WSUS question
our office uses wsus distributing microsoft updates. however, have number of remote locations low-speed connections, relatively high computer counts, including servers. want have updates install automatically on schedule, need to schedule downloads overnight. don't see way schedule downloads in wsus. i've seen bits offered solution, but if understand concept, it's not fit us.
i'm considering the following solution , i'd feedback. i'm considering script uses wsus api's download updates , set nextdetectiontime value in registry 2 days out. (this should prevent wsus downloading updates on own.) gpo schedule task run script afterhours. another gpo schedule wsus installs later in morning, allowing time downloads.
any thoughts?
our office uses wsus distributing microsoft updates. however, have number of remote locations low-speed connections, relatively high computer counts, including servers. want have updates install automatically on schedule, need to schedule downloads overnight. don't see way schedule downloads in wsus. i've seen bits offered solution, but if understand concept, it's not fit us.
i'm considering the following solution , i'd feedback. i'm considering script uses wsus api's download updates , set nextdetectiontime value in registry 2 days out. (this should prevent wsus downloading updates on own.) gpo schedule task run script afterhours. another gpo schedule wsus installs later in morning, allowing time downloads.
any thoughts?
a couple of thoughts...
first, don's point ... remote sites low-speed connections , high computers counts should have onsite wsus replica server, , appears response don that you not have these -- should first objective. truth is, if don't have replica wsus servers, , remote clients trying update central wsus server -- none of above ideas address issue @ (except point clients can configured, via bits, download updates after hours -- will, likely, impact timeliness of update deployments systems).
second.. downstream wsus server downloads installation files approved updates after synchronization, step #1, then, is schedule downstream server synchronization times after end of business day, files have night download. (note: there practical limit scenario, upstream server experiences significant loads during replica synchronization, , running multiple replica synchronizations simultaneously has been known result in downstream server synchronization timeouts, , outright failures.
third, wsus apis not used download updates wsus server. wsus sends request bits, , bits manages downloads. so, repeat previous point, correct way manage downloads managing bits. so, step #2, offered, configure bits stops in-progress downloads @ start of business day , resumes downloads after end of business day. likewise, client updates handed off wuagent bits, although invoking detection event on client trigger download request queued needed , available updates.
fourth, setting nextdetectiontime identifies (not controls!) when wuagent next check in au/wsus -- whichever system configured use. value not absolute, , setting value via script not guarantee client detection not occur prior time. not recommend trying manipulate value manage client; better option set windows update service stopped/manual, , invoke call wuauclt /detectnow in script, start wu service , launch detection. following completion of of requisite activiites (or @ start of next business day), invoke script stop wu service. (note: methodology not foolproof, , examining things necessary make foolproof not efficient use of anybody's time, imho; better option, again, manage bandwidth consumption bits.)
lawrence garvin, m.s., mcitp:ea, mcdba, mcsa
solarwinds head geek
microsoft mvp - software distribution (2005-2012)
mvp profile: http://mvp.support.microsoft.com/profile/lawrence.garvin
the views expressed on post mine , not reflect views of solarwinds.
Windows Server > WSUS
Comments
Post a Comment