Jump to content


Sign in to follow this  
Saif

WSUS Proper configuration

Recommended Posts

Guys please help me asses my situation here.

 

I have 1 WSUS server (windows 2008 R2) installed from a role. I have performed all the updates. I have created a group policy which is linked to the domain which specifies that all objects (workstaiotns and servers) should point to my WSUS and download updaets and then notify.

 

In my WSUS i see all my workstations and my servers. I have created 7 groups organized by OS versions (xp, 2000, 2003, 2003 r2, 2008, 2008 r2). I have placed servers and computers in their respective groups.

 

I have approved all updates ( i approved all updates the first time) and then WSUS started downlaoding them. After couple of hours, all updates have been downloaded (i am only downloading critical, security updates for the above mentioned OS'es).

 

This is where i am confused. Are my workstation and servers to automatically receive these updates? Under all Updats when i set the fiters to any, any, Most of the updates say 100% and under Approval it says Install. What does that mean? Quite a fiew have the yellow exclamation and some stop icons.

 

I have disabled auto approval of all updates after the first inital auto approval process.

 

Basically my question is, this wont hurt my environemnt is it? I am causing any issues with the way it is setup currently is it?

Share this post


Link to post
Share on other sites


Guys please help me asses my situation here.

 

I have 1 WSUS server (windows 2008 R2) installed from a role. I have performed all the updates. I have created a group policy which is linked to the domain which specifies that all objects (workstaiotns and servers) should point to my WSUS and download updaets and then notify.

 

In my WSUS i see all my workstations and my servers. I have created 7 groups organized by OS versions (xp, 2000, 2003, 2003 r2, 2008, 2008 r2). I have placed servers and computers in their respective groups.

 

I have approved all updates ( i approved all updates the first time) and then WSUS started downlaoding them. After couple of hours, all updates have been downloaded (i am only downloading critical, security updates for the above mentioned OS'es).

 

This is where i am confused. Are my workstation and servers to automatically receive these updates? Under all Updats when i set the fiters to any, any, Most of the updates say 100% and under Approval it says Install. What does that mean? Quite a fiew have the yellow exclamation and some stop icons.

 

I have disabled auto approval of all updates after the first inital auto approval process.

 

Basically my question is, this wont hurt my environemnt is it? I am causing any issues with the way it is setup currently is it?

 

OK so i have figured it out to this point:

1. i have WSUS installed and it is downloading updates.

2. Under the All updates section, when i set the filters to any, any, i see a whole bunch of yellow exclamation icons and for each update it says at the bottom "this superseded by another update....." so how do i find the update before it and install it? Also, next to the yellow exclamation icons in the All Updates, it also says Install count 2 , not applicable count 77 , install/not applicable 98% and approval install . What does that mean? I have read the documentation, but i do not understand this part.

 

Thank you

Share this post


Link to post
Share on other sites

OK so i have figured it out to this point:

1. i have WSUS installed and it is downloading updates.

2. Under the All updates section, when i set the filters to any, any, i see a whole bunch of yellow exclamation icons and for each update it says at the bottom "this superseded by another update....." so how do i find the update before it and install it? Also, next to the yellow exclamation icons in the All Updates, it also says Install count 2 , not applicable count 77 , install/not applicable 98% and approval install . What does that mean? I have read the documentation, but i do not understand this part.

 

Thank you

 

 

Below is screenshot which show you to identfy superseeded update(old update is replaced by new one which is showed as Yellow color only if this update is needed by any computers.If the needed count is Zero,then you will not see any yellow exclamation icons).

 

WSUS.jpg

 

Also in the console ,you can see status for each update which will show you how many computers reqquired this patch and installed the patch etc. As the name itself will tell you what is the patch status.

Not applicable-->the approved patches is not applicable to the target operating system i.e if you approve the windows XP to Windows 7 computers obvilsy it will report to SMS ,Not applicable

No status-->computers have not sent their inventory information to WSUS server if they really required /Not required ,this might require some attention to look into these computers.

 

Installed/Not applicable% --->This percentage is calucalted based on=(Installed+Not applicable)/(Failed+Needed+Installed+No status+Not applicable)*100

 

Look at this link for more information on superceeded updates

Share this post


Link to post
Share on other sites

if you are specific about the products that need the updates then create a auto approval rule only for that product. I suggest you to do a client side targeting so that updates are applied to proper groups.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...