On Wed, Oct 31, 2012 at 4:05 PM, Ben Scott <[email protected]> wrote:
> On Wed, Oct 31, 2012 at 4:28 PM, Kurt Buff <[email protected]> wrote:
>>>> Does this mean that they'll reapply to my servers and just reboot ASAP?
>>>
>>> For starters, only if you have your servers set to automatically
>>> retrieve and install anything and everything Microsoft releases.
>>
>> I use WSUS, and have approved the previous versions of all of the
>> relevant updates.
>
> Do you have your servers set to automatically download and install updates?
No.
> Do you have the WSUS server configured to automatically approve new
> revisions of updates?
Ah - here's the thing I'm asking about, and your reply implies an
answer, but I'm not getting it. The forwarded message from OP says
"So while many XP and below updates will be revised (since they
are not CBS-based) and will
not require you to reinstall them, updates for the Vista and
higher platforms will more likely require
you to reinstall them (since they are re-releases, not MU logic
revisions due to the binary changes).
With auto-approval set, you may not even notice the XP based
revisions, but are more likely to notice
the Vista (and higher) re-releases."
This is confusing - I do not have autoappovals set, either on servers
directly or in WSUS. But, the above says they should be "more
noticeable", and they're not - nothing has come up for approval or
otherwise changed in the WSUS management interface. That passage also
states that on platforms >= Vista, reinstallation is more likely to be
required. I do have Win2k8R2 servers (and we're mostly on Win7
Enterprise for staff) and all current patches have been approved with
deadlines. The servers and staff machines are not rebooting and WSUS
isn't asking for new approvals on these old packages, yet the message
says it's likely I need to reinstall.
If I saw that the patches needed approving again, that wouldn't be a
problem - I'd approve them with a deadline at the appropriate time,
and let them reinstall during our patch windows, per normal.
This makes me nervous. I don't like waiting for the other shoe to
drop, especially when it might be in the middle of the day.
Or did I just get lucky and none of the patches that were re-issued
are relevant to our environment? This seems unlikely...
Kurt
> All of the above need to be true for an install to happen.
>
> If you don't want the installs to happen, don't do that, then. :)
Eh. Looks like I'm doing things right, it just seems to be a lack of
comprehension on my part...
Kurt
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
