Ben, How can you tell it not to reboot the server? The only setting I've found is the GP setting which tells it not to automatically reboot if there's a user logged in.
>>> Ben Scott <[email protected]> 10/8/2009 9:09 AM >>> On Thu, Oct 8, 2009 at 11:30 AM, Joseph Heaton <[email protected]> wrote: > The reasons we're moving away from Shavlik are: > 1) Price increased dramatically. ... > 2) ... it would reboot the box, even if you told it not to. ... > ... if I can get WSUS to do what I want, combined with Group Policy ... I'm pretty sure WSUS will do all that. You can't beat the price. It's limited to Microsoft products only, of course. (I've seen a third-party product that was supposed to add fourth-party updates to WSUS, but never tried it.) WUAU: Windows Update Auto Update. This is the thing that sits in the background, checking for updates, downloading them, and installing them, depending on options and commands. By default, it looks to Microsoft's public servers for updates, but you can change that to look to your WSUS server. WSUS: Windows Software Update Services. You run a WSUS server. It acts as a local repository/mirror of updates, distributes them to WUAU clients, collects reporting information from clients, and maintains its management database. WSUS management UI: You can approve updates for just detection (reporting as needed), or installation. You can put computers in groups. You approve patches differently for each group. You can set groups to auto-approve updates. It can give you reports on update installation status, by computer or by update. Some other things. Group Policy gives you: Central configuration of WUAU. Just notify on patches, or download and prompt for install, or automatically install (same options as for the stand-alone client WUAU GUI). What WSUS server to use. When to attempt detect/install. Prompt the user to reboot or not. Some other things. We have our WSUS server set to auto-approve critical updates. Clients are set to detect/install every night at 3 AM. If the computer is off at 3 AM, it runs the detect/install as soon as the computer starts. Reboots are forced, with a 5 minute countdown displayed on the screen. Users can tell it to reboot sooner if they don't want to wait, but they can't defer it. Servers are set to detect and download and notify, but not auto install. We manually log into servers and run the updates. We only have a few servers, so this works for us. WSUS is actually a pretty good solution, I think, given the price of viable alternatives. Of course, most alternatives support non-Microsoft products, too, so that's not really the same thing. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
