יום רביעי 16 מאי 2012 12:14
We use WSUS to push out updates to our servers and have recently added Forefront Endpoint Protection 2010 to our servers.
We have our WSUS updates set to download and not install as manual downtime has to be agreed for installation.
Now with Forefront installed...
Is there a way for WSUS to push out the windows updates as per normal(download and not install) and only get servers to install only the FEP updates automatically - leaving the windows updates as "downloaded"??
Any help would be much appreciated!
Thanks in advance!
יום רביעי 16 מאי 2012 13:12
Yes, you configure it using the FEP Policy, how often the FEP client should apply software updates, it will only apply the definition updates and no other updates.
יום רביעי 16 מאי 2012 13:15
I know that there is no option to apply two diferent WSUS policyies to Servers, but you could TEST the Allow Automatic Updates immediate installations (it should install the updates that do not require restart).
But my preffered solution to your problem would be to set the FEP Policy to dowload the updates (definitions) before scan and set daily quick scan at time that suits you.
- סומן כתשובה על-ידי Rick TanModerator יום שלישי 22 מאי 2012 02:18
יום רביעי 16 מאי 2012 15:17
Thanks for getting back so quickly gents.
Its my understanding that a server can only take one WSUS schedule and FEP is getting its updates from WSUS.
Say we set the FEP policy to auto install FEP updates every 2 hours.
How would I configure the Windows updates to download - not install??
How would the "Windows Update" registry settings look?
יום רביעי 16 מאי 2012 15:18Cheers Luka