Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
1 WSUS Server, 4 Weeks

Answered 1 WSUS Server, 4 Weeks

  • Monday, March 18, 2013 4:48 PM
     
     
    Sign In to Vote
    0

    No not a strange film you would find on the internet.. But just a question which I think I know the answer to.

    Is it possible to natively use one WSUS Server to update mutliple member Servers over a four week period, the following applies in the Domain:

    1. WSUS Server - Windows 2008 R2

    2. AD Domain - 2003 Native

    Or would you need four WSUS Servers, one for each week.

    Thanks

     

All Replies

  • Monday, March 18, 2013 8:47 PM
     
     
    Sign In to Vote
    0

    You only need one WSUS server and update the member servers for as long as you need. Just set the policy right.

    Configure WSUS to deploy updates using Group Policy

    http://www.vkernel.ro/blog/configure-wsus-to-deploy-updates-using-group-policy

    Adrian Costea - MCP, MCTS, MCSA 2003, MCITP: Windows 7

    My Blog: www.vkernel.ro/blog

     
  • Tuesday, March 19, 2013 9:02 AM
     
     
    Sign In to Vote
    0

    Maybe I should of put a bit more detail, I want all the systems to update automatically, your guide only shows how to configure WSUS and GPOs.

    For an example, we want to update over 4 weeks as follows:

    Week 1: Development Server

    Week 2: Development PCs

    Week 3: Production Servers

    Week 4: Production PCs

    Doing the above allows us to pick up any potential issues from installing new updates. Yes I know best practice is to deploy asap, but a four week rollout has saved our systems many a time.

    Currently we have a Server for each week which replicates updates/groups to the next system every Sunday (thus allowing us to stagger and control). We point the appropriate member servers to the correct Server via GPOs, each set to autodownload and install/reboot on a given day of the week.

     
  • Tuesday, March 19, 2013 9:12 AM
     
     
    Sign In to Vote
    0
    For what you need to acomplish you will need some third party tools like SCCM. Using just the built in tools (GPOs) will only let you go for max a week. If you can't aford SCCM you can deploy a script on every server to check for updates on the intervals you need, but that complicate things.

    Adrian Costea - MCP, MCTS, MCSA 2003, MCITP: Windows 7

    My Blog: www.vkernel.ro/blog

     
  • Thursday, March 21, 2013 1:39 AM
    Moderator
     
     Answered
    Sign In to Vote
    1

    Is it possible to natively use one WSUS Server to update mutliple member Servers over a four week period, the following applies in the Domain:

    Yes, it is possible; however, it requires a nominal bit of administrative overhead to achieve.

    First thing you'll need is FOUR WSUS Target Groups. Let's call them Week1, Week2, Week3, and Week4.

    Second thing you should do for optimal results is set the Detection Frequency to 8 hours.

    For the sake of an example, let's assume that your maintenance window is on Thursday evening. Configure ALL systems to install updates on Thursday evening (e.g. ScheduledInstallDay = '5'.  ==WARNING: This capability no longer exists on Windows Server 2012. :-((( ==

    Sometime during Week1, Monday thru Wednesday, but before the end of the day on Wednesday, APPROVE the updates to be installed for the Target Group "Week1". The systems assigned to Week1 will detect these updates, download them, and schedule them for installation on Thursday evening. On Friday morning, REMOVE the approvals from the group Week1 for those updates. (This ensures that these machines do not try to install any updates on Week2, Week3, or Week4.

    Sometime during Week2, Monday thru Wednesday, but before the end of the day on Wednesday, APPROVE the updates to be installed for the Target Group "Week2". The systems assigned to Week2 will detect these updates, download them, and schedule them....

    And I trust that's sufficient to define the pattern necessary to implement rotating weekly installations using standalone WSUS.

    Otherwise, as Adrian notes, you would need to use Configuration Manager with Collections where you can define explicit maintenance windows by date, or else use an alternative third-party add-on product (such as my favorite SolarWinds Patch Manager -- yes, I work for SolarWinds), which allows you to define explicitly scheduled recurring deployment events on a per-computer or per-group basis.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.