It's not a waste a of space if typing something here helps you answer your own question - others might be having the same issue and they can use your correspondence to help them out - a "silent win" where you helped someone and didn't even know it. I gain so much from this list even w/out asking a question it isn't funny. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: Richard Stovall [mailto:[email protected]] Sent: Tuesday, August 18, 2009 8:34 AM To: NT System Admin Issues Subject: RE: Patching question
That's what I thought. From what DL wrote I thought that perhaps WSUS has some sort of conditional detection logic that I'm not aware of. But you know, then again maybe it does, now that I think about it. I generally prefer to do big updates like OS service packs manually for critical servers so I had not approved SP2 for distribution via WSUS. Maybe if I had then the dependent updates would have shown up also and it could actually have been done in one shot. It does work that way for other software. My bad. Sorry for the waste of space... From: Jon Harris [mailto:[email protected]] Sent: Tuesday, August 18, 2009 11:26 AM To: NT System Admin Issues Subject: Re: Patching question My bet is on that would be no. In cases like what you described SP2 was a prerequisite for the 43 additional patches and one or more of them were prerequisites for that additional ones. Jon On Tue, Aug 18, 2009 at 11:21 AM, Richard Stovall <[email protected]<mailto:[email protected]>> wrote: Can you push the SP and the post-SP updates at the same time with WSUS? At first I only see the SP as 'needed' in WSUS. It isn't until after it's installed and 'wuauclt /detectnow' is run that I see the 43 additional ones that are necessary for Server 2003. (Then there 3 or 4 more that are required after the 43 are installed...) All in all it was 3 reboots for a couple of 2003 SP1 servers that I updated to current last weekend. If there is a way in WSUS to just blast out everything at once that might be useful in some instances. Thanks, RS -----Original Message----- From: David Lum [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, August 18, 2009 11:11 AM To: NT System Admin Issues Subject: RE: Patching question Sorry this doesn't answer your question, but WSUS is your friend, you can push SP's as well as the updates required afterward (I pushed SP3 for XP to 350 systems, for example, and my total involved time was oh....one minute, including opening the MMC). Patching with WSUS takes about 1/10th the time patching with SMS does. We use WSUS for MS patching and SMS for 3rd party updates. Like SMS, WSUS can use BITS throttling. WSUS is free and can run on desktop hardware. I found SMS to be the really really hard way to patch MS systems, although I realize there may be reasons you aren't using WSUS. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -----Original Message----- From: Ziots, Edward [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, August 18, 2009 7:29 AM To: NT System Admin Issues Subject: RE: Patching question I don't use SMS here Chris, But I have the same issue and I setup a batch script that updates to SP2, and then runs the post SP2 hotfixes accordingly, along with the TCP Chimmney disabling and DST fixes again and then reboots the machine (I do use Qchain.exe at the end to make sure everything applies as I want it) then re-scan with shavlik and server is patched up to the required levels. I have done about 100 Servers this way without an issue. You could probably push a quick scheduled task to run the batch file on a central server against your target servers, and then have it reboot afterwards. The service pack + patches should take about 1 hr depending on the speed of the system and available resources. This has been the average for me, and my maintenance windows are probably a lot like yours. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + [email protected]<mailto:[email protected]> Phone:401-639-3505 -----Original Message----- From: Christopher Bodnar [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, August 18, 2009 10:18 AM To: NT System Admin Issues Subject: Patching question This is not really an SMS question, more of a generic patching question. We have SMS 2003, and use it to patch systems. I recently found out we have a large number of systems still at W2K3 PS1. Easy enough to push out SP2 to them. The problem then, is how to automate the application of any post SP2 patches. I can think of a few ways, but none of them great. For example, I can create one monster post SP2 package in SMS and have the SP2 package be a pre-requisite. The problems with that are the size of the package itself and how to get a list of post SP2 updates to include in the post sp2 package. I've also thought of doing this as a manual process and having us run Windows update after the SP2 package is applied. The problem with this is our change window is small, and the amount of staff to cover doing this. I'm sure some of you must have run into this issue before. Any ideas? Thanks, Chris ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
