none
WSUS For Clients With No Internet Access

    Question

  • This is more of a functional question than an issue.

    Right now I have WSUS set to 'Store update files locally' and it works great.  With an ever expanding number and size of updates, I don't have space to keep storing the necessary updates on my WSUS server.

    If I set WSUS to 'Do not store update files locally', will my clients without internet access still be able to get updates?  Many of my devices are behind firewalls that do not permit access to the internet in any form.  I'm trying to avoid adding storage if at all possible.

    Thanks,

    Brian

    Tuesday, May 06, 2014 2:36 PM

Answers

  • Correct, if you set WSUS to 'do not store update files locally', then your clients without internet access will not be able to access Microsoft Update to download the files without you creating a firewall exception. Which sounds like an awkward way to do it.

    (1) Are you on top of your regular maintenance with WSUS, ie, declining superseded updates, running Server Cleanup Wizard in the recommended order?

    (2) Are you confident that the classification of updates being downloaded is appropriate and nothing un-needed (e.g drivers/absent OS) are being downloaded?  Have you chosen to download the space-hogging express installation files?

    (1) and (2) would be generally better practise then 'do not store updates locally', but if bandwidth is cheap or irrelevant for you, then perhaps you might be tempted to not store updates locally. In your situation where you have a reason to deny clients internet access, it would seem like a lot of paperwork, and technical expertise, to only allow them internet access for updates.  (plus, I'm not sure it's possible, just presume it would be)

    What are your numbers?  (size of WSUSContent, WSUSDatabase, space on drives?)


    Tuesday, May 06, 2014 2:45 PM

All replies

  • Correct, if you set WSUS to 'do not store update files locally', then your clients without internet access will not be able to access Microsoft Update to download the files without you creating a firewall exception. Which sounds like an awkward way to do it.

    (1) Are you on top of your regular maintenance with WSUS, ie, declining superseded updates, running Server Cleanup Wizard in the recommended order?

    (2) Are you confident that the classification of updates being downloaded is appropriate and nothing un-needed (e.g drivers/absent OS) are being downloaded?  Have you chosen to download the space-hogging express installation files?

    (1) and (2) would be generally better practise then 'do not store updates locally', but if bandwidth is cheap or irrelevant for you, then perhaps you might be tempted to not store updates locally. In your situation where you have a reason to deny clients internet access, it would seem like a lot of paperwork, and technical expertise, to only allow them internet access for updates.  (plus, I'm not sure it's possible, just presume it would be)

    What are your numbers?  (size of WSUSContent, WSUSDatabase, space on drives?)


    Tuesday, May 06, 2014 2:45 PM
  • Hi,

    Agree with Eoin Ryan, you need claer your disk regularly. Decline superseded updates and run cleanup wizard.

    This helps reduce the usage of disk.

    Since we haven't hear from for several day, I want to confirm if the issue has been resolved.

    Any questions please feel free to let know.

    Thank you.

    Friday, May 09, 2014 1:33 AM
    Moderator