Agreed and that is why I stated it as "My bet is on that would be no... I have not seen WSUS detect patches that had dependencies if a prerequisite was missing. It would be nice but like I said not from what I have seen. There are other products that will pick up these type of things but they cost money.
Jon On Tue, Aug 18, 2009 at 11:54 AM, David Lum <[email protected]> wrote: > It’s not a waste a of space if typing something here helps you answer > your own question – others might be having the same issue and they can use > your correspondence to help them out – a “silent win” where you helped > someone and didn’t even know it. I gain so much from this list even w/out > asking a question it isn’t funny. > > *David Lum** **// *SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 *// *(Cell) 503.267.9764 > > *From:* Richard Stovall [mailto:[email protected]] > *Sent:* Tuesday, August 18, 2009 8:34 AM > > *To:* NT System Admin Issues > *Subject:* RE: Patching question > > > > That’s what I thought. From what DL wrote I thought that perhaps WSUS has > some sort of conditional detection logic that I’m not aware of. > > > > But you know, then again maybe it does, now that I think about it. I > generally prefer to do big updates like OS service packs manually for > critical servers so I had not approved SP2 for distribution via WSUS. Maybe > if I had then the dependent updates would have shown up also and it could > actually have been done in one shot. It does work that way for other > software. > > > > My bad. Sorry for the waste of space… > > > > *From:* Jon Harris [mailto:[email protected]] > *Sent:* Tuesday, August 18, 2009 11:26 AM > *To:* NT System Admin Issues > *Subject:* Re: Patching question > > > > My bet is on that would be no. In cases like what you described SP2 was a > prerequisite for the 43 additional patches and one or more of them were > prerequisites for that additional ones. > > > > Jon > > On Tue, Aug 18, 2009 at 11:21 AM, Richard Stovall < > [email protected]> wrote: > > Can you push the SP and the post-SP updates at the same time with WSUS? > At first I only see the SP as 'needed' in WSUS. It isn't until after > it's installed and 'wuauclt /detectnow' is run that I see the 43 > additional ones that are necessary for Server 2003. (Then there 3 or 4 > more that are required after the 43 are installed...) All in all it was > 3 reboots for a couple of 2003 SP1 servers that I updated to current > last weekend. If there is a way in WSUS to just blast out everything at > once that might be useful in some instances. > > Thanks, > RS > > > -----Original Message----- > From: David Lum [mailto:[email protected]] > Sent: Tuesday, August 18, 2009 11:11 AM > To: NT System Admin Issues > Subject: RE: Patching question > > Sorry this doesn't answer your question, but WSUS is your friend, you > can push SP's as well as the updates required afterward (I pushed SP3 > for XP to 350 systems, for example, and my total involved time was > oh....one minute, including opening the MMC). Patching with WSUS takes > about 1/10th the time patching with SMS does. We use WSUS for MS > patching and SMS for 3rd party updates. Like SMS, WSUS can use BITS > throttling. WSUS is free and can run on desktop hardware. > > I found SMS to be the really really hard way to patch MS systems, > although I realize there may be reasons you aren't using WSUS. > > David Lum // SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 // (Cell) 503.267.9764 > > -----Original Message----- > From: Ziots, Edward [mailto:[email protected]] > Sent: Tuesday, August 18, 2009 7:29 AM > To: NT System Admin Issues > Subject: RE: Patching question > > I don't use SMS here Chris, > > But I have the same issue and I setup a batch script that updates to > SP2, and then runs the post SP2 hotfixes accordingly, along with the TCP > Chimmney disabling and DST fixes again and then reboots the machine (I > do use Qchain.exe at the end to make sure everything applies as I want > it) then re-scan with shavlik and server is patched up to the required > levels. I have done about 100 Servers this way without an issue. > > You could probably push a quick scheduled task to run the batch file on > a central server against your target servers, and then have it reboot > afterwards. > > The service pack + patches should take about 1 hr depending on the speed > of the system and available resources. This has been the average for me, > and my maintenance windows are probably a lot like yours. > > Z > > Edward Ziots > Network Engineer > Lifespan Organization > MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + > [email protected] > Phone:401-639-3505 > > -----Original Message----- > From: Christopher Bodnar [mailto:[email protected]] > Sent: Tuesday, August 18, 2009 10:18 AM > To: NT System Admin Issues > Subject: Patching question > > This is not really an SMS question, more of a generic patching question. > > We have SMS 2003, and use it to patch systems. I recently found out we > have a large number of systems still at W2K3 PS1. Easy enough to push > out SP2 to them. The problem then, is how to automate the application of > any post SP2 patches. I can think of a few ways, but none of them great. > For example, I can create one monster post SP2 package in SMS and have > the SP2 package be a pre-requisite. The problems with that are the size > of the package itself and how to get a list of post SP2 updates to > include in the post sp2 package. I've also thought of doing this as a > manual process and having us run Windows update after the SP2 package is > applied. The problem with this is our change window is small, and the > amount of staff to cover doing this. I'm sure some of you must have run > into this issue before. > > Any ideas? > > Thanks, > > Chris > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
