Guest yzzazz76@gmail.com Posted July 26, 2007 Posted July 26, 2007 Hello all and thanks for taking a moment to review my post. My organization has several hundred Windows 2000 and 2003 servers that we currently patch manually because of application considerations. Each application has a dedicated maintenance window where the systems engineer assigned to it logs on and visits Microsoft's update site. I hope to install a Windows Update Server to manage these patches. All of the features we need for this solution seem to be present with a single (but very important) exception. I need to have the clients downloading and installing their patches on a once-a-month basis and it appears the only option is to have them look for new updates every day or on a given day of the week. I am concerned that if I allow the servers to download and install updates every Thursday for instance, it will lead to as many as 4 reboots a month. Does anyone have recommendations or a method to demand clients look for these updates on my WSUS server once a month? It sounds like a lot of overhead to manually turn on and off servers in the WSUS console... Thanks in advance for any ideas! J
Guest Shenan Stanley Posted July 26, 2007 Posted July 26, 2007 yzzazz76@gmail.com wrote: > Hello all and thanks for taking a moment to review my post. > > My organization has several hundred Windows 2000 and 2003 servers > that we currently patch manually because of application > considerations. Each application has a dedicated maintenance window > where the systems engineer assigned to it logs on and visits > Microsoft's update site. > > I hope to install a Windows Update Server to manage these patches. > All of the features we need for this solution seem to be present > with a single (but very important) exception. > > I need to have the clients downloading and installing their patches > on a once-a-month basis and it appears the only option is to have > them look for new updates every day or on a given day of the week. > I am concerned that if I allow the servers to download and install > updates every Thursday for instance, it will lead to as many as 4 > reboots a month. > > Does anyone have recommendations or a method to demand clients look > for these updates on my WSUS server once a month? It sounds like a > lot of overhead to manually turn on and off servers in the WSUS > console... While it is *possible* that you could have as many as 4 reboots/month - that means you are likey doing something incorrectly (approval, etc) or that some critical patch was released out of schedule and you would want to apply it to all machines for security reasons anyway. The clients *check* for updates daily/on a given day - they do not necessarily install anything. With WSUS - you control what updates will be offered to the clients and since you approve them - when. Microsoft releases patches the second tuesday of every month - with the occassional exception of more critical patches they feel it would be wise to release more quickly. So - you would check your WSUS server once per month (perhaps the wednesday after the second Tueday of each month) and approve the updates you feel you should. The machines would be on a schedule to check for and install said updates and would actually have something to do after you approved said updates. Once they install it - each time they check AFTER that install - they won't have anything to find UNTIL you approve again the next time. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html
Guest yzzazz76@gmail.com Posted July 26, 2007 Posted July 26, 2007 Shenan, Thank you for clarifying that for me. While it was my intention to "automatically approve" the updates, I understand after reading your answer that the best solution is to only allow the patches to go out on my terms. Thanks again for your time! J
Guest PA Bear Posted July 26, 2007 Posted July 26, 2007 Forwarded to WSUS newsgroup via crosspost: microsoft.public.windows.server.update_services as a convenience to OP. On the web: http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?dg=microsoft.public.windows.server.update_services In your newsreader: http://news://msnews.microsoft.com/microsoft.public.windows.server.update_services -- ~Robear Dyer (PA Bear) MS MVP-Windows (IE, OE, Security, Shell/User) AumHa VSOP & Admin DTS-L.org yzzazz76@gmail.com wrote: > Hello all and thanks for taking a moment to review my post. > > My organization has several hundred Windows 2000 and 2003 servers that > we currently patch manually because of application considerations. > Each application has a dedicated maintenance window where the systems > engineer assigned to it logs on and visits Microsoft's update site. > > I hope to install a Windows Update Server to manage these patches. All > of the features we need for this solution seem to be present with a > single (but very important) exception. > > I need to have the clients downloading and installing their patches on > a once-a-month basis and it appears the only option is to have them > look for new updates every day or on a given day of the week. I am > concerned that if I allow the servers to download and install updates > every Thursday for instance, it will lead to as many as 4 reboots a > month. > > Does anyone have recommendations or a method to demand clients look > for these updates on my WSUS server once a month? It sounds like a lot > of overhead to manually turn on and off servers in the WSUS console... > > > Thanks in advance for any ideas! > J
Recommended Posts