Sign in
Microsoft.com
 
Windows Server TechCenter
 
 
 
Windows Server TechCenter > Windows Server Forums > WSUS > Automatically approve what's needed?
Ask a questionAsk a question
Search Forums:
 

AnswerAutomatically approve what's needed?

  • Thursday, November 05, 2009 6:48 PMELS Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    I'm trying to set up WSUS 3.0 SP2 on a server to reduce our external bandwidth consumption and speed up the download process for clients. I'm not too worried about testing updates before approving them, so I'd like to set up automatic approval rules to make the updates available to clients without my interaction.

    However, approved updates are automatically downloaded from MS. As a result, doing something like setting an auto approval on drivers causes GB and GB of downloads, even though my client machines will need much less than 1% them. I have narrowed the product categories to what our clients need, but want to leave all classifications selected, however doing this is going to fill my harddrive.

    Is there a way to only approve updates needed by my clients? Or to auto approve all updates, but defer downloading until a client expresses a need for it (making the assumption that if one client needed it, we can cache it for other clients)?

    Am I approaching this in a totally wrong way?
     

Answers

  • Saturday, November 07, 2009 6:57 AMLawrence GarvinMVP, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote
    However, approved updates are automatically downloaded from MS.
    Yes, this is necessary because an approved update without binary content cannot be downloaded by the client, much less installed.
    As a result, doing something like setting an auto approval on drivers causes GB and GB of downloads, even though my client machines will need much less than 1% them.
    Aside from the conventional wisdom to NOT use WSUS for distribution of driver updates; you absolutely do not want to auto-approve the installation of device driver updates under ANY conditions. A device driver update, particularly one being installed for the first time, should always be tested under controlled conditions. I would strongly recommend against auto-approval rules for drivers; I'd also recommend against using WSUS to distribute drivers of any kind. If you really must use WSUS to deploy drivers, then import the necessary driver packages directly from the MU Catalog using the "Import Updates" functionality rather than synchronizing the entire Drivers update classification.
    Is there a way to only approve updates needed by my clients?
    Yep. It's called a "WSUS Administrator". :)
    Or to auto approve all updates, but defer downloading until a client expresses a need for it
    No.
    Am I approaching this in a totally wrong way?
    I might be inclined to suggest there are alternative philosophies and methodologies you should consider.
    Lawrence Garvin, M.S., MCITP:EA, MCDBA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
     

All Replies

  • Saturday, November 07, 2009 6:57 AMLawrence GarvinMVP, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote
    However, approved updates are automatically downloaded from MS.
    Yes, this is necessary because an approved update without binary content cannot be downloaded by the client, much less installed.
    As a result, doing something like setting an auto approval on drivers causes GB and GB of downloads, even though my client machines will need much less than 1% them.
    Aside from the conventional wisdom to NOT use WSUS for distribution of driver updates; you absolutely do not want to auto-approve the installation of device driver updates under ANY conditions. A device driver update, particularly one being installed for the first time, should always be tested under controlled conditions. I would strongly recommend against auto-approval rules for drivers; I'd also recommend against using WSUS to distribute drivers of any kind. If you really must use WSUS to deploy drivers, then import the necessary driver packages directly from the MU Catalog using the "Import Updates" functionality rather than synchronizing the entire Drivers update classification.
    Is there a way to only approve updates needed by my clients?
    Yep. It's called a "WSUS Administrator". :)
    Or to auto approve all updates, but defer downloading until a client expresses a need for it
    No.
    Am I approaching this in a totally wrong way?
    I might be inclined to suggest there are alternative philosophies and methodologies you should consider.
    Lawrence Garvin, M.S., MCITP:EA, MCDBA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com