Thanks. That's what I figured after reading the documents. On Thu, Nov 17, 2011 at 20:01, Carl Houseman <[email protected]> wrote: > When you approve a patch to be installed, you are approving it for clients to > install. > > The downloading to the WSUS server is automatic - any client that's approved > and not yet on the server, is downloaded to the server almost immediately > upon approval. > > Then WSUS clients download from the WSUS server and apply patches per the > schedule and rules established by group policy. > > Carl > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Thursday, November 17, 2011 8:39 PM > To: NT System Admin Issues > Subject: Been a while since I set up WSUS, and I have an operational question > > All, > > I'm dealing with our AU office, trying to satisfy their requirements > for patching their servers, and I'm running into a bit of a bind. > > They have a very long backup window on the weekend (23:00 Friday to > roughly noon Monday, local time). > > This makes it a bit tricky to stage the patches, because they have a > fairly high-latency link, and no WSUS server in their office. > > Compounding the problem is that their 17:00 Friday is our 23:00 > Thursday, and the way WSUS does its updates is by client polling, > rather than a push, and that makes the interactions between variations > in client polling times, who's logged onto a machine, and variations > in download times required for patches from the US office make it just > a bit too random for comfort. > > I don't want to kill one of their week night backups if I can help it, > and I don't have resources in that office at the moment to install > WSUS in the AU office. > > I thought I saw at some point in the documentation that I could > approve patches for download in WSUS, but it seems that it's only > downloading to the WSUS server, not to the client, now that I've gone > back and read through what seem to be the relevant portions of the > document. > > Am I correct on the above - cannot approve downloads to clients? > > Ultimately I'm hoping SCCM will fix this, but we're at least 6-9 > months out from implementing that. > > I don't want to try to stage monthly patches manually - I have minions > who should be pulling the triggers on patching, and they're not yet > sophisticated enough to pull off identifying all of the relevant > patches and chaining them, etc., nor do I want them to have to RDP to > 5-6 servers individually to visit MSFT's update site, as that would > get old quickly. > > If anyone has some thoughts on this, I'd be all ears. > > Kurt > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > >
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
