via a GPO. Chris Lynch Senior Network Engineer Axcent Solutions, Inc. *Opinions expressed here does not necessarily reflect what the company views are.* ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rod Trent Sent: Friday, September 26, 2003 6:26 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS failure rate Another issue is if the end-user manually visits the Windows Update website and installs their own updates from there. This can throw SUS for a loop. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of England, Christopher M Sent: Friday, September 26, 2003 9:21 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS failure rate We have seen this occasionally, but usually it is due to some extenuating circumstance. Like if we had turned off the SUS GPO to do some testing (we only have one SUS server setup right now, with multiple GPOs) the clients revert back to their previous Automatic Update settings. If they have it set to Download but Prompt me, they can ignore those. Therefore SUS will think they are good, but they are really not. Similarly, if they turn their computers off continually during the time you have SUS set to run (like ours is 3 AM every day), they may have downloaded the patches earlier (we find sometime in the afternoon or late evening it prepares this), but if the computer is off, it never runs. And if it prompts them the next morning, they can choose to ignore. Ok, enough rambling. But what it comes down to is a bit of planning on our end (the sysadmins) as well as a bit of user education. The latter is the part that has been most troublesome for us. I guess "leave your computer on (but logged off) all the time" does not mean anything to anyone. :) Chris - --------------------------------------------------------- Christopher England Server Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University ________________________________ From: Greg Felzer [mailto:[EMAIL PROTECTED] Sent: Friday, September 26, 2003 8:08 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] SUS failure rate I was wondering what kind of failure rate you have all been seeing having SUS install patches. We are preparing a lab test to get hard numbers. We have seen failures where SUS repeatedly tries to install the same patch on each connect and where SUS claims the patch is installed but scanning with HFnetCHKPro shows that the patch is not installed. Greg Felzer MCSE NT4, MCSE 2000, CCA, CCNA, CNA Senior Systems Engineer Center for Computing and Information Technology Medical University of South Carolina -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQA/AwUBP3RcMm9fg+xq5T3MEQJc6wCg7/feMrBKLPr8CvvLNHU6/fUwgh0AoJD8 aL14bIClFTQahy421exDOxdN =vMf6 -----END PGP SIGNATURE----- List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
